From 8e812dee954f9812c85614329a74e2e4676fa4f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 21 Jan 2025 01:10:41 +0100 Subject: [PATCH 001/138] modernize and handle GET and POST requests --- .../CIPPCore/Public/Invoke-RemovePolicy.ps1 | 30 +++++++++++-------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 index aa94e6d3213c..53dd68908fa6 100644 --- a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 @@ -11,30 +11,34 @@ Function Invoke-RemovePolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter - $policyId = $Request.Query.ID - if (!$policyId) { exit } + $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter + $PolicyId = $Request.Query.ID ?? $Request.body.ID + $UrlName = $Request.Query.URLName ?? $Request.body.URLName + + if (!$PolicyId) { exit } try { - #$unAssignRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($policyId)')/assign" -type POST -Body '{"assignments":[]}' -tenant $TenantFilter - $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($Request.Query.URLName)('$($policyId)')" -type DELETE -tenant $TenantFilter - Write-LogMessage -user $User -API $APINAME -message "Deleted $policyId" -Sev 'Info' -tenant $TenantFilter - $body = [pscustomobject]@{'Results' = 'Successfully deleted the policy' } + #$unAssignRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($PolicyId)')/assign" -type POST -Body '{"assignments":[]}' -tenant $TenantFilter + $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($UrlName)('$($PolicyId)')" -type DELETE -tenant $TenantFilter + $Results = "Successfully deleted the policy with ID: $($PolicyId)" + Write-LogMessage -user $ExecutingUser -API $APINAME -message $Results -Sev Info -tenant $TenantFilter + $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Could not delete policy $policyId. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage - $body = [pscustomobject]@{'Results' = "Could not delete policy: $($ErrorMessage.NormalizedError)" } - + $Results = "Could not delete policy: $($ErrorMessage.NormalizedError)" + Write-LogMessage -user $ExecutingUser -API $APINAME -message $Results -Sev Error -tenant $TenantFilter -LogData $ErrorMessage + $StatusCode = [HttpStatusCode]::Forbidden } + $body = [pscustomobject]@{'Results' = "$Results" } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $body }) From 1f6b617dc66ee0cd8dd923b8544294e1498c84b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 21 Jan 2025 01:17:24 +0100 Subject: [PATCH 002/138] Filter the results to only include linux scripts or sort out linux scripts --- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 84 ++++++++++--------- 1 file changed, 46 insertions(+), 38 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 8e65b6f27001..c76cd26c49d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -57,48 +57,56 @@ Function Invoke-ListIntunePolicy { $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter $GraphRequest = $BulkResults | ForEach-Object { - $URLName = $_.Id - $_.body.Value | ForEach-Object { - $policyTypeName = switch -Wildcard ($_.'assignments@odata.context') { - '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' } - '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' } - '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' } - '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' } - '*groupPolicyConfigurations*' { 'Administrative Templates' } - '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' } - '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' } - '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' } - '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' } - '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' } - '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' } - default { $_.'assignments@odata.context' } - } - $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId - $PolicyAssignment = [System.Collections.Generic.List[string]]::new() - $PolicyExclude = [System.Collections.Generic.List[string]]::new() - ForEach ($target in $Assignments) { - switch ($target.'@odata.type') { - '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } - '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } - '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } - '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } - '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } - '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } - default { - $PolicyAssignment.Add($null) - $PolicyExclude.Add($null) + $URLName = $_.Id + $_.body.Value | ForEach-Object { + $policyTypeName = switch -Wildcard ($_.'assignments@odata.context') { + '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' } + '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' } + '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' } + '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' } + '*groupPolicyConfigurations*' { 'Administrative Templates' } + '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' } + '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' } + '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' } + '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' } + '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' } + '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' } + default { $_.'assignments@odata.context' } + } + $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId + $PolicyAssignment = [System.Collections.Generic.List[string]]::new() + $PolicyExclude = [System.Collections.Generic.List[string]]::new() + ForEach ($target in $Assignments) { + switch ($target.'@odata.type') { + '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') } + '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') } + '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') } + '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') } + '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } + '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) } + default { + $PolicyAssignment.Add($null) + $PolicyExclude.Add($null) + } } } - } - if ($_.displayname -eq $null) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name } - $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName - $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName - $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ') - $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ') - $_ - } | Where-Object { $_.DisplayName -ne $null } + if ($null -eq $_.displayname) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name } + $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName + $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName + $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ') + $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ') + $_ + } | Where-Object { $null -ne $_.DisplayName } + } } + + # Filter the results to only include linux scripts or sort out linux scripts + if ($Request.Query.type -eq 'linuxScript') { + $GraphRequest = $GraphRequest | Where-Object { $_.platforms -eq 'linux' -and $_.templateReference.templateFamily -eq 'deviceConfigurationScripts' } + } else { + $GraphRequest = $GraphRequest | Where-Object { $_.platforms -ne 'linux' -and $_.templateReference.templateFamily -ne 'deviceConfigurationScripts' } } + $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message From 94db5fa11df185f6a01c4fe0427e4db3fb5c960c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 21 Jan 2025 01:19:20 +0100 Subject: [PATCH 003/138] Add Invoke-RemoveIntuneScript function for deleting Intune scripts via HTTP trigger --- .../MEM/Invoke-RemoveIntuneScript.ps1 | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 new file mode 100644 index 000000000000..ac6e681393de --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 @@ -0,0 +1,49 @@ +using namespace System.Net + +function Invoke-RemoveIntuneScript { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Endpoint.MEM.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + + Write-Host 'PowerShell HTTP trigger function processed a request.' + + $TenantFilter = $Request.body.TenantFilter + $ID = $Request.body.ID + $ScriptType = $Request.body.ScriptType + $DisplayName = $Request.body.DisplayName + + try { + + $Endpoint = switch ($ScriptType) { + 'windows' { 'deviceManagementScripts' } + 'macOS' { 'deviceShellScripts' } + 'remediate' { 'deviceHealthScripts' } + Default {} + } + + $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($Endpoint)/$($ID)" -tenantid $TenantFilter -type DELETE + $Result = "Deleted $($ScriptType) script $($DisplayName)" + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-CippException -Exception $_ + $Result = "Failed to delete $($ScriptType) script $($DisplayName). Error: $($ErrorMessage.NormalizedError)" + $StatusCode = [HttpStatusCode]::Forbidden + } + + $body = [pscustomobject]@{'Results' = "$Result" } + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $body + }) + +} From 109aa39f8e8f11e814209b7000de782499c6933f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 23 Jan 2025 20:24:44 +0100 Subject: [PATCH 004/138] Filter out linux scripts --- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index c76cd26c49d5..f484d9894067 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -10,7 +10,8 @@ Function Invoke-ListIntunePolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -19,12 +20,12 @@ Function Invoke-ListIntunePolicy { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter $id = $Request.Query.ID - $urlname = $Request.Query.URLName + $URLName = $Request.Query.URLName try { if ($ID) { - $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)('$ID')" -tenantid $tenantfilter + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($URLName)('$ID')" -tenantid $TenantFilter } else { - $Groups = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$top=999' -tenantid $tenantfilter | Select-Object -Property id, displayName + $Groups = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$top=999' -tenantid $TenantFilter | Select-Object -Property id, displayName $BulkRequests = [PSCustomObject]@( @{ @@ -100,13 +101,8 @@ Function Invoke-ListIntunePolicy { } } - # Filter the results to only include linux scripts or sort out linux scripts - if ($Request.Query.type -eq 'linuxScript') { - $GraphRequest = $GraphRequest | Where-Object { $_.platforms -eq 'linux' -and $_.templateReference.templateFamily -eq 'deviceConfigurationScripts' } - } else { - $GraphRequest = $GraphRequest | Where-Object { $_.platforms -ne 'linux' -and $_.templateReference.templateFamily -ne 'deviceConfigurationScripts' } - } - + # Filter the results to sort out linux scripts + $GraphRequest = $GraphRequest | Where-Object { $_.platforms -ne 'linux' -and $_.templateReference.templateFamily -ne 'deviceConfigurationScripts' } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message From b88b4317d19948787bc8dbcff7d0f720dcf91378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 23 Jan 2025 21:05:14 +0100 Subject: [PATCH 005/138] Before bulkrequest kinda --- .../Endpoint/MEM/Invoke-ListIntuneScript.ps1 | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 new file mode 100644 index 000000000000..b2722acce482 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 @@ -0,0 +1,123 @@ +using namespace System.Net + +function Invoke-ListIntuneScript { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Endpoint.MEM.Read + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + + Write-Host 'PowerShell HTTP trigger function processed a request.' + + $TenantFilter = $Request.Query.TenantFilter + $Results = [System.Collections.Generic.List[System.Object]]::new() + + + + + $BulkRequests = [PSCustomObject]@( + @{ + id = 'Windows' + method = 'GET' + url = '/deviceManagement/deviceManagementScripts' + } + @{ + id = 'MacOS' + method = 'GET' + url = '/deviceManagement/deviceShellScripts' + } + @{ + id = 'Remediation' + method = 'GET' + url = '/deviceManagement/deviceHealthScripts' + } + @{ + id = 'ConfigurationPolicies' + method = 'GET' + url = "/deviceManagement/configurationPolicies?`$expand=assignments&top=1000" + } + ) + + try { + $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Host "Failed to retrieve scripts. Error: $($ErrorMessage.NormalizedError)" + } + + # Windows + try { + + $WindowsScripts = ($BulkResults | Where-Object { $_.id -eq 'Windows' }).body.value + $WindowsScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'Windows' + if ($WindowsScripts.Count -gt 1) { + $Results.AddRange($WindowsScripts) + } else { + $Results.Add($WindowsScripts) + } + + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Host "Failed to retrieve Windows scripts. Error: $($ErrorMessage.NormalizedError)" + } + + # MacOS + try { + # $MacOSScripts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceShellScripts' -tenantid $TenantFilter + $MacOSScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'MacOS' + if ($MacOSScripts.Count -gt 1) { + $Results.AddRange($MacOSScripts) + } else { + $Results.Add($MacOSScripts) + } + + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Host "Failed to retrieve macOS scripts. Error: $($ErrorMessage.NormalizedError)" + } + + # Remediation + try { + $RemediateScripts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts' -tenantid $TenantFilter + $RemediateScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'Remediation' + if ($RemediateScripts.Count -gt 1) { + $Results.AddRange($RemediateScripts) + } else { + $Results.Add($RemediateScripts) + } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Host "Failed to retrieve remediate scripts. Error: $($ErrorMessage.NormalizedError)" + } + + # Linux + try { + $LinuxScripts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?`$expand=assignments&top=1000' -tenantid $TenantFilter + $LinuxScripts = $LinuxScripts | Where-Object { $_.platforms -eq 'linux' -and $_.templateReference.templateFamily -eq 'deviceConfigurationScripts' } + $LinuxScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'Linux' + $LinuxScripts | ForEach-Object { $_ | Add-Member -MemberType NoteProperty -Name displayName -Value $_.name -Force } + if ($LinuxScripts.Count -gt 1) { + $Results.AddRange($LinuxScripts) + } else { + $Results.Add($LinuxScripts) + } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Host "Failed to retrieve Linux scripts. Error: $($ErrorMessage.NormalizedError)" + } + + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @($Results) + }) + +} From cdc5a9c8639f80571c5a62ce60e21ad1bf68083f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 23 Jan 2025 22:55:46 +0100 Subject: [PATCH 006/138] MAke into 1 page and make it into bulk requests --- .../Endpoint/MEM/Invoke-ListIntuneScript.ps1 | 71 +++---------------- .../MEM/Invoke-RemoveIntuneScript.ps1 | 23 ++++-- 2 files changed, 26 insertions(+), 68 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 index b2722acce482..927c69ad97ba 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 @@ -19,9 +19,6 @@ function Invoke-ListIntuneScript { $TenantFilter = $Request.Query.TenantFilter $Results = [System.Collections.Generic.List[System.Object]]::new() - - - $BulkRequests = [PSCustomObject]@( @{ id = 'Windows' @@ -39,9 +36,9 @@ function Invoke-ListIntuneScript { url = '/deviceManagement/deviceHealthScripts' } @{ - id = 'ConfigurationPolicies' + id = 'Linux' method = 'GET' - url = "/deviceManagement/configurationPolicies?`$expand=assignments&top=1000" + url = '/deviceManagement/configurationPolicies' } ) @@ -52,65 +49,17 @@ function Invoke-ListIntuneScript { Write-Host "Failed to retrieve scripts. Error: $($ErrorMessage.NormalizedError)" } - # Windows - try { + foreach ($scriptId in @('Windows', 'MacOS', 'Remediation', 'Linux')) { + $scripts = ($BulkResults | Where-Object { $_.id -eq $scriptId }).body.value - $WindowsScripts = ($BulkResults | Where-Object { $_.id -eq 'Windows' }).body.value - $WindowsScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'Windows' - if ($WindowsScripts.Count -gt 1) { - $Results.AddRange($WindowsScripts) - } else { - $Results.Add($WindowsScripts) + if ($scriptId -eq 'Linux') { + $scripts = $scripts | Where-Object { $_.platforms -eq 'linux' -and $_.templateReference.templateFamily -eq 'deviceConfigurationScripts' } + $scripts | ForEach-Object { $_ | Add-Member -MemberType NoteProperty -Name displayName -Value $_.name -Force } } - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-Host "Failed to retrieve Windows scripts. Error: $($ErrorMessage.NormalizedError)" - } - - # MacOS - try { - # $MacOSScripts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceShellScripts' -tenantid $TenantFilter - $MacOSScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'MacOS' - if ($MacOSScripts.Count -gt 1) { - $Results.AddRange($MacOSScripts) - } else { - $Results.Add($MacOSScripts) - } - - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-Host "Failed to retrieve macOS scripts. Error: $($ErrorMessage.NormalizedError)" - } - - # Remediation - try { - $RemediateScripts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts' -tenantid $TenantFilter - $RemediateScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'Remediation' - if ($RemediateScripts.Count -gt 1) { - $Results.AddRange($RemediateScripts) - } else { - $Results.Add($RemediateScripts) - } - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-Host "Failed to retrieve remediate scripts. Error: $($ErrorMessage.NormalizedError)" - } - - # Linux - try { - $LinuxScripts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?`$expand=assignments&top=1000' -tenantid $TenantFilter - $LinuxScripts = $LinuxScripts | Where-Object { $_.platforms -eq 'linux' -and $_.templateReference.templateFamily -eq 'deviceConfigurationScripts' } - $LinuxScripts | Add-Member -MemberType NoteProperty -Name scriptType -Value 'Linux' - $LinuxScripts | ForEach-Object { $_ | Add-Member -MemberType NoteProperty -Name displayName -Value $_.name -Force } - if ($LinuxScripts.Count -gt 1) { - $Results.AddRange($LinuxScripts) - } else { - $Results.Add($LinuxScripts) - } - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-Host "Failed to retrieve Linux scripts. Error: $($ErrorMessage.NormalizedError)" + $scripts | Add-Member -MemberType NoteProperty -Name scriptType -Value $scriptId + Write-Host "$scriptId scripts count: $($scripts.Count)" + $Results.AddRange(@($scripts)) } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 index ac6e681393de..5d2abd051182 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 @@ -23,15 +23,24 @@ function Invoke-RemoveIntuneScript { try { - $Endpoint = switch ($ScriptType) { - 'windows' { 'deviceManagementScripts' } - 'macOS' { 'deviceShellScripts' } - 'remediate' { 'deviceHealthScripts' } - Default {} + $URI = switch ($ScriptType) { + 'Windows' { + "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($ID)" + } + 'MacOS' { + "https://graph.microsoft.com/beta/deviceManagement/deviceShellScripts/$($ID)" + } + 'Remediation' { + "https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/$($ID)" + } + 'Linux' { + "https://graph.microsoft.com/beta/deviceManagement/ConfigurationPolicies('$($ID)')" + } + Default { $null } } - $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($Endpoint)/$($ID)" -tenantid $TenantFilter -type DELETE - $Result = "Deleted $($ScriptType) script $($DisplayName)" + $null = New-GraphPOSTRequest -uri $URI -type DELETE -tenantid $TenantFilter + $Result = "Deleted $($ScriptType) script $($DisplayName) with ID: $($ID)" $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ From a79ecd40690a6fe309cf0b001d25c9ec64d90682 Mon Sep 17 00:00:00 2001 From: redanthrax Date: Tue, 28 Jan 2025 09:34:26 -0800 Subject: [PATCH 007/138] Docker support --- .dockerignore | 1 + .gitignore | 1 + Dockerfile | 7 ++++++ docker-compose.yml | 58 ++++++++++++++++++++++++++++++++++++++++++++++ nginx.conf | 20 ++++++++++++++++ 5 files changed, 87 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 docker-compose.yml create mode 100644 nginx.conf diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 000000000000..46cc4309152a --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +local.settings.json diff --git a/.gitignore b/.gitignore index 0311022a9306..a807be8c00b6 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ Cache_* Logs ExcludedTenants SendNotifications/config.json +.env diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000000..3db270cc69a1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +# To enable ssh & remote debugging on app service change the base image to the one below +# FROM mcr.microsoft.com/azure-functions/powershell:4-powershell7.2-appservice +FROM mcr.microsoft.com/azure-functions/powershell:4-powershell7.2 +ENV AzureWebJobsScriptRoot=/home/site/wwwroot \ + AzureFunctionsJobHost__Logging__Console__IsEnabled=true + +COPY . /home/site/wwwroot \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 000000000000..6da14aa0a7c9 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,58 @@ +services: + azurite: + image: mcr.microsoft.com/azure-storage/azurite + container_name: azurite + ports: + - "10000:10000" + - "10001:10001" + - "10002:10002" + networks: + - func-network + environment: + - AZURITE_ACCOUNTS=devstoreaccount1:Eby8vdM02xNoBnZf6KgBVU4= + + cippapi: + build: + context: . + dockerfile: Dockerfile + environment: + - FUNCTIONS_WORKER_RUNTIME=${FUNCTIONS_WORKER_RUNTIME} + - FUNCTIONS_WORKER_RUNTIME_VERSION=${FUNCTIONS_WORKER_RUNTIME_VERSION} + - AzureWebJobsStorage=${AzureWebJobsStorage} + - ApplicationID=${ApplicationID} + - ApplicationSecret=${ApplicationSecret} + - RefreshToken=${RefreshToken} + - TenantID=${TenantID} + - DEV_SKIP_BPA_TIMER=${DEV_SKIP_BPA_TIMER} + - DEV_SKIP_DOMAIN_TIMER=${DEV_SKIP_DOMAIN_TIMER} + - SetFromProfile=${SetFromProfile} + - FUNCTIONS_EXTENSION_VERSION=${FUNCTIONS_EXTENSION_VERSION} + - AzureWebJobs.BestPracticeAnalyser_OrchestrationStarterTimer.Disabled=true + - AzureWebJobs.Domain_OrchestrationStarterTimer.Disabled=true + - WEBSITE_HOSTNAME=cippapi + depends_on: + - azurite + networks: + - func-network + deploy: + replicas: 3 + + nginx: + image: nginx:alpine + container_name: nginx + ports: + - "7071:80" + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - cippapi + networks: + - func-network + healthcheck: + test: ["CMD", "curl", "-f", "http://cippapi:7071"] + interval: 30s + retries: 5 + +networks: + func-network: + driver: bridge diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 000000000000..30a773880a02 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,20 @@ +events {} + +http { + upstream functionapp_backend { + server cippapi:80; + } + + server { + listen 80; + + location / { + proxy_pass http://functionapp_backend; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection keep-alive; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } + } +} From 3723ec325ece19c5ab54bf5ac703e920e86ad7d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 31 Jan 2025 23:45:40 +0100 Subject: [PATCH 008/138] Refactor Invoke-EditContact function to improve logging and error handling for contact updates --- .../Email-Exchange/Invoke-EditContact.ps1 | 67 +++++++++++-------- 1 file changed, 38 insertions(+), 29 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 index 03a6b21254bb..6070fb279db1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 @@ -11,43 +11,52 @@ Function Invoke-EditContact { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantID = $Request.body.tenantID + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $contactobj = $Request.body - write-host "This is the contact object: $contactobj" - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' try { - - $BodyToship = [pscustomobject] @{ - 'DisplayName' = $contactobj.DisplayName - 'WindowsEmailAddress' = $contactobj.mail - 'FirstName' = $contactObj.firstName - 'LastName' = $contactobj.LastName - "Title" = $contactobj.jobTitle - "StreetAddress" = $contactobj.StreetAddress - "PostalCode" = $contactobj.PostalCode - "City" = $contactobj.City - "CountryOrRegion" = $contactobj.Country - "Company" = $contactobj.companyName - "mobilePhone" = $contactobj.MobilePhone - "phone" = $contactobj.BusinessPhone - 'identity' = $contactobj.ContactID + # Extract contact information from the request body + $contactInfo = $Request.body + + # Log the received contact object + Write-Host "Received contact object: $($contactInfo | ConvertTo-Json)" + + # Prepare the body for the Set-Contact cmdlet + $bodyForSetContact = [pscustomobject] @{ + 'DisplayName' = $contactInfo.DisplayName + 'WindowsEmailAddress' = $contactInfo.mail + 'FirstName' = $contactInfo.firstName + 'LastName' = $contactInfo.LastName + 'Title' = $contactInfo.jobTitle + 'StreetAddress' = $contactInfo.StreetAddress + 'PostalCode' = $contactInfo.PostalCode + 'City' = $contactInfo.City + 'CountryOrRegion' = $contactInfo.Country + 'Company' = $contactInfo.companyName + 'mobilePhone' = $contactInfo.MobilePhone + 'phone' = $contactInfo.BusinessPhone + 'identity' = $contactInfo.ContactID } - $EditContact = New-ExoRequest -tenantid $Request.body.tenantID -cmdlet 'Set-Contact' -cmdparams $BodyToship -UseSystemMailbox $true - $Results = [pscustomobject]@{'Results' = "Successfully edited contact $($contactobj.Displayname)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($contactobj.tenantid) -message "Created contact $($contactobj.displayname)" -Sev 'Info' - } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($contactobj.tenantid) -message "Contact creation API failed. $($_.Exception.Message)" -Sev 'Error' - $Results = [pscustomobject]@{'Results' = "Failed to edit contact. $($_.Exception.Message)" } + # Call the Set-Contact cmdlet to update the contact + $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-Contact' -cmdParams $bodyForSetContact -UseSystemMailbox $true + $Results = "Successfully edited contact $($contactInfo.DisplayName)" + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantID -message $Results -Sev Info + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-CippException -Exception $_ + $Results = "Failed to edit contact. $($ErrorMessage.NormalizedError)" + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage + $StatusCode = [HttpStatusCode]::InternalServerError } + + $Results = [pscustomobject]@{'Results' = "$Results" } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $Results + StatusCode = $StatusCode + Body = $responseResults }) - } From 2a3bc87144e7998b07c6cd151f028c6603e1280c Mon Sep 17 00:00:00 2001 From: Esco Date: Sun, 2 Feb 2025 02:28:03 +0100 Subject: [PATCH 009/138] feat: New standard RetentionPolicyTag --- .../Invoke-CIPPStandardRetentionPolicy.ps1 | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 new file mode 100644 index 000000000000..eb8a5b114be8 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 @@ -0,0 +1,86 @@ +function Invoke-CIPPStandardRetentionPolicyTag { + <# + .FUNCTIONALITY + Internal + .COMPONENT + (APIName) RetentionPolicyTag + #> + + param($Tenant, $Settings) + ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'RetentionPolicyTag' + + $PolicyName = 'CIPP Deleted Items' + $CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-RetentionPolicyTag' | + Where-Object -Property Identity -EQ $PolicyName + + $PolicyState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-RetentionPolicy' | + Where-Object -Property Identity -EQ 'Default MRM Policy' + + $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and + ($CurrentState.RetentionEnabled -eq $true) -and + ($CurrentState.RetentionAction -eq 'PermanentlyDelete') -and + ($CurrentState.AgeLimitForRetention -eq $Settings.AgeLimitForRetention) -and + ($CurrentState.Type -eq 'DeletedItems') -and + ($PolicyState.RetentionPolicyTagLinks -contains $PolicyName) + + if ($Settings.remediate -eq $true) { + + if ($StateIsCorrect -eq $true) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Retention policy tag already correctly configured' -sev Info + } else { + $cmdparams = @{ + RetentionEnabled = $true + AgeLimitForRetention = $Settings.AgeLimitForRetention + RetentionAction = 'PermanentlyDelete' + } + + if ($CurrentState.Name -eq $PolicyName) { + try { + $cmdparams.Add('Identity', $PolicyName) + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-RetentionPolicyTag' -cmdparams $cmdparams -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Retention policy tag $PolicyName." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to update Retention policy tag $PolicyName." -sev Error -LogData $_ + } + } else { + try { + $cmdparams.Add('Name', $PolicyName) + $cmdparams.Add('Type', 'DeletedItems') + New-ExoRequest -tenantid $Tenant -cmdlet 'New-RetentionPolicyTag' -cmdparams $cmdparams -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Created Retention policy tag $PolicyName." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Retention policy tag $PolicyName." -sev Error -LogData $_ + } + } + + if ($PolicyState.RetentionPolicyTagLinks -notcontains $PolicyName) { + try { + $cmdparams = @{ + Identity = 'Default MRM Policy' + RetentionPolicyTagLinks = @($PolicyState.RetentionPolicyTagLinks + $PolicyName) + } + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-RetentionPolicy' -cmdparams $cmdparams -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Added $PolicyName Retention tag to $($PolicyState.Identity)." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to add $PolicyName Retention tag to $($PolicyState.Identity)." -sev Error -LogData $_.Exception.Message + } + } + + } + + } + + if ($Settings.alert -eq $true) { + + if ($StateIsCorrect -eq $true) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Retention Policy is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Retention Policy is not enabled' -sev Alert + } + } + + if ($Settings.report -eq $true) { + Add-CIPPBPAField -FieldName 'RetentionPolicy' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant + } + +} From a2a4df5ee9f5ec039f32bc771c1f0a4e20dc7e1b Mon Sep 17 00:00:00 2001 From: Esco Date: Sun, 2 Feb 2025 20:08:47 +0100 Subject: [PATCH 010/138] fix: use timespam from days in RetentionPolicyTag --- .../Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 index eb8a5b114be8..291e21412a92 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRetentionPolicy.ps1 @@ -19,7 +19,7 @@ function Invoke-CIPPStandardRetentionPolicyTag { $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and ($CurrentState.RetentionEnabled -eq $true) -and ($CurrentState.RetentionAction -eq 'PermanentlyDelete') -and - ($CurrentState.AgeLimitForRetention -eq $Settings.AgeLimitForRetention) -and + ($CurrentState.AgeLimitForRetention -eq ([timespan]::FromDays($Settings.AgeLimitForRetention))) -and ($CurrentState.Type -eq 'DeletedItems') -and ($PolicyState.RetentionPolicyTagLinks -contains $PolicyName) From ecd814b4ef2da45bb713ac350b127305dd642d5b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Sun, 2 Feb 2025 23:48:07 +0100 Subject: [PATCH 011/138] list standard fix --- .../Tenant/Standards/Invoke-listStandardTemplates.ps1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 index ebf7a663e342..8864979ccfad 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 @@ -13,12 +13,13 @@ Function Invoke-listStandardTemplates { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { - $JSON = $_.JSON + $JSON = $_.JSON -replace '"Action":', '"action":' try { $RowKey = $_.RowKey - $data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue + $data = $JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue + } catch { - Write-Host "$($RowKey)" + Write-Host "$($RowKey) standard could not be loaded: $($_.Exception.Message)" return } $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force From 8fa5f37c4461c4d662f792cc8a19b1e5752f58ec Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 3 Feb 2025 14:40:23 +0100 Subject: [PATCH 012/138] single run template failure --- .../Tenant/Standards/Invoke-ExecStandardsRun.ps1 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 index 74c88643ce89..e48a6cca61e5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 @@ -15,7 +15,13 @@ Function Invoke-ExecStandardsRun { $TemplateId = if ($Request.Query.TemplateId) { $Request.Query.TemplateId } else { '*' } $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ConvertFrom-Json | Where-Object { + $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TimeStamp).JSON | ForEach-Object { + try { + ConvertFrom-Json $_ -ErrorAction SilentlyContinue + } catch { + + } + } | Where-Object { $_.guid -like $TemplateId } From d25e2725d00e406419e466c6d78c77e69f4444f9 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 3 Feb 2025 15:05:13 +0100 Subject: [PATCH 013/138] fix: make standards work with autoComplete --- .../Invoke-CIPPStandardGuestInvite.ps1 | 11 +++--- ...e-CIPPStandardIntuneComplianceSettings.ps1 | 7 ++-- .../Invoke-CIPPStandardSpamFilterPolicy.ps1 | 38 ++++++++++--------- .../Invoke-CIPPStandardTeamsEnrollUser.ps1 | 12 +++--- ...PPStandardTeamsFederationConfiguration.ps1 | 6 ++- ...e-CIPPStandardTeamsGlobalMeetingPolicy.ps1 | 12 ++---- ...nvoke-CIPPStandardTeamsMessagingPolicy.ps1 | 5 +-- 7 files changed, 44 insertions(+), 47 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 index e9df84d6f574..5193b69708fb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGuestInvite.ps1 @@ -19,7 +19,7 @@ function Invoke-CIPPStandardGuestInvite { IMPACT Medium Impact POWERSHELLEQUIVALENT - + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block @@ -31,8 +31,7 @@ function Invoke-CIPPStandardGuestInvite { $CurrentState = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $Tenant - if ($null -eq $Settings.allowInvitesFrom) { $Settings.allowInvitesFrom = 'Everyone' } # none, adminsAndGuestInviters, adminsGuestInvitersAndAllMembers, everyone - $StateIsCorrect = ($CurrentState.allowInvitesFrom -eq $Settings.allowInvitesFrom) + $StateIsCorrect = ($CurrentState.allowInvitesFrom -eq $Settings.allowInvitesFrom.value) if ($Settings.remediate -eq $true) { if ($StateIsCorrect -eq $true) { @@ -46,13 +45,13 @@ function Invoke-CIPPStandardGuestInvite { Type = 'PATCH' ContentType = 'application/json; charset=utf-8' Body = [pscustomobject]@{ - allowInvitesFrom = $Settings.allowInvitesFrom + allowInvitesFrom = $Settings.allowInvitesFrom.value } | ConvertTo-Json -Compress } New-GraphPostRequest @GraphRequest - Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Successfully updated Guest Invite setting to $($Settings.allowInvitesFrom)" -Sev Info + Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Successfully updated Guest Invite setting to $($Settings.allowInvitesFrom.value)" -Sev Info } catch { - Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to update Guest Invite setting to $($Settings.allowInvitesFrom)" -Sev Error -LogData $_ + Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to update Guest Invite setting to $($Settings.allowInvitesFrom.value)" -Sev Error -LogData $_ } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 index e946ef49cc4f..d8ca6d499c9f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneComplianceSettings.ps1 @@ -20,7 +20,7 @@ function Invoke-CIPPStandardIntuneComplianceSettings { IMPACT Low Impact POWERSHELLEQUIVALENT - + RECOMMENDEDBY UPDATECOMMENTBLOCK Run the Tools\Update-StandardsComments.ps1 script to update this comment block @@ -32,9 +32,8 @@ function Invoke-CIPPStandardIntuneComplianceSettings { $CurrentState = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/deviceManagement/settings' -tenantid $Tenant - if ($null -eq $Settings.secureByDefault) { $Settings.secureByDefault = $true } if ($null -eq $Settings.deviceComplianceCheckinThresholdDays) { $Settings.deviceComplianceCheckinThresholdDays = $CurrentState.deviceComplianceCheckinThresholdDays } - $StateIsCorrect = ($CurrentState.secureByDefault -eq $Settings.secureByDefault) -and + $StateIsCorrect = ($CurrentState.secureByDefault -eq $Settings.secureByDefault.value) -and ($CurrentState.deviceComplianceCheckinThresholdDays -eq $Settings.deviceComplianceCheckinThresholdDays) if ($Settings.remediate -eq $true) { @@ -50,7 +49,7 @@ function Invoke-CIPPStandardIntuneComplianceSettings { ContentType = 'application/json; charset=utf-8' Body = [pscustomobject]@{ settings = [pscustomobject]@{ - secureByDefault = $Settings.secureByDefault + secureByDefault = $Settings.secureByDefault.value deviceComplianceCheckinThresholdDays = $Settings.deviceComplianceCheckinThresholdDays } } | ConvertTo-Json -Compress diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 index 4e4bd537aa5e..0a1a86939f08 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpamFilterPolicy.ps1 @@ -46,16 +46,16 @@ function Invoke-CIPPStandardSpamFilterPolicy { Select-Object -Property * $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and - ($CurrentState.SpamAction -eq $Settings.SpamAction) -and - ($CurrentState.SpamQuarantineTag -eq $Settings.SpamQuarantineTag) -and - ($CurrentState.HighConfidenceSpamAction -eq $Settings.HighConfidenceSpamAction) -and - ($CurrentState.HighConfidenceSpamQuarantineTag -eq $Settings.HighConfidenceSpamQuarantineTag) -and - ($CurrentState.BulkSpamAction -eq $Settings.BulkSpamAction) -and - ($CurrentState.BulkQuarantineTag -eq $Settings.BulkQuarantineTag) -and - ($CurrentState.PhishSpamAction -eq $Settings.PhishSpamAction) -and - ($CurrentState.PhishQuarantineTag -eq $Settings.PhishQuarantineTag) -and + ($CurrentState.SpamAction -eq $Settings.SpamAction.value) -and + ($CurrentState.SpamQuarantineTag -eq $Settings.SpamQuarantineTag.value) -and + ($CurrentState.HighConfidenceSpamAction -eq $Settings.HighConfidenceSpamAction.value) -and + ($CurrentState.HighConfidenceSpamQuarantineTag -eq $Settings.HighConfidenceSpamQuarantineTag.value) -and + ($CurrentState.BulkSpamAction -eq $Settings.BulkSpamAction.value) -and + ($CurrentState.BulkQuarantineTag -eq $Settings.BulkQuarantineTag.value) -and + ($CurrentState.PhishSpamAction -eq $Settings.PhishSpamAction.value) -and + ($CurrentState.PhishQuarantineTag -eq $Settings.PhishQuarantineTag.value) -and ($CurrentState.HighConfidencePhishAction -eq 'Quarantine') -and - ($CurrentState.HighConfidencePhishQuarantineTag -eq $Settings.HighConfidencePhishQuarantineTag) -and + ($CurrentState.HighConfidencePhishQuarantineTag -eq $Settings.HighConfidencePhishQuarantineTag.value) -and ($CurrentState.BulkThreshold -eq $Settings.BulkThreshold) -and ($CurrentState.QuarantineRetentionPeriod -eq 30) -and ($CurrentState.IncreaseScoreWithNumericIps -eq 'On') -and @@ -86,16 +86,16 @@ function Invoke-CIPPStandardSpamFilterPolicy { Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spam Filter Policy already correctly configured' -sev Info } else { $cmdparams = @{ - SpamAction = $Settings.SpamAction - SpamQuarantineTag = $Settings.SpamQuarantineTag - HighConfidenceSpamAction = $Settings.HighConfidenceSpamAction - HighConfidenceSpamQuarantineTag = $Settings.HighConfidenceSpamQuarantineTag - BulkSpamAction = $Settings.BulkSpamAction - BulkQuarantineTag = $Settings.BulkQuarantineTag - PhishSpamAction = $Settings.PhishSpamAction - PhishQuarantineTag = $Settings.PhishQuarantineTag + SpamAction = $Settings.SpamAction.value + SpamQuarantineTag = $Settings.SpamQuarantineTag.value + HighConfidenceSpamAction = $Settings.HighConfidenceSpamAction.value + HighConfidenceSpamQuarantineTag = $Settings.HighConfidenceSpamQuarantineTag.value + BulkSpamAction = $Settings.BulkSpamAction.value + BulkQuarantineTag = $Settings.BulkQuarantineTag.value + PhishSpamAction = $Settings.PhishSpamAction.value + PhishQuarantineTag = $Settings.PhishQuarantineTag.value HighConfidencePhishAction = 'Quarantine' - HighConfidencePhishQuarantineTag = $Settings.HighConfidencePhishQuarantineTag + HighConfidencePhishQuarantineTag = $Settings.HighConfidencePhishQuarantineTag.value BulkThreshold = $Settings.BulkThreshold QuarantineRetentionPeriod = 30 IncreaseScoreWithNumericIps = 'On' @@ -110,6 +110,8 @@ function Invoke-CIPPStandardSpamFilterPolicy { PhishZapEnabled = $true SpamZapEnabled = $true } + Write-Host "================== DEBUG ==================" + Write-Host $cmdparams if ($CurrentState.Name -eq $PolicyName) { try { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 index 64e4ad948181..464324ff4b61 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsEnrollUser.ps1 @@ -32,25 +32,23 @@ Function Invoke-CIPPStandardTeamsEnrollUser { $CurrentState = New-TeamsRequest -TenantFilter $Tenant -Cmdlet 'Get-CsTeamsMeetingPolicy' -CmdParams @{Identity = 'Global' } | Select-Object EnrollUserOverride - if ($null -eq $Settings.EnrollUserOverride) { $Settings.EnrollUserOverride = $CurrentState.EnrollUserOverride } - - $StateIsCorrect = ($CurrentState.EnrollUserOverride -eq $Settings.EnrollUserOverride) + $StateIsCorrect = ($CurrentState.EnrollUserOverride -eq $Settings.EnrollUserOverride.value) if ($Settings.remediate -eq $true) { if ($StateIsCorrect -eq $true) { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Teams Enroll User Override settings already set to $($Settings.EnrollUserOverride)." -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Teams Enroll User Override settings already set to $($Settings.EnrollUserOverride.value)." -sev Info } else { $cmdparams = @{ Identity = 'Global' - EnrollUserOverride = $Settings.EnrollUserOverride + EnrollUserOverride = $Settings.EnrollUserOverride.value } try { New-TeamsRequest -TenantFilter $Tenant -Cmdlet 'Set-CsTeamsMeetingPolicy' -CmdParams $cmdparams - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Teams Enroll User Override setting to $($Settings.EnrollUserOverride)." -sev Info + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Updated Teams Enroll User Override setting to $($Settings.EnrollUserOverride.value)." -sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set Teams Enroll User Override setting to $($Settings.EnrollUserOverride)." -sev Error -LogData $ErrorMessage + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set Teams Enroll User Override setting to $($Settings.EnrollUserOverride.value)." -sev Error -LogData $ErrorMessage } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 index 930bff06c4db..aea9e7a3e6b0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsFederationConfiguration.ps1 @@ -36,7 +36,7 @@ Function Invoke-CIPPStandardTeamsFederationConfiguration { $CurrentState = New-TeamsRequest -TenantFilter $Tenant -Cmdlet 'Get-CsTenantFederationConfiguration' -CmdParams @{Identity = 'Global' } | Select-Object * - Switch ($Settings.DomainControl) { + Switch ($Settings.DomainControl.value) { 'AllowAllExternal' { $AllowFederatedUsers = $true $AllowedDomainsAsAList = 'AllowAllKnownDomains' @@ -65,6 +65,10 @@ Function Invoke-CIPPStandardTeamsFederationConfiguration { $BlockedDomains = @() } } + Default { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Federation Configuration: Invalid $($Settings.DomainControl.value) parameter" -sev Error + Return + } } # TODO : Add proper validation for the domain list diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 index 5827f007b0f1..4d0cfd8ff359 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1 @@ -35,16 +35,12 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { $CurrentState = New-TeamsRequest -TenantFilter $Tenant -Cmdlet 'Get-CsTeamsMeetingPolicy' -CmdParams @{Identity = 'Global' } | Select-Object AllowAnonymousUsersToJoinMeeting, AllowAnonymousUsersToStartMeeting, AutoAdmittedUsers, AllowPSTNUsersToBypassLobby, MeetingChatEnabledType, DesignatedPresenterRoleMode, AllowExternalParticipantGiveRequestControl - if ($null -eq $Settings.DesignatedPresenterRoleMode) { $Settings.DesignatedPresenterRoleMode = $CurrentState.DesignatedPresenterRoleMode } - if ($null -eq $Settings.AllowAnonymousUsersToJoinMeeting) { $Settings.AllowAnonymousUsersToJoinMeeting = $CurrentState.AllowAnonymousUsersToJoinMeeting } - if ($null -eq $Settings.MeetingChatEnabledType) { $Settings.MeetingChatEnabledType = $CurrentState.MeetingChatEnabledType } # Enabled, EnabledExceptAnonymous, Disabled - $StateIsCorrect = ($CurrentState.AllowAnonymousUsersToJoinMeeting -eq $Settings.AllowAnonymousUsersToJoinMeeting) -and ($CurrentState.AllowAnonymousUsersToStartMeeting -eq $false) -and ($CurrentState.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests') -and ($CurrentState.AllowPSTNUsersToBypassLobby -eq $false) -and - ($CurrentState.MeetingChatEnabledType -eq $Settings.MeetingChatEnabledType) -and - ($CurrentState.DesignatedPresenterRoleMode -eq $Settings.DesignatedPresenterRoleMode) -and + ($CurrentState.MeetingChatEnabledType -eq $Settings.MeetingChatEnabledType.value) -and + ($CurrentState.DesignatedPresenterRoleMode -eq $Settings.DesignatedPresenterRoleMode.value) -and ($CurrentState.AllowExternalParticipantGiveRequestControl -eq $false) if ($Settings.remediate -eq $true) { @@ -57,8 +53,8 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy { AllowAnonymousUsersToStartMeeting = $false AutoAdmittedUsers = 'EveryoneInCompanyExcludingGuests' AllowPSTNUsersToBypassLobby = $false - MeetingChatEnabledType = $Settings.MeetingChatEnabledType - DesignatedPresenterRoleMode = $Settings.DesignatedPresenterRoleMode + MeetingChatEnabledType = $Settings.MeetingChatEnabledType.value + DesignatedPresenterRoleMode = $Settings.DesignatedPresenterRoleMode.value AllowExternalParticipantGiveRequestControl = $false } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 index cb0a7c4d796b..14f3c3660d12 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMessagingPolicy.ps1 @@ -43,7 +43,6 @@ Function Invoke-CIPPStandardTeamsMessagingPolicy { if ($null -eq $Settings.AllowUserDeleteMessage) { $Settings.AllowUserDeleteMessage = $CurrentState.AllowUserDeleteMessage } if ($null -eq $Settings.AllowUserEditMessage) { $Settings.AllowUserEditMessage = $CurrentState.AllowUserEditMessage } if ($null -eq $Settings.AllowUserDeleteChat) { $Settings.AllowUserDeleteChat = $CurrentState.AllowUserDeleteChat } - if ($null -eq $Settings.ReadReceiptsEnabledType) { $Settings.ReadReceiptsEnabledType = $CurrentState.ReadReceiptsEnabledType } if ($null -eq $Settings.CreateCustomEmojis) { $Settings.CreateCustomEmojis = $CurrentState.CreateCustomEmojis } if ($null -eq $Settings.DeleteCustomEmojis) { $Settings.DeleteCustomEmojis = $CurrentState.DeleteCustomEmojis } if ($null -eq $Settings.AllowSecurityEndUserReporting) { $Settings.AllowSecurityEndUserReporting = $CurrentState.AllowSecurityEndUserReporting } @@ -53,7 +52,7 @@ Function Invoke-CIPPStandardTeamsMessagingPolicy { ($CurrentState.AllowUserDeleteMessage -eq $Settings.AllowUserDeleteMessage) -and ($CurrentState.AllowUserEditMessage -eq $Settings.AllowUserEditMessage) -and ($CurrentState.AllowUserDeleteChat -eq $Settings.AllowUserDeleteChat) -and - ($CurrentState.ReadReceiptsEnabledType -eq $Settings.ReadReceiptsEnabledType) -and + ($CurrentState.ReadReceiptsEnabledType -eq $Settings.ReadReceiptsEnabledType.value) -and ($CurrentState.CreateCustomEmojis -eq $Settings.CreateCustomEmojis) -and ($CurrentState.DeleteCustomEmojis -eq $Settings.DeleteCustomEmojis) -and ($CurrentState.AllowSecurityEndUserReporting -eq $Settings.AllowSecurityEndUserReporting) -and @@ -69,7 +68,7 @@ Function Invoke-CIPPStandardTeamsMessagingPolicy { AllowUserDeleteMessage = $Settings.AllowUserDeleteMessage AllowUserEditMessage = $Settings.AllowUserEditMessage AllowUserDeleteChat = $Settings.AllowUserDeleteChat - ReadReceiptsEnabledType = $Settings.ReadReceiptsEnabledType + ReadReceiptsEnabledType = $Settings.ReadReceiptsEnabledType.value CreateCustomEmojis = $Settings.CreateCustomEmojis DeleteCustomEmojis = $Settings.DeleteCustomEmojis AllowSecurityEndUserReporting = $Settings.AllowSecurityEndUserReporting From ebd6868ea940843c962b9763c30f1f3a99359042 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 3 Feb 2025 18:38:03 -0500 Subject: [PATCH 014/138] fix customerid --- .../Public/Sherweb/Get-SherwebCurrentSubscription.ps1 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Modules/CippExtensions/Public/Sherweb/Get-SherwebCurrentSubscription.ps1 b/Modules/CippExtensions/Public/Sherweb/Get-SherwebCurrentSubscription.ps1 index 1c260ccd2cfd..aada3ea21a9c 100644 --- a/Modules/CippExtensions/Public/Sherweb/Get-SherwebCurrentSubscription.ps1 +++ b/Modules/CippExtensions/Public/Sherweb/Get-SherwebCurrentSubscription.ps1 @@ -6,12 +6,11 @@ function Get-SherwebCurrentSubscription { [string]$SKU, [string]$ProductName ) -if($TenantFilter){ - Get-ExtensionMapping -Extension 'Sherweb' | Where-Object { $_.RowKey -eq $TenantFilter } | ForEach-Object { - write-host "Extracted customer id from tenant filter - It's $($_.IntegrationId)" - $CustomerId = $_.IntegrationId + if ($TenantFilter) { + $TenantFilter = (Get-Tenants -TenantFilter $TenantFilter).customerId + $CustomerId = Get-ExtensionMapping -Extension 'Sherweb' | Where-Object { $_.RowKey -eq $TenantFilter } | Select-Object -ExpandProperty IntegrationId } -} + $AuthHeader = Get-SherwebAuthentication $Uri = "https://api.sherweb.com/service-provider/v1/billing/subscriptions/details?customerId=$CustomerId" $SubscriptionDetails = Invoke-RestMethod -Uri $Uri -Method GET -Headers $AuthHeader From 01f2656b0d11c48f47e974dcf70f9b971c4d4fe0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 3 Feb 2025 18:40:14 -0500 Subject: [PATCH 015/138] Update Invoke-ListCSPLicenses.ps1 --- .../Entrypoints/Invoke-ListCSPLicenses.ps1 | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 index 4a6959e2b5fc..53ef9e69211a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 @@ -13,11 +13,17 @@ Function Invoke-ListCSPLicenses { $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $GraphRequest = Get-SherwebCurrentSubscription -TenantFilter $Request.Query.TenantFilter - - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @($GraphRequest) - }) -Clobber + try { + $GraphRequest = Get-SherwebCurrentSubscription -TenantFilter $Request.Query.TenantFilter + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @($GraphRequest) + }) -Clobber + } catch { + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::BadRequest + Body = 'Error retrieving CSP licenses, ensure that you have enabled the Sherweb integration and mapped the tenant in the integration settings.' + }) -Clobber + } } From 257dff5961a11c556506dbcccbdefdfb456b966a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 3 Feb 2025 18:47:00 -0500 Subject: [PATCH 016/138] Update Invoke-ListCSPLicenses.ps1 --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 index 53ef9e69211a..c2c82f157e81 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 @@ -23,7 +23,7 @@ Function Invoke-ListCSPLicenses { } catch { Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::BadRequest - Body = 'Error retrieving CSP licenses, ensure that you have enabled the Sherweb integration and mapped the tenant in the integration settings.' + Body = 'Unable to retrieve CSP licenses, ensure that you have enabled the Sherweb integration and mapped the tenant in the integration settings.' }) -Clobber } } From 77e0dfa67f3785114f243e055eaf700e82797266 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 4 Feb 2025 11:02:38 +0100 Subject: [PATCH 017/138] fixes default attributess --- .../Administration/Users/Invoke-EditUser.ps1 | 13 +++++++------ Modules/CIPPCore/Public/New-CippUser.ps1 | 11 +++++++---- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index 4ed2b204bfc1..a9f23fca2d28 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -59,12 +59,13 @@ Function Invoke-EditUser { $NonEmptyProperties = $_.PSObject.Properties | Select-Object -ExpandProperty Name $_ | Select-Object -Property $NonEmptyProperties } - if ($UserObj.addedAttributes) { - Write-Host 'Found added attribute' - Write-Host "Added attributes: $($UserObj.addedAttributes | ConvertTo-Json)" - $UserObj.addedAttributes.GetEnumerator() | ForEach-Object { - $null = $results.Add("Edited property $($_.Key) with value $($_.Value)") - $bodytoShip | Add-Member -NotePropertyName $_.Key -NotePropertyValue $_.Value -Force + if ($UserObj.defaultAttributes) { + $UserObj.defaultAttributes | Get-Member -MemberType NoteProperty | ForEach-Object { + Write-Host "Editing user and adding $($_.Name) with value $($UserObj.defaultAttributes.$($_.Name).value)" + if (-not [string]::IsNullOrWhiteSpace($UserObj.defaultAttributes.$($_.Name).value)) { + Write-Host 'adding body to ship' + $BodyToShip | Add-Member -NotePropertyName $_.Name -NotePropertyValue $UserObj.defaultAttributes.$($_.Name).value -Force + } } } $bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress diff --git a/Modules/CIPPCore/Public/New-CippUser.ps1 b/Modules/CIPPCore/Public/New-CippUser.ps1 index eb2632bf4363..aad9acdec919 100644 --- a/Modules/CIPPCore/Public/New-CippUser.ps1 +++ b/Modules/CIPPCore/Public/New-CippUser.ps1 @@ -38,10 +38,13 @@ function New-CIPPUser { } } if ($userobj.businessPhone) { $bodytoShip | Add-Member -NotePropertyName businessPhones -NotePropertyValue @($UserObj.businessPhone) } - if ($UserObj.defaultAttributes.value) { - [hashtable]($UserObj.defaultAttributes).GetEnumerator() | ForEach-Object { - $results.add("Added property $($_.Key) with value $($_.value)") - $bodytoShip | Add-Member -NotePropertyName $_.Key -NotePropertyValue $_.Value + if ($UserObj.defaultAttributes) { + $UserObj.defaultAttributes | Get-Member -MemberType NoteProperty | ForEach-Object { + Write-Host "Editing user and adding $($_.Name) with value $($UserObj.defaultAttributes.$($_.Name).value)" + if (-not [string]::IsNullOrWhiteSpace($UserObj.defaultAttributes.$($_.Name).value)) { + Write-Host 'adding body to ship' + $BodyToShip | Add-Member -NotePropertyName $_.Name -NotePropertyValue $UserObj.defaultAttributes.$($_.Name).value -Force + } } } $bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress From c7a12b88e3048580616726d29437c7fa31694ba3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 4 Feb 2025 12:39:17 +0100 Subject: [PATCH 018/138] Add or update the Azure App Service build and deployment workflow config --- .github/workflows/dev_cipp44thq.yml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/dev_cipp44thq.yml diff --git a/.github/workflows/dev_cipp44thq.yml b/.github/workflows/dev_cipp44thq.yml new file mode 100644 index 000000000000..f21a9de0596d --- /dev/null +++ b/.github/workflows/dev_cipp44thq.yml @@ -0,0 +1,30 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cipp44thq + +on: + push: + branches: + - dev + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + deploy: + runs-on: windows-latest + + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cipp44thq' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_2EBCA6FEB5E54403AE417859C5D28817 }} \ No newline at end of file From 1ceba2796f769d5b999bd7041e34b48a430763ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 3 Feb 2025 19:12:10 +0100 Subject: [PATCH 019/138] feat: List contacts changes to fit frontend and add edit contact page --- .../Email-Exchange/Invoke-EditContact.ps1 | 19 ++--- .../Entrypoints/Invoke-ListContacts.ps1 | 69 +++++++++++++------ 2 files changed, 58 insertions(+), 30 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 index 6070fb279db1..935461e8fb73 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 @@ -24,23 +24,24 @@ Function Invoke-EditContact { # Prepare the body for the Set-Contact cmdlet $bodyForSetContact = [pscustomobject] @{ - 'DisplayName' = $contactInfo.DisplayName - 'WindowsEmailAddress' = $contactInfo.mail + 'Identity' = $contactInfo.ContactID + 'DisplayName' = $contactInfo.displayName + 'WindowsEmailAddress' = $contactInfo.email 'FirstName' = $contactInfo.firstName 'LastName' = $contactInfo.LastName - 'Title' = $contactInfo.jobTitle + 'Title' = $contactInfo.Title 'StreetAddress' = $contactInfo.StreetAddress 'PostalCode' = $contactInfo.PostalCode 'City' = $contactInfo.City - 'CountryOrRegion' = $contactInfo.Country - 'Company' = $contactInfo.companyName - 'mobilePhone' = $contactInfo.MobilePhone - 'phone' = $contactInfo.BusinessPhone - 'identity' = $contactInfo.ContactID + 'CountryOrRegion' = $contactInfo.CountryOrRegion + 'Company' = $contactInfo.Company + 'mobilePhone' = $contactInfo.mobilePhone + 'phone' = $contactInfo.phone } # Call the Set-Contact cmdlet to update the contact $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-Contact' -cmdParams $bodyForSetContact -UseSystemMailbox $true + $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-MailContact' -cmdParams @{Identity = $contactInfo.ContactID; HiddenFromAddressListsEnabled = [System.Convert]::ToBoolean($contactInfo.hidefromGAL) } -UseSystemMailbox $true $Results = "Successfully edited contact $($contactInfo.DisplayName)" Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantID -message $Results -Sev Info $StatusCode = [HttpStatusCode]::OK @@ -57,6 +58,6 @@ Function Invoke-EditContact { # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = $responseResults + Body = $Results }) } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListContacts.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListContacts.ps1 index 882b546fe579..6fb5562635a4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListContacts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListContacts.ps1 @@ -10,35 +10,62 @@ Function Invoke-ListContacts { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $selectlist = 'id', 'companyName', 'displayName', 'mail', 'onPremisesSyncEnabled', 'editURL', "givenName", "jobTitle", "surname", "addresses", "phones" + # Define fields to retrieve + $selectList = @( + 'id', + 'companyName', + 'displayName', + 'mail', + 'onPremisesSyncEnabled', + 'editURL', + 'givenName', + 'jobTitle', + 'surname', + 'addresses', + 'phones' + ) - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' + # Get query parameters + $TenantFilter = $Request.Query.tenantFilter + $ContactID = $Request.Query.id + # Validate required parameters + if (-not $TenantFilter) { + $StatusCode = [HttpStatusCode]::BadRequest + $GraphRequest = 'tenantFilter is required' + Write-Host 'Error: Missing tenantFilter parameter' + } else { + try { + # Construct Graph API URI based on whether an ID is provided + $graphUri = if ([string]::IsNullOrWhiteSpace($ContactID) -eq $false) { + "https://graph.microsoft.com/beta/contacts/$($ContactID)?`$select=$($selectList -join ',')" + } else { + "https://graph.microsoft.com/beta/contacts?`$top=999&`$select=$($selectList -join ',')" + } - # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter - $ContactID = $Request.Query.ContactID + # Make the Graph API request + $GraphRequest = New-GraphGetRequest -uri $graphUri -tenantid $TenantFilter - Write-Host "Tenant Filter: $TenantFilter" - Write-Host "This is the Contact ID: $ContactID" - try { - $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/contacts/$($ContactID)?`$top=999&`$select=$($selectlist -join ',')" -tenantid $TenantFilter | Select-Object $selectlist | ForEach-Object { - $_.editURL = "https://outlook.office365.com/ecp/@$TenantFilter/UsersGroups/EditContact.aspx?exsvurl=1&realm=$($env:TenantID)&mkt=en-US&id=$($_.id)" - $_ + if ([string]::IsNullOrWhiteSpace($ContactID) -eq $false) { + $HiddenFromGAL = New-EXORequest -tenantid $TenantFilter -cmdlet 'Get-Recipient' -cmdParams @{RecipientTypeDetails = 'MailContact' } -Select 'HiddenFromAddressListsEnabled,ExternalDirectoryObjectId' | Where-Object { $_.ExternalDirectoryObjectId -eq $ContactID } + $GraphRequest | Add-Member -NotePropertyName 'hidefromGAL' -NotePropertyValue $HiddenFromGAL.HiddenFromAddressListsEnabled + } + # Ensure single result when ID is provided + if ($ContactID -and $GraphRequest -is [array]) { + $GraphRequest = $GraphRequest | Select-Object -First 1 + } + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + $StatusCode = [HttpStatusCode]::InternalServerError + $GraphRequest = $ErrorMessage } - $StatusCode = [HttpStatusCode]::OK - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - $StatusCode = [HttpStatusCode]::Forbidden - $GraphRequest = $ErrorMessage } + + # Return response Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = @($GraphRequest | Where-Object -Property id -NE $null) + Body = @($GraphRequest | Where-Object { $null -ne $_.id }) }) - } From 0232ac680e8e75eaa3758231e040d86e6c279fd2 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 13:32:01 -0500 Subject: [PATCH 020/138] Update Invoke-ExecSAMSetup.ps1 --- .../HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 index 9fdb71146215..f3dee9aa8971 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 @@ -82,9 +82,9 @@ Function Invoke-ExecSAMSetup { if ($Request.Query.code) { try { $TenantId = $Rows.tenantid - if (!$TenantId) { $TenantId = $ENV:TenantID } + if (!$TenantId -or $TenantId -eq 'NotStarted') { $TenantId = $ENV:TenantID } $AppID = $Rows.appid - if (!$AppID) { $appid = $ENV:ApplicationID } + if (!$AppID -or $AppID -eq 'NotStarted') { $appid = $ENV:ApplicationID } $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { $clientsecret = $Secret.ApplicationSecret From b82d8390fceb2dd4ccb95a91694bb3f52a8c3ae7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 14:13:23 -0500 Subject: [PATCH 021/138] Update Invoke-ExecSAMSetup.ps1 --- .../CIPP/Setup/Invoke-ExecSAMSetup.ps1 | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 index f3dee9aa8971..dbae65ac6247 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 @@ -7,6 +7,7 @@ Function Invoke-ExecSAMSetup { .ROLE CIPP.AppSettings.ReadWrite #> + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')] [CmdletBinding()] param($Request, $TriggerMetadata) @@ -24,7 +25,7 @@ Function Invoke-ExecSAMSetup { Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ ContentType = 'text/html' StatusCode = [HttpStatusCode]::Forbidden - Body = 'Could not find an admin cookie in your browser. Make sure you do not have an adblocker active, use a Chromium browser, and allow cookies. If our automatic refresh does not work, try pressing the URL bar and hitting enter. We will try to refresh ourselves in 3 seconds.' + Body = 'Could not find an admin cookie in your browser, please confirm that you have the admin role in CIPP. Make sure you do not have an adblocker active, use a Chromium browser, and allow cookies. If our automatic refresh does not work, try pressing the URL bar and hitting enter. We will try to refresh ourselves in 3 seconds.' }) exit } @@ -52,7 +53,7 @@ Function Invoke-ExecSAMSetup { } } if (!$ENV:SetFromProfile) { - Write-Host "We're reloading from KV" + Write-Information "We're reloading from KV" Get-CIPPAuthentication } @@ -76,6 +77,7 @@ Function Invoke-ExecSAMSetup { if ($Request.Body.applicationid) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Request.Body.applicationid -AsPlainText -Force) } if ($Request.Body.applicationsecret) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $Request.Body.applicationsecret -AsPlainText -Force) } } + $Results = @{ Results = 'The keys have been replaced. Please perform a permissions check.' } } if ($Request.Query.error -eq 'invalid_client') { $Results = 'Client ID was not found in Azure. Try waiting 10 seconds to try again, if you have gotten this error after 5 minutes, please restart the process.' } @@ -92,7 +94,7 @@ Function Invoke-ExecSAMSetup { $clientsecret = Get-AzKeyVaultSecret -VaultName $kv -Name 'ApplicationSecret' -AsPlainText } if (!$clientsecret) { $clientsecret = $ENV:ApplicationSecret } - Write-Host "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" + Write-Information "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" $RefreshToken = Invoke-RestMethod -Method POST -Body "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -ContentType 'application/x-www-form-urlencoded' if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { @@ -140,7 +142,7 @@ Function Invoke-ExecSAMSetup { $step = 2 } $Token = (New-DeviceLogin -clientid '1b730954-1685-4b74-9bfd-dac224a7b894' -Scope 'https://graph.microsoft.com/.default' -device_code $SAMSetup.device_code) - Write-Host "Token is $($token | ConvertTo-Json)" + Write-Information "Token is $($token | ConvertTo-Json)" if ($Token.access_token) { $step = 2 $rows.SamSetup = [string]($Token | ConvertTo-Json) @@ -166,22 +168,22 @@ Function Invoke-ExecSAMSetup { try { $SPNDefender = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"fc780465-2017-40d4-a0c5-307022471b92`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for defender, probably already there." + Write-Information "didn't deploy spn for defender, probably already there." } try { $SPNTeams = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"48ac35b8-9aa8-4d74-927d-1f4a14a0b239`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for Teams, probably already there." + Write-Information "didn't deploy spn for Teams, probably already there." } try { $SPNO365Manage = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"c5393580-f805-4401-95e8-94b7a6ef2fc2`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for O365 Management, probably already there." + Write-Information "didn't deploy spn for O365 Management, probably already there." } try { $SPNPartnerCenter = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for PartnerCenter, probably already there." + Write-Information "didn't deploy spn for PartnerCenter, probably already there." } $SPN = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"$($AppId.appId)`" }" -ContentType 'application/json') Start-Sleep 3 From efd05581cf1f21632bd9f3bd639be3441160930b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 4 Feb 2025 21:58:20 +0100 Subject: [PATCH 022/138] fix for broken templates --- .../Invoke-ListIntuneTemplates.ps1 | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index 240d12d26d98..24eeef65ae3d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -37,16 +37,21 @@ Function Invoke-ListIntuneTemplates { $RawTemplates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) if ($Request.query.View) { $Templates = $RawTemplates | ForEach-Object { - $JSONData = $_.JSON | ConvertFrom-Json - $data = $JSONData.RAWJson | ConvertFrom-Json -Depth 100 - $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $JSONData.Displayname -Force - $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $JSONData.Description -Force - $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force - $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force - $data + try { + $JSONData = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue + $data = $JSONData.RAWJson | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue + $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $JSONData.Displayname -Force + $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $JSONData.Description -Force + $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force + $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force + $data + } catch { + + } + } | Sort-Object -Property displayName } else { - $Templates = $RawTemplates.JSON | ConvertFrom-Json + $Templates = $RawTemplates.JSON | ForEach-Object { try { ConvertFrom-Json -InputObject $_ -Depth 100 -ErrorAction SilentlyContinue } catch {} } } if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property guid -EQ $Request.query.id } From ae5b6308017f590ae5bc697ad9f3613ed782e22d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 14:13:23 -0500 Subject: [PATCH 023/138] Update Invoke-ExecSAMSetup.ps1 return hidden from GAL property too capitalization mostly Refactor logging and variable naming in email connector functions for consistency --- .../CIPP/Setup/Invoke-ExecSAMSetup.ps1 | 18 +++++++------- .../Email-Exchange/Invoke-EditExConnector.ps1 | 24 +++++++++++-------- .../Invoke-ListExchangeConnectors.ps1 | 9 +++---- .../Public/Invoke-RemoveExConnector.ps1 | 22 ++++++++++------- 4 files changed, 42 insertions(+), 31 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 index f3dee9aa8971..dbae65ac6247 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 @@ -7,6 +7,7 @@ Function Invoke-ExecSAMSetup { .ROLE CIPP.AppSettings.ReadWrite #> + [System.Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')] [CmdletBinding()] param($Request, $TriggerMetadata) @@ -24,7 +25,7 @@ Function Invoke-ExecSAMSetup { Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ ContentType = 'text/html' StatusCode = [HttpStatusCode]::Forbidden - Body = 'Could not find an admin cookie in your browser. Make sure you do not have an adblocker active, use a Chromium browser, and allow cookies. If our automatic refresh does not work, try pressing the URL bar and hitting enter. We will try to refresh ourselves in 3 seconds.' + Body = 'Could not find an admin cookie in your browser, please confirm that you have the admin role in CIPP. Make sure you do not have an adblocker active, use a Chromium browser, and allow cookies. If our automatic refresh does not work, try pressing the URL bar and hitting enter. We will try to refresh ourselves in 3 seconds.' }) exit } @@ -52,7 +53,7 @@ Function Invoke-ExecSAMSetup { } } if (!$ENV:SetFromProfile) { - Write-Host "We're reloading from KV" + Write-Information "We're reloading from KV" Get-CIPPAuthentication } @@ -76,6 +77,7 @@ Function Invoke-ExecSAMSetup { if ($Request.Body.applicationid) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Request.Body.applicationid -AsPlainText -Force) } if ($Request.Body.applicationsecret) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $Request.Body.applicationsecret -AsPlainText -Force) } } + $Results = @{ Results = 'The keys have been replaced. Please perform a permissions check.' } } if ($Request.Query.error -eq 'invalid_client') { $Results = 'Client ID was not found in Azure. Try waiting 10 seconds to try again, if you have gotten this error after 5 minutes, please restart the process.' } @@ -92,7 +94,7 @@ Function Invoke-ExecSAMSetup { $clientsecret = Get-AzKeyVaultSecret -VaultName $kv -Name 'ApplicationSecret' -AsPlainText } if (!$clientsecret) { $clientsecret = $ENV:ApplicationSecret } - Write-Host "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" + Write-Information "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" $RefreshToken = Invoke-RestMethod -Method POST -Body "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($Request.Query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" -ContentType 'application/x-www-form-urlencoded' if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { @@ -140,7 +142,7 @@ Function Invoke-ExecSAMSetup { $step = 2 } $Token = (New-DeviceLogin -clientid '1b730954-1685-4b74-9bfd-dac224a7b894' -Scope 'https://graph.microsoft.com/.default' -device_code $SAMSetup.device_code) - Write-Host "Token is $($token | ConvertTo-Json)" + Write-Information "Token is $($token | ConvertTo-Json)" if ($Token.access_token) { $step = 2 $rows.SamSetup = [string]($Token | ConvertTo-Json) @@ -166,22 +168,22 @@ Function Invoke-ExecSAMSetup { try { $SPNDefender = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"fc780465-2017-40d4-a0c5-307022471b92`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for defender, probably already there." + Write-Information "didn't deploy spn for defender, probably already there." } try { $SPNTeams = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"48ac35b8-9aa8-4d74-927d-1f4a14a0b239`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for Teams, probably already there." + Write-Information "didn't deploy spn for Teams, probably already there." } try { $SPNO365Manage = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"c5393580-f805-4401-95e8-94b7a6ef2fc2`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for O365 Management, probably already there." + Write-Information "didn't deploy spn for O365 Management, probably already there." } try { $SPNPartnerCenter = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd`" }" -ContentType 'application/json') } catch { - Write-Host "didn't deploy spn for PartnerCenter, probably already there." + Write-Information "didn't deploy spn for PartnerCenter, probably already there." } $SPN = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body "{ `"appId`": `"$($AppId.appId)`" }" -ContentType 'application/json') Start-Sleep 3 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 index 35b181507cda..26598494addc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 @@ -11,28 +11,32 @@ Function Invoke-EditExConnector { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter ?? $Request.Body.tenantfilter + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter try { $ConnectorState = $Request.Query.State ?? $Request.Body.State - $State = if ($ConnectorState -eq 'enable') { $true } else { $false } + $State = if ($ConnectorState -eq 'Enable') { $true } else { $false } $Guid = $Request.Query.GUID ?? $Request.Body.GUID - $type = $Request.Query.Type ?? $Request.Body.Type + $Type = $Request.Query.Type ?? $Request.Body.Type $Params = @{ Identity = $Guid Enabled = $State } - $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet "Set-$($Type)Connector" -cmdParams $params -UseSystemMailbox $true + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "Set-$($Type)Connector" -cmdParams $params -UseSystemMailbox $true $Result = "Set Connector $($Guid) to $($ConnectorState)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Set Connector $($Request.query.guid) to $($request.query.State)" -sev 'Info' + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info + $StatusCode = [HttpStatusCode]::OK } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($_.Exception.Message)" -Sev 'Error' - $ErrorMessage = Get-NormalizedError -Message $_.Exception - $Result = $ErrorMessage + $ErrorMessage = Get-CIPPException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::Forbidden } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = @{Results = $Result } }) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 index 95120eab6ac6..fd07a79e0ea1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 @@ -11,12 +11,13 @@ Function Invoke-ListExchangeConnectors { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $request.Query.tenantFilter $Results = try { - New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-OutboundConnector' | Select-Object *, @{n = 'cippconnectortype'; e = { 'outbound' } } - New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Get-InboundConnector' | Select-Object *, @{n = 'cippconnectortype'; e = { 'Inbound' } } + New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-OutboundConnector' | Select-Object *, @{n = 'cippconnectortype'; e = { 'outbound' } } + New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-InboundConnector' | Select-Object *, @{n = 'cippconnectortype'; e = { 'Inbound' } } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 index f5d3b9b141fd..20b19adc86a1 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 @@ -11,24 +11,28 @@ Function Invoke-RemoveExConnector { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Tenantfilter = $request.Query.tenantfilter ?? $Request.Body.tenantfilter - $Type = $Request.Query.Type ?? $Request.Body.Type + $ExecutingUser = $request.headers.'x-ms-client-principal' + $TenantFilter = $request.Query.tenantFilter ?? $Request.Body.tenantFilter + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + try { + $Type = $Request.Query.Type ?? $Request.Body.Type $Guid = $Request.Query.GUID ?? $Request.Body.GUID $Params = @{ Identity = $Guid } - $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet "Remove-$($Type)Connector" -cmdParams $params -useSystemMailbox $true - $Result = "Deleted $($Guid)" - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Deleted transport rule $($Guid)" -sev Debug + + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "Remove-$($Type)Connector" -cmdParams $params -useSystemMailbox $true + $Result = "Deleted Connector: $($Guid)" + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Deleted connector $($Guid)" -sev Debug + $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Failed deleting transport rule $($Guid). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed deleting connector $($Guid). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = @{Results = $Result } }) From be0cd790dcaa4fbb605ee283c29966bcc89afcfc Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 18:05:27 -0500 Subject: [PATCH 024/138] Create Invoke-ListApiTest.ps1 --- .../CIPP/Core/Invoke-ListApiTest.ps1 | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListApiTest.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListApiTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListApiTest.ps1 new file mode 100644 index 000000000000..b8ba63e8a322 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListApiTest.ps1 @@ -0,0 +1,15 @@ +function Invoke-ListApiTest { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.Core.Read + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = ($Request | ConvertTo-Json -Depth 5) + }) +} From 6465f7d4a3d8df41143bb5b032ce4f7001c70434 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 22:29:32 -0500 Subject: [PATCH 025/138] feat: CIPP-API Integration v2 New authentication handling for CIPP-API integration IP whitelisting Role selection Multiple app support Update Test-CippAccess to handle aad auth from function app New IAM permission required for function app to use identity for function app changes - contributor role required on itself --- .../Public/Authentication/Get-CippApiAuth.ps1 | 23 +++ .../Authentication/Get-CippApiClient.ps1 | 43 +++++ .../Authentication/New-CIPPAPIConfig.ps1 | 147 ++++++++++++++++ .../Public/Authentication/Set-CippApiAuth.ps1 | 54 ++++++ .../Public/Authentication/Test-CIPPAccess.ps1 | 37 ++-- .../Public/Authentication/Test-IpInRange.ps1 | 53 ++++++ .../Invoke-ExecExtensionsConfig.ps1 | 40 +---- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 163 ++++++++++++++++++ .../CIPP/Settings/Invoke-ListCustomRole.ps1 | 55 ++++++ Modules/CIPPCore/Public/New-CIPPAPIConfig.ps1 | 69 -------- 10 files changed, 565 insertions(+), 119 deletions(-) create mode 100644 Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 create mode 100644 Modules/CIPPCore/Public/Authentication/Get-CippApiClient.ps1 create mode 100644 Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 create mode 100644 Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 create mode 100644 Modules/CIPPCore/Public/Authentication/Test-IpInRange.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListCustomRole.ps1 delete mode 100644 Modules/CIPPCore/Public/New-CIPPAPIConfig.ps1 diff --git a/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 new file mode 100644 index 000000000000..9b2c5ff89426 --- /dev/null +++ b/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 @@ -0,0 +1,23 @@ +function Get-CippApiAuth { + Param( + [string]$RGName, + [string]$FunctionAppName + ) + + # Get subscription id + $SubscriptionId = (Get-AzContext).Subscription.Id + + # Get auth settings + $AuthSettings = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2/list?api-version=2020-06-01" -ErrorAction Stop | Select-Object -ExpandProperty Content | ConvertFrom-Json + + if ($AuthSettings.properties) { + [PSCustomObject]@{ + ApiUrl = "https://$($FunctionAppName).azurewebsites.net" + TenantID = $AuthSettings.properties.identityProviders.azureActiveDirectory.registration.openIdIssuer -replace 'https://sts.windows.net/', '' -replace '/v2.0', '' + ClientIDs = $AuthSettings.properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedApplications + Enabled = $AuthSettings.properties.identityProviders.azureActiveDirectory.enabled + } + } else { + throw 'No auth settings found' + } +} diff --git a/Modules/CIPPCore/Public/Authentication/Get-CippApiClient.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CippApiClient.ps1 new file mode 100644 index 000000000000..ce038d763729 --- /dev/null +++ b/Modules/CIPPCore/Public/Authentication/Get-CippApiClient.ps1 @@ -0,0 +1,43 @@ +function Get-CippApiClient { + <# + .SYNOPSIS + Get the API client details + .DESCRIPTION + This function retrieves the API client details + .PARAMETER AppId + The AppId of the API client + .EXAMPLE + Get-CippApiClient -AppId 'cipp-api' + #> + [CmdletBinding()] + param ( + $AppId + ) + + $Table = Get-CIPPTable -TableName 'ApiClients' + if ($AppId) { + $Table.Filter = "RowKey eq '$AppId'" + } + $Apps = Get-CIPPAzDataTableEntity @Table + $Apps = foreach ($Client in $Apps) { + $Client = $Client | Select-Object -Property @{Name = 'ClientId'; Expression = { $_.RowKey } }, AppName, Role, IPRange, Enabled + + if (!$Client.Role) { + $Client.Role = $null + } + + if ($Client.IPRange) { + try { + $IPRange = @($Client.IPRange | ConvertFrom-Json -ErrorAction Stop) + if (($IPRange | Measure-Object).Count -eq 0) { @('Any') } + $Client.IPRange = $IPRange + } catch { + $Client.IPRange = @('Any') + } + } else { + $Client.IPRange = @('Any') + } + $Client + } + return $Apps +} diff --git a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 new file mode 100644 index 000000000000..aee998212b9a --- /dev/null +++ b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 @@ -0,0 +1,147 @@ +function New-CIPPAPIConfig { + + [CmdletBinding(SupportsShouldProcess)] + param ( + $APIName = 'CIPP API Config', + $ExecutingUser, + [switch]$ResetSecret, + [string]$AppName, + [string]$AppId + ) + + try { + if ($AppId) { + $APIApp = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications(appid='$($AppId)')" -NoAuthCheck $true + } else { + $CreateBody = @{ + api = @{ + oauth2PermissionScopes = @( + @{ + adminConsentDescription = 'Allow the application to access CIPP-API on behalf of the signed-in user.' + adminConsentDisplayName = 'Access CIPP-API' + id = 'ba7ffeff-96ea-4ac4-9822-1bcfee9adaa4' + isEnabled = $true + type = 'User' + userConsentDescription = 'Allow the application to access CIPP-API on your behalf.' + userConsentDisplayName = 'Access CIPP-API' + value = 'user_impersonation' + } + ) + } + displayName = $AppName + requiredResourceAccess = @( + @{ + resourceAccess = @( + @{ + id = 'e1fe6dd8-ba31-4d61-89e7-88639da4683d' + type = 'Scope' + } + ) + resourceAppId = '00000003-0000-0000-c000-000000000000' + } + ) + signInAudience = 'AzureADMyOrg' + web = @{ + homePageUrl = 'https://cipp.app' + implicitGrantSettings = @{ + enableAccessTokenIssuance = $false + enableIdTokenIssuance = $true + } + redirectUris = @("https://$($ENV:Website_hostname)/.auth/login/aad/callback") + } + } | ConvertTo-Json -Depth 10 -Compress + + if ($PSCmdlet.ShouldProcess($AppName, 'Create API App')) { + Write-Information 'Creating app' + $APIApp = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/applications' -NoAuthCheck $true -type POST -body $CreateBody + + $Requests = @( + @{ + id = 'addPassword' + method = 'POST' + url = "/applications/$($APIApp.id)/addPassword" + body = @{ + passwordCredential = @{ + displayName = 'Generated by API Setup' + } + } + }, + @{ + id = 'apiIdentifier' + method = 'PATCH' + url = "/applications/$($APIApp.id)" + body = @{ + identifierUris = @("api://$($APIApp.appId)") + } + }, + @{ + id = 'tagServicePrincipal' + method = 'POST' + url = '/serviceprincipals' + body = @{ + accountEnabled = $true + appId = $APIApp.appId + displayName = 'CIPP-API' + tags = @('WindowsAzureActiveDirectoryIntegratedApp', 'AppServiceIntegratedApp') + } + } + ) + + $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests + $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addPassword' } | Select-Object -ExpandProperty body + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Created CIPP API App for $($APIApp.displayName)." -Sev 'info' + } + } + if ($ResetSecret.IsPresent -and $APIApp) { + if ($PSCmdlet.ShouldProcess($APIApp.displayName, 'Reset API Secret')) { + Write-Information 'Removing all old passwords' + $Requests = @( + @{ + id = 'removeOldPasswords' + method = 'PATCH' + url = "applications/$($APIApp.id)/" + headers = @{ + 'Content-Type' = 'application/json' + } + body = @{ + passwordCredentials = @() + } + }, + @{ + id = 'addNewPassword' + method = 'POST' + url = "applications/$($APIApp.id)/addPassword" + headers = @{ + 'Content-Type' = 'application/json' + } + body = @{ + passwordCredential = @{ + displayName = 'Generated by API Setup' + } + } + dependsOn = @('removeOldPasswords') + } + ) + $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests + $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addNewPassword' } | Select-Object -ExpandProperty body + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Reset CIPP API Password for $($APIApp.displayName)." -Sev 'info' + } + } + + return @{ + AppName = $APIApp.displayName + ApplicationID = $APIApp.AppId + ApplicationSecret = $APIPassword.secretText + Results = $Results + } + + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-Information ($ErrorMessage | ConvertTo-Json -Depth 10) + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage + return @{ + Results = "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError)" + } + + } +} diff --git a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 new file mode 100644 index 000000000000..7c882609b05b --- /dev/null +++ b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 @@ -0,0 +1,54 @@ +function Set-CippApiAuth { + [CmdletBinding(SupportsShouldProcess)] + Param( + [string]$RGName, + [string]$FunctionAppName, + [string]$TenantId, + [string[]]$ClientIds + ) + + # Get subscription id + $SubscriptionId = (Get-AzContext).Subscription.Id + + # Get auth settings + $AuthSettings = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2/list?api-version=2020-06-01" | Select-Object -ExpandProperty Content | ConvertFrom-Json + + # Set allowed audiences + $AllowedAudiences = foreach ($ClientId in $ClientIds) { + "api://$ClientId" + } + + # Set auth settings + $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ + registration = @{ + clientId = $ClientIds[0] ?? $ClientIds + openIdIssuer = "https://sts.windows.net/$TenantID/v2.0" + } + validation = @{ + allowedAudiences = @($AllowedAudiences) + defaultAuthorizationPolicy = @{ + allowedApplications = @($ClientIds) + } + } + } + $AuthSettings.properties.globalValidation = @{ + unauthenticatedClientAction = 'Return401' + } + $AuthSettings.properties.login = @{ + tokenStore = @{ + enabled = $true + tokenRefreshExtensionHours = 72 + } + } + + Write-Information ($AuthSettings | ConvertTo-Json -Depth 10) + + if ($PSCmdlet.ShouldProcess('Update auth settings')) { + # Update auth settings + Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10) + } + + if ($PSCmdlet.ShouldProcess('Update allowed tenants')) { + Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId } + } +} diff --git a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 index aa12f2741414..2e0ad55e9807 100644 --- a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 @@ -12,27 +12,40 @@ function Test-CIPPAccess { # Check help for role $APIRole = $Help.Role - if (!$Request.Headers.'x-ms-client-principal' -or ($Request.Headers.'x-ms-client-principal-id' -and $Request.Headers.'x-ms-client-principal-idp' -eq 'aad')) { + if ($Request.Headers.'x-ms-client-principal-idp' -eq 'aad' -and $Request.Headers.'x-ms-client-principal-name' -match '^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$') { # Direct API Access + $ForwardedFor = $Request.Headers.'x-forwarded-for' -split ',' | Select-Object -First 1 $IPRegex = '^(?(?:\d{1,3}(?:\.\d{1,3}){3}|\[[0-9a-fA-F:]+\]|[0-9a-fA-F:]+))(?::\d+)?$' - $IPAddress = $Request.Headers.'x-forwarded-for' -replace $IPRegex, '$1' -replace '[\[\]]', '' - Write-Information "API Access: AppId=$($Request.Headers.'x-ms-client-principal-id') IP=$IPAddress" + $IPAddress = $ForwardedFor -replace $IPRegex, '$1' -replace '[\[\]]', '' - # TODO: Implement API Client support, create Get-CippApiClient function - <#$Client = Get-CippApiClient -AppId $Request.Headers.'x-ms-client-principal-id' + $Client = Get-CippApiClient -AppId $Request.Headers.'x-ms-client-principal-name' if ($Client) { - if ($Client.AllowedIPs -contains $IPAddress -or $Client.AllowedIPs -contains 'All')) { - if ($Client.CustomRoles) { - $CustomRoles = @($Client.CustomRoles) + Write-Information "API Access: AppName=$($Client.AppName), AppId=$($Request.Headers.'x-ms-client-principal-name'), IP=$IPAddress" + $IPMatched = $false + if ($Client.IPRange -notcontains 'Any') { + foreach ($Range in $Client.IPRange) { + if ($IPaddress -eq $Range -or (Test-IpInRange -IPAddress $IPAddress -Range $Range)) { + $IPMatched = $true + break + } + } + } else { + $IPMatched = $true + } + + if ($IPMatched) { + if ($Client.Role) { + $CustomRoles = @($Client.Role) } else { - $CustomRoles = @('CIPP-API') + $CustomRoles = @('cipp-api') } } else { throw 'Access to this CIPP API endpoint is not allowed, the API Client does not have the required permission' } - } else { #> - $CustomRoles = @('cipp-api') - # } + } else { + $CustomRoles = @('cipp-api') + Write-Information "API Access: AppId=$($Request.Headers.'x-ms-client-principal-name'), IP=$IPAddress" + } } else { $DefaultRoles = @('admin', 'editor', 'readonly', 'anonymous', 'authenticated') $User = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Request.Headers.'x-ms-client-principal')) | ConvertFrom-Json diff --git a/Modules/CIPPCore/Public/Authentication/Test-IpInRange.ps1 b/Modules/CIPPCore/Public/Authentication/Test-IpInRange.ps1 new file mode 100644 index 000000000000..2279b20ce110 --- /dev/null +++ b/Modules/CIPPCore/Public/Authentication/Test-IpInRange.ps1 @@ -0,0 +1,53 @@ +function Test-IpInRange { + <# + .SYNOPSIS + Test if an IP address is in a CIDR range + .DESCRIPTION + This function tests if an IP address is in a CIDR range + .PARAMETER IPAddress + The IP address to test + .PARAMETER Range + The CIDR range to test + .EXAMPLE + Test-IpInRange -IPAddress "1.1.1.1" -Range "1.1.1.1/24" + #> + [CmdletBinding()] + param ( + [Parameter(Mandatory = $true)] + [string]$IPAddress, + [Parameter(Mandatory = $true)] + [string]$Range + ) + + function ConvertIpToBigInteger { + param([System.Net.IPAddress]$ip) + return [System.Numerics.BigInteger]::Parse( + [BitConverter]::ToString($ip.GetAddressBytes()).Replace('-', ''), + [System.Globalization.NumberStyles]::HexNumber + ) + } + + try { + $IP = [System.Net.IPAddress]::Parse($IPAddress) + $rangeParts = $Range -split '/' + $networkAddr = [System.Net.IPAddress]::Parse($rangeParts[0]) + $prefix = [int]$rangeParts[1] + + if ($networkAddr.AddressFamily -ne $IP.AddressFamily) { + return $false + } + + $ipBig = ConvertIpToBigInteger $IP + $netBig = ConvertIpToBigInteger $networkAddr + $maxBits = if ($networkAddr.AddressFamily -eq 'InterNetworkV6') { 128 } else { 32 } + $shift = $maxBits - $prefix + $mask = [System.Numerics.BigInteger]::Pow(2, $shift) - [System.Numerics.BigInteger]::One + $invertedMask = [System.Numerics.BigInteger]::MinusOne -bxor $mask + $ipMasked = $ipBig -band $invertedMask + $netMasked = $netBig -band $invertedMask + + return $ipMasked -eq $netMasked + } catch { + return $false + } +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 index 60ba2aa4adca..afba503c5d7c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 @@ -7,28 +7,11 @@ Function Invoke-ExecExtensionsConfig { .ROLE CIPP.Extension.ReadWrite #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '', Scope = 'Function')] [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - #Connect-AzAccount -UseDeviceAuthentication - # Write to the Azure Functions log stream. - Write-Information 'PowerShell HTTP trigger function processed a request.' $Body = [PSCustomObject]$Request.Body $results = try { - if ($Body.CIPPAPI.Enabled) { - try { - $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Body.CIPPAPI.ResetPassword - $AddedText = $APIConfig.Results - } catch { - $AddedText = ' Could not enable CIPP-API. Check the CIPP documentation for API requirements.' - $Body = $Body | Select-Object * -ExcludeProperty CIPPAPI - } - } - # Check if NinjaOne URL is set correctly and the instance has at least version 5.6 if ($Body.NinjaOne) { $AllowedNinjaHostnames = @( @@ -40,16 +23,7 @@ Function Invoke-ExecExtensionsConfig { ) $SetNinjaHostname = $Body.NinjaOne.Instance -replace '/ws', '' -replace 'https://', '' if ($AllowedNinjaHostnames -notcontains $SetNinjaHostname) { - throw "NinjaOne URL is not allowed. Allowed hostnames are: $($AllowedNinjaHostnames -join ', ')" - } - - try { - [version]$Version = (Invoke-WebRequest -Method GET -Uri "$SetNinjaHostname/app-version.txt" -ea stop).content - } catch { - throw "Failed to connect to NinjaOne check your Instance is set correctly eg 'app.ninjarmm.com'" - } - if ($Version -lt [version]'5.6.0.0') { - throw 'NinjaOne 5.6.0.0 is required.' + "Error: NinjaOne URL is not allowed. Allowed hostnames are: $($AllowedNinjaHostnames -join ', ')" } } @@ -62,17 +36,7 @@ Function Invoke-ExecExtensionsConfig { Write-Information 'writing API Key to keyvault, and clearing.' Write-Information "$ENV:WEBSITE_DEPLOYMENT_ID" if ($Body.$APIKey.APIKey) { - if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { - $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' - $Secret = [PSCustomObject]@{ - 'PartitionKey' = $APIKey - 'RowKey' = $APIKey - 'APIKey' = $Body.$APIKey.APIKey - } - Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force - } else { - $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Body.$APIKey.APIKey) - } + Set-ExtensionAPIKey -Extension $APIKey -APIKey $Body.$APIKey.APIKey } if ($Body.$APIKey.PSObject.Properties.Name -notcontains 'APIKey') { $Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 new file mode 100644 index 000000000000..c1945aaf28ba --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -0,0 +1,163 @@ +function Invoke-ExecApiClient { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.Extension.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $Table = Get-CippTable -tablename 'ApiClients' + $Action = $Request.Query.Action ?? $Request.Body.Action + + switch ($Action) { + 'List' { + $Apps = Get-CIPPAzDataTableEntity @Table + if (!$Apps) { + $Apps = @() + } else { + $Apps = Get-CippApiClient + $Body = @{ Results = @($Apps) } + } + } + 'ListAvailable' { + $sitename = $env:WEBSITE_SITE_NAME + $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=appId,displayName,createdDateTime,api,web,passwordCredentials&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter + $Body = @{ + Results = @($Apps) + } + } + 'AddUpdate' { + if ($Request.Body.ClientId -or $Request.Body.AppName) { + $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId + try { + $ApiConfig = @{ + ExecutingUser = $Request.Headers.'x-ms-client-principal' + } + if ($Request.Body.ClientId) { + $ApiConfig.ClientId = $ClientId + $ApiConfig.ResetSecret = $Request.Body.CIPPAPI.ResetSecret + } + if ($Request.Body.AppName) { + $ApiConfig.AppName = $Request.Body.AppName + } + $APIConfig = New-CIPPAPIConfig @ApiConfig + $AddedText = $APIConfig.Results + } catch { + $AddedText = 'Could not modify App Registrations. Check the CIPP documentation for API requirements.' + $Body = $Body | Select-Object * -ExcludeProperty CIPPAPI + } + } + + Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info' + + if ($Request.Body.IpRange.value) { + $IpRange = @($Request.Body.IpRange.value) + } else { + $IpRange = @() + } + + $ExistingClient = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" + if ($ExistingClient) { + $Client = $ExistingClient + $Client.Role = [string]$Request.Body.Role.value + $Client.IPRange = "$(@($IpRange) | ConvertTo-Json -Compress)" + $Client.Enabled = $Request.Body.Enabled ?? $false + } else { + $Client = @{ + 'PartitionKey' = 'ApiClients' + 'RowKey' = "$($ClientId)" + 'AppName' = "$($APIConfig.AppName ?? $Request.Body.ClientId.addedFields.displayName)" + 'Role' = [string]$Request.Body.Role.value + 'IPRange' = "$(@($IpRange) | ConvertTo-Json -Compress)" + 'Enabled' = $Request.Body.Enabled ?? $false + } + } + + Add-CIPPAzDataTableEntity @Table -Entity $Client -Force | Out-Null + $Body = @{Results = 'API client updated' } + } + 'GetAzureConfiguration' { + $RGName = $ENV:WEBSITE_RESOURCE_GROUP + $FunctionAppName = $ENV:WEBSITE_SITE_NAME + try { + $APIClients = Get-CippApiAuth -RGName $RGName -FunctionAppName $FunctionAppName + $Results = $ApiClients + } catch { + $Results = @{ + Enabled = 'Could not get API clients, ensure you have the appropriate rights to read the Authentication settings.' + } + } + $Body = @{ + Results = $Results + } + } + 'SaveToAzure' { + $TenantId = $ENV:TenantId + $RGName = $ENV:WEBSITE_RESOURCE_GROUP + $FunctionAppName = $ENV:WEBSITE_SITE_NAME + $AllClients = Get-CIPPAzDataTableEntity @Table -Filter 'Enabled eq true' + $ClientIds = $AllClients.RowKey + try { + Set-CippApiAuth -RGName $RGName -FunctionAppName $FunctionAppName -TenantId $TenantId -ClientIds $ClientIds + $Body = @{ Results = 'API clients saved to Azure' } + } catch { + $Body = @{ Results = 'Failed to save allowed API clients to Azure, ensure your function app has the appropriate rights to make changes to the Authentication settings.' } + } + } + 'ResetSecret' { + $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.ClientId)'" + if (!$Client) { + $Results = @{ + text = 'API client not found' + severity = 'error' + } + } else { + $ApiConfig = New-CIPPAPIConfig -ResetSecret -AppId $Request.Body.ClientId + + if ($ApiConfig.ApplicationSecret) { + $Results = @{ + text = "API secret reset for $($Client.AppName)" + copyField = $ApiConfig.ApplicationSecret + severity = 'success' + } + } else { + $Results = @{ + text = "Failed to reset secret for $($Client.AppName)" + severity = 'error' + } + } + } + $Body = @($Results) + } + 'Delete' { + try { + if ($Request.Body.RemoveAppReg -eq $true) { + $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=id,appId&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter + } + $Id = $Apps | Where-Object { $_.appId -eq $Request.Body.ClientId } | Select-Object -ExpandProperty id + if ($Id) { + New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications(appId='$ClientId')" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true + $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId + $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag + Remove-AzDataTableEntity @Table -Entity $Client + Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' + $Body = @{ Results = "API client $ClientId deleted" } + } else { + $Body = @{ Results = "API client $ClientId not found or not a valid CIPP-API application" } + } + } catch { + Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -Sev 'Warning' + } + } + default { + $Body = @{Results = 'Invalid action' } + } + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListCustomRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListCustomRole.ps1 new file mode 100644 index 000000000000..284be3d8095c --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListCustomRole.ps1 @@ -0,0 +1,55 @@ +function Invoke-ListCustomRole { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.Core.Read + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $Table = Get-CippTable -tablename 'CustomRoles' + + $Body = Get-CIPPAzDataTableEntity @Table + + if (!$Body) { + $Body = @( + @{ + RowKey = 'No custom roles found' + } + ) + } else { + $Body = foreach ($Role in $Body) { + try { + $Role.Permissions = $Role.Permissions | ConvertFrom-Json + } catch { + $Role.Permissions = '' + } + if ($Role.AllowedTenants) { + try { + $Role.AllowedTenants = @($Role.AllowedTenants | ConvertFrom-Json) + } catch { + $Role.AllowedTenants = '' + } + } else { + $Role | Add-Member -NotePropertyName AllowedTenants -NotePropertyValue @() -Force + } + if ($Role.BlockedTenants) { + try { + $Role.BlockedTenants = @($Role.BlockedTenants | ConvertFrom-Json) + } catch { + $Role.BlockedTenants = '' + } + } else { + $Role | Add-Member -NotePropertyName BlockedTenants -NotePropertyValue @() -Force + } + $Role + } + $Body = @($Body) + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) +} diff --git a/Modules/CIPPCore/Public/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/New-CIPPAPIConfig.ps1 deleted file mode 100644 index d09e17561641..000000000000 --- a/Modules/CIPPCore/Public/New-CIPPAPIConfig.ps1 +++ /dev/null @@ -1,69 +0,0 @@ - - -function New-CIPPAPIConfig { - [CmdletBinding()] - param ( - $APIName = 'CIPP API Config', - $ExecutingUser, - $resetpassword - ) - $null = Connect-AzAccount -Identity - $VaultName = ($ENV:WEBSITE_DEPLOYMENT_ID -split '-')[0] - $currentapp = (Get-AzKeyVaultSecret -VaultName $VaultName -Name 'CIPPAPIAPP' -AsPlainText) - $subscription = $($ENV:WEBSITE_OWNER_NAME).Split('+')[0] - - try { - if ($currentapp) { - $APIApp = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications(appid='$($currentapp)')" -NoAuthCheck $true - } else { - $CreateBody = @" -{"api":{"oauth2PermissionScopes":[{"adminConsentDescription":"Allow the application to access CIPP-API on behalf of the signed-in user.","adminConsentDisplayName":"Access CIPP-API","id":"ba7ffeff-96ea-4ac4-9822-1bcfee9adaa4","isEnabled":true,"type":"User","userConsentDescription":"Allow the application to access CIPP-API on your behalf.","userConsentDisplayName":"Access CIPP-API","value":"user_impersonation"}]},"displayName":"CIPP-API","requiredResourceAccess":[{"resourceAccess":[{"id":"e1fe6dd8-ba31-4d61-89e7-88639da4683d","type":"Scope"}],"resourceAppId":"00000003-0000-0000-c000-000000000000"}],"signInAudience":"AzureADMyOrg","web":{"homePageUrl":"https://cipp.app","implicitGrantSettings":{"enableAccessTokenIssuance":false,"enableIdTokenIssuance":true},"redirectUris":["https://$($ENV:Website_hostname)/.auth/login/aad/callback"]}} -"@ - Write-Host 'Creating app' - $APIApp = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/applications' -NoAuthCheck $true -type POST -body $CreateBody - Write-Host 'Creating password' - $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`"}}" - Write-Host 'Adding App URL' - $APIIdUrl = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)" -NoAuthCheck $true -type PATCH -body "{`"identifierUris`":[`"api://$($APIApp.appId)`"]}" - Write-Host 'Adding serviceprincipal' - $ServicePrincipal = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/serviceprincipals' -NoAuthCheck $true -type POST -body "{`"accountEnabled`":true,`"appId`":`"$($APIApp.appId)`",`"displayName`":`"CIPP-API`",`"tags`":[`"WindowsAzureActiveDirectoryIntegratedApp`",`"AppServiceIntegratedApp`"]}" - } - if ($resetpassword) { - Write-Host 'Removing all old passwords' - $RemovePasswords = New-GraphPOSTRequest -type Patch -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/" -body '{"passwordCredentials":[]}' -NoAuthCheck $true - $passwordDate = (Get-Date).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffZ') - $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`"}}" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message 'Reset CIPP API Password.' -Sev 'info' - } else { - $CurrentSettings = New-GraphGetRequest -uri "https://management.azure.com/subscriptions/$($subscription)/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/sites/$ENV:WEBSITE_SITE_NAME/Config/authsettingsV2/list?api-version=2018-11-01" -NoAuthCheck $true -scope 'https://management.azure.com/.default' - Write-Host 'setting settings' - $currentSettings.properties.identityProviders.azureActiveDirectory = @{ - registration = @{ - clientId = $APIApp.appId - openIdIssuer = "https://sts.windows.net/$($ENV:TenantID)/v2.0" - } - validation = @{ - allowedAudiences = @("api://$($APIApp.appId)") - } - } - $currentBody = ConvertTo-Json -Depth 15 -InputObject ($currentSettings | Select-Object Properties) - Write-Host 'writing to Azure' - $SetAPIAuth = New-GraphPOSTRequest -type 'PUT' -uri "https://management.azure.com/subscriptions/$($subscription)/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/sites/$ENV:WEBSITE_SITE_NAME/Config/authsettingsV2?api-version=2018-11-01" -scope 'https://management.azure.com/.default' -NoAuthCheck $true -body $currentBody - $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name 'CIPPAPIAPP' -SecretValue (ConvertTo-SecureString -String $APIApp.AppID -AsPlainText -Force) - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message 'Successfully setup CIPP-API Access.' -Sev 'info' - } - return @{ - ApplicationID = $APIApp.AppId - ApplicationSecret = $APIPassword.secretText - Results = "API Enabled. Your API URL is https://$($ENV:Website_hostname). Your Application ID is $($APIApp.AppId) and your Application Secret is $($APIPassword.secretText) - Copy these keys, they are only shown once." - } - - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage - return @{ - Results = " but could not set API configuration: $($ErrorMessage.NormalizedError)" - } - - } -} From a999c9d9d2b8f442ef35e41ea49665987b4151cc Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 22:53:00 -0500 Subject: [PATCH 026/138] add connect-azaccount --- .../CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 | 8 +++++++- .../CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 index 9b2c5ff89426..6d936936aa72 100644 --- a/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Get-CippApiAuth.ps1 @@ -4,8 +4,14 @@ function Get-CippApiAuth { [string]$FunctionAppName ) + if ($env:MSI_SECRET) { + Disable-AzContextAutosave -Scope Process | Out-Null + $Context = (Connect-AzAccount -Identity).Context + } else { + $Context = Get-AzContext + } # Get subscription id - $SubscriptionId = (Get-AzContext).Subscription.Id + $SubscriptionId = $Context.Subscription.Id # Get auth settings $AuthSettings = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2/list?api-version=2020-06-01" -ErrorAction Stop | Select-Object -ExpandProperty Content | ConvertFrom-Json diff --git a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 index 7c882609b05b..cdcca269be4e 100644 --- a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 @@ -7,8 +7,14 @@ function Set-CippApiAuth { [string[]]$ClientIds ) + if ($env:MSI_SECRET) { + Disable-AzContextAutosave -Scope Process | Out-Null + $Context = (Connect-AzAccount -Identity).Context + } else { + $Context = Get-AzContext + } # Get subscription id - $SubscriptionId = (Get-AzContext).Subscription.Id + $SubscriptionId = $Context.Subscription.Id # Get auth settings $AuthSettings = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2/list?api-version=2020-06-01" | Select-Object -ExpandProperty Content | ConvertFrom-Json From 4a7db7e83480c272e1cac2af23e39a3ebf700948 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 23:13:47 -0500 Subject: [PATCH 027/138] fix bulk api calls --- .../Authentication/New-CIPPAPIConfig.ps1 | 33 ++++++++++++------- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 2 +- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 index aee998212b9a..91f0285c628c 100644 --- a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 +++ b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 @@ -57,28 +57,37 @@ function New-CIPPAPIConfig { $Requests = @( @{ - id = 'addPassword' - method = 'POST' - url = "/applications/$($APIApp.id)/addPassword" - body = @{ + id = 'addPassword' + method = 'POST' + url = "/applications/$($APIApp.id)/addPassword" + headers = @{ + 'Content-Type' = 'application/json' + } + body = @{ passwordCredential = @{ displayName = 'Generated by API Setup' } } }, @{ - id = 'apiIdentifier' - method = 'PATCH' - url = "/applications/$($APIApp.id)" - body = @{ + id = 'apiIdentifier' + method = 'PATCH' + url = "/applications/$($APIApp.id)" + headers = @{ + 'Content-Type' = 'application/json' + } + body = @{ identifierUris = @("api://$($APIApp.appId)") } }, @{ - id = 'tagServicePrincipal' - method = 'POST' - url = '/serviceprincipals' - body = @{ + id = 'tagServicePrincipal' + method = 'POST' + url = '/serviceprincipals' + headers = @{ + 'Content-Type' = 'application/json' + } + body = @{ accountEnabled = $true appId = $APIApp.appId displayName = 'CIPP-API' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index c1945aaf28ba..cb80303e0101 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -35,7 +35,7 @@ function Invoke-ExecApiClient { $ApiConfig = @{ ExecutingUser = $Request.Headers.'x-ms-client-principal' } - if ($Request.Body.ClientId) { + if ($ClientId) { $ApiConfig.ClientId = $ClientId $ApiConfig.ResetSecret = $Request.Body.CIPPAPI.ResetSecret } From ad2f2f66e3314124d8c1ad8a2acf6304f114225f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 23:22:59 -0500 Subject: [PATCH 028/138] api client tweaks --- .../CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 | 6 +++--- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 index 91f0285c628c..d482ac235db9 100644 --- a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 +++ b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 @@ -98,7 +98,7 @@ function New-CIPPAPIConfig { $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addPassword' } | Select-Object -ExpandProperty body - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Created CIPP API App for $($APIApp.displayName)." -Sev 'info' + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Created CIPP-API App with name '$($APIApp.displayName)'." -Sev 'info' } } if ($ResetSecret.IsPresent -and $APIApp) { @@ -133,13 +133,13 @@ function New-CIPPAPIConfig { ) $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addNewPassword' } | Select-Object -ExpandProperty body - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Reset CIPP API Password for $($APIApp.displayName)." -Sev 'info' + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Reset CIPP-API Password for '$($APIApp.displayName)'." -Sev 'info' } } return @{ AppName = $APIApp.displayName - ApplicationID = $APIApp.AppId + ApplicationID = $APIApp.appId ApplicationSecret = $APIPassword.secretText Results = $Results } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index cb80303e0101..52b85ec8526f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -43,6 +43,7 @@ function Invoke-ExecApiClient { $ApiConfig.AppName = $Request.Body.AppName } $APIConfig = New-CIPPAPIConfig @ApiConfig + $ClientId = $APIConfig.AppId $AddedText = $APIConfig.Results } catch { $AddedText = 'Could not modify App Registrations. Check the CIPP documentation for API requirements.' From 36ecc3f722e2aceb07aa0da2d7cb37a284ce509f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 4 Feb 2025 23:31:57 -0500 Subject: [PATCH 029/138] Update Invoke-ExecApiClient.ps1 --- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 52b85ec8526f..b5ffb3f7fcac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -43,7 +43,7 @@ function Invoke-ExecApiClient { $ApiConfig.AppName = $Request.Body.AppName } $APIConfig = New-CIPPAPIConfig @ApiConfig - $ClientId = $APIConfig.AppId + $ClientId = $APIConfig.ApplicationID $AddedText = $APIConfig.Results } catch { $AddedText = 'Could not modify App Registrations. Check the CIPP documentation for API requirements.' @@ -51,8 +51,6 @@ function Invoke-ExecApiClient { } } - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info' - if ($Request.Body.IpRange.value) { $IpRange = @($Request.Body.IpRange.value) } else { @@ -65,6 +63,8 @@ function Invoke-ExecApiClient { $Client.Role = [string]$Request.Body.Role.value $Client.IPRange = "$(@($IpRange) | ConvertTo-Json -Compress)" $Client.Enabled = $Request.Body.Enabled ?? $false + Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info' + $Results = 'API client updated' } else { $Client = @{ 'PartitionKey' = 'ApiClients' @@ -74,10 +74,15 @@ function Invoke-ExecApiClient { 'IPRange' = "$(@($IpRange) | ConvertTo-Json -Compress)" 'Enabled' = $Request.Body.Enabled ?? $false } + $Results = @{ + text = "API Client created '$($Client.AppName)'" + copyField = $APIConfig.ApplicationSecret + severity = 'success' + } } Add-CIPPAzDataTableEntity @Table -Entity $Client -Force | Out-Null - $Body = @{Results = 'API client updated' } + $Body = @($Results) } 'GetAzureConfiguration' { $RGName = $ENV:WEBSITE_RESOURCE_GROUP From ea75c058396a9055aa79415992ca68564f0ff9ac Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 5 Feb 2025 00:03:10 -0500 Subject: [PATCH 030/138] api client fixes Remove batch request for initial creation tidy up delete action --- .../Authentication/New-CIPPAPIConfig.ps1 | 50 +++---------------- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 17 ++++--- 2 files changed, 17 insertions(+), 50 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 index d482ac235db9..ff93af7791a0 100644 --- a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 +++ b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 @@ -54,50 +54,12 @@ function New-CIPPAPIConfig { if ($PSCmdlet.ShouldProcess($AppName, 'Create API App')) { Write-Information 'Creating app' $APIApp = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/applications' -NoAuthCheck $true -type POST -body $CreateBody - - $Requests = @( - @{ - id = 'addPassword' - method = 'POST' - url = "/applications/$($APIApp.id)/addPassword" - headers = @{ - 'Content-Type' = 'application/json' - } - body = @{ - passwordCredential = @{ - displayName = 'Generated by API Setup' - } - } - }, - @{ - id = 'apiIdentifier' - method = 'PATCH' - url = "/applications/$($APIApp.id)" - headers = @{ - 'Content-Type' = 'application/json' - } - body = @{ - identifierUris = @("api://$($APIApp.appId)") - } - }, - @{ - id = 'tagServicePrincipal' - method = 'POST' - url = '/serviceprincipals' - headers = @{ - 'Content-Type' = 'application/json' - } - body = @{ - accountEnabled = $true - appId = $APIApp.appId - displayName = 'CIPP-API' - tags = @('WindowsAzureActiveDirectoryIntegratedApp', 'AppServiceIntegratedApp') - } - } - ) - - $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests - $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addPassword' } | Select-Object -ExpandProperty body + Write-Information 'Creating password' + $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`"}}" + Write-Information 'Adding App URL' + $APIIdUrl = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)" -NoAuthCheck $true -type PATCH -body "{`"identifierUris`":[`"api://$($APIApp.appId)`"]}" + Write-Information 'Adding serviceprincipal' + $ServicePrincipal = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/serviceprincipals' -NoAuthCheck $true -type POST -body "{`"accountEnabled`":true,`"appId`":`"$($APIApp.appId)`",`"displayName`":`"$AppName`",`"tags`":[`"WindowsAzureActiveDirectoryIntegratedApp`",`"AppServiceIntegratedApp`"]}" Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Created CIPP-API App with name '$($APIApp.displayName)'." -Sev 'info' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index b5ffb3f7fcac..59a15a4caf65 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -43,6 +43,7 @@ function Invoke-ExecApiClient { $ApiConfig.AppName = $Request.Body.AppName } $APIConfig = New-CIPPAPIConfig @ApiConfig + Write-Host ($APIConfig | ConvertTo-Json) $ClientId = $APIConfig.ApplicationID $AddedText = $APIConfig.Results } catch { @@ -139,13 +140,16 @@ function Invoke-ExecApiClient { } 'Delete' { try { - if ($Request.Body.RemoveAppReg -eq $true) { - $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=id,appId&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter - } - $Id = $Apps | Where-Object { $_.appId -eq $Request.Body.ClientId } | Select-Object -ExpandProperty id - if ($Id) { - New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications(appId='$ClientId')" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true + if ($Request.Body.ClientId) { $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId + if ($Request.Body.RemoveAppReg -eq $true) { + $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=id,appId&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter + $Id = $Apps | Where-Object { $_.appId -eq $ClientId } | Select-Object -ExpandProperty id + if ($Id) { + New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications(appId='$ClientId')" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true + } + } + $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag Remove-AzDataTableEntity @Table -Entity $Client Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' @@ -167,3 +171,4 @@ function Invoke-ExecApiClient { Body = $Body }) } + From 67e13dc60d0bf2ce524701a08dfb3465afe86e87 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 5 Feb 2025 10:52:59 -0500 Subject: [PATCH 031/138] improve extension testing --- .../Extensions/Invoke-ExecExtensionTest.ps1 | 45 ++++++++++++++----- .../Public/Gradient/Get-GradientToken.ps1 | 6 +-- 2 files changed, 37 insertions(+), 14 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 index 3d9ca5f3dfb5..17e7a1b2b246 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 @@ -19,23 +19,38 @@ Function Invoke-ExecExtensionTest { switch ($Request.query.extensionName) { 'HaloPSA' { $token = Get-HaloToken -configuration $Configuration.HaloPSA - $Results = [pscustomobject]@{'Results' = 'Successfully Connected to HaloPSA' } + if ($token) { + $Results = [pscustomobject]@{'Results' = 'Successfully Connected to HaloPSA' } + } else { + $Results = [pscustomobject]@{'Results' = 'Failed to connect to HaloPSA, check your API credentials and try again.' } + } } 'Gradient' { $GradientToken = Get-GradientToken -Configuration $Configuration.Gradient - $ExistingIntegrations = Invoke-RestMethod -Uri 'https://app.usegradient.com/api/vendor-api/organization' -Method GET -Headers $GradientToken - if ($ExistingIntegrations.Status -ne 'active') { - $ActivateRequest = Invoke-RestMethod -Uri 'https://app.usegradient.com/api/vendor-api/organization/status/active' -Method PATCH -Headers $GradientToken + if ($GradientToken) { + try { + $ExistingIntegrations = Invoke-RestMethod -Uri 'https://app.usegradient.com/api/vendor-api/organization' -Method GET -Headers $GradientToken + if ($ExistingIntegrations.Status -ne 'active') { + $ActivateRequest = Invoke-RestMethod -Uri 'https://app.usegradient.com/api/vendor-api/organization/status/active' -Method PATCH -Headers $GradientToken + } + $Results = [pscustomobject]@{'Results' = 'Successfully Connected to Gradient' } + } catch { + $Results = [pscustomobject]@{'Results' = 'Failed to connect to Gradient, check your API credentials and try again.' } + } + } else { + $Results = [pscustomobject]@{'Results' = 'Failed to connect to Gradient, check your API credentials and try again.' } } - $Results = [pscustomobject]@{'Results' = 'Successfully Connected to Gradient' } - } 'CIPP-API' { $Results = [pscustomobject]@{'Results' = 'You cannot test the CIPP-API from CIPP. Please check the documentation on how to test the CIPP-API.' } } 'NinjaOne' { $token = Get-NinjaOneToken -configuration $Configuration.NinjaOne - $Results = [pscustomobject]@{'Results' = 'Successfully Connected to NinjaOne' } + if ($token) { + $Results = [pscustomobject]@{'Results' = 'Successfully Connected to NinjaOne' } + } else { + $Results = [pscustomobject]@{'Results' = 'Failed to connect to NinjaOne, check your API credentials and try again.' } + } } 'PWPush' { $Payload = 'This is a test from CIPP' @@ -52,20 +67,28 @@ Function Invoke-ExecExtensionTest { if ($Version.version) { $Results = [pscustomobject]@{'Results' = ('Successfully Connected to Hudu, version: {0}' -f $Version.version) } } else { - $Results = [pscustomobject]@{'Results' = 'Failed to connect to Hudu' } + $Results = [pscustomobject]@{'Results' = 'Failed to connect to Hudu, check your API credentials and try again.' } } } 'Sherweb' { $token = Get-SherwebAuthentication - $Results = [pscustomobject]@{'Results' = 'Successfully Connected to Sherweb' } + if ($token) { + $Results = [pscustomobject]@{'Results' = 'Successfully Connected to Sherweb' } + } else { + $Results = [pscustomobject]@{'Results' = 'Failed to connect to Sherweb, check your API credentials and try again.' } + } } 'HIBP' { $ConnectionTest = Get-HIBPConnectionTest $Results = [pscustomobject]@{'Results' = 'Successfully Connected to HIBP' } } 'GitHub' { - $GitHubResponse = Invoke-GitHubApiRequest -Configuration $Configuration.GitHub -Method 'GET' -Path 'user' -Verbose - $Results = [pscustomobject]@{ 'Results' = "Successfully connected to GitHub user: $($GitHubResponse.login)" } + $GitHubResponse = Invoke-GitHubApiRequest -Configuration $Configuration.GitHub -Method 'GET' -Path 'user' + if ($GitHubResponse.login) { + $Results = [pscustomobject]@{ 'Results' = "Successfully connected to GitHub user: $($GitHubResponse.login)" } + } else { + $Results = [pscustomobject]@{ 'Results' = 'Failed to connect to GitHub. Check your API credentials and try again.' } + } } } } catch { diff --git a/Modules/CippExtensions/Public/Gradient/Get-GradientToken.ps1 b/Modules/CippExtensions/Public/Gradient/Get-GradientToken.ps1 index a944d16b805d..eac3ca57f789 100644 --- a/Modules/CippExtensions/Public/Gradient/Get-GradientToken.ps1 +++ b/Modules/CippExtensions/Public/Gradient/Get-GradientToken.ps1 @@ -16,9 +16,9 @@ function Get-GradientToken { try { return [hashtable]$headers } catch { - Write-Error $_.Exception.Message + return $false } - } catch { - throw 'No Gradient configuration' + } else { + return $false } } From 564780ca3abd2a32f3901f28eec02820ed2a3974 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 5 Feb 2025 16:52:14 -0500 Subject: [PATCH 032/138] Prevent double offboarding fix bug with CSP guest users query --- .../Invoke-ExecOffboardTenant.ps1 | 242 +++++++++--------- 1 file changed, 125 insertions(+), 117 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 index c256f36c97e0..71c8afcd86f1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 @@ -13,6 +13,7 @@ Function Invoke-ExecOffboardTenant { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantQuery = $Request.Body.TenantFilter.value ?? $Request.Body.TenantFilter + $Tenant = Get-Tenants -IncludeAll -TenantFilter $TenantQuery $TenantId = $Tenant.customerId $TenantFilter = $Tenant.defaultDomainName @@ -20,150 +21,157 @@ Function Invoke-ExecOffboardTenant { $results = [System.Collections.ArrayList]@() $errors = [System.Collections.ArrayList]@() - if ($request.body.RemoveCSPGuestUsers -eq $true) { - # Delete guest users who's domains match the CSP tenants - try { + if (!$Tenant) { + $results.Add('Tenant has already been offboarded') + } elseif ($TenantId -eq $env:TenantID) { + $errors.Add('You cannot offboard the CSP tenant') + } else { + if ($request.body.RemoveCSPGuestUsers -eq $true) { + # Delete guest users who's domains match the CSP tenants try { - $domains = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/domains?`$select=id" -tenantid $env:TenantID -NoAuthCheck:$true).id - $CSPGuestUsers = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/users?`$select=id,mail&`$filter=userType eq 'Guest' and $(($domains | ForEach-Object { "endswith(mail, '$_')" }) -join ' or ')&`$count=true" -tenantid $Tenantfilter -ComplexFilter) - } catch { - $errors.Add("Failed to retrieve guest users: $($_.Exception.message)") - } + try { + $domains = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/domains?`$select=id" -tenantid $env:TenantID -NoAuthCheck:$true).id + $DomainFilter = ($Domains | ForEach-Object { "endswith(mail, '$_')" }) -join ' or ' + $CSPGuestUsers = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/users?`$select=id,mail&`$filter=userType eq 'Guest' and ($DomainFilter)&`$count=true" -tenantid $Tenantfilter -ComplexFilter) + } catch { + $errors.Add("Failed to retrieve guest users: $($_.Exception.message)") + } - if ($CSPGuestUsers) { - [System.Collections.Generic.List[PSCustomObject]]$BulkRequests = @($CSPGuestUsers | ForEach-Object { - @{ - id = $($_.id) - method = 'DELETE' - url = "/users/$($_.id)" - } - }) - - $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter - - $results.Add('Successfully removed guest users') - Write-LogMessage -user $ExecutingUser -API $APIName -message 'CSP Guest users were removed' -Sev 'Info' -tenant $TenantFilter - } else { - $results.Add('No guest users found to remove') + if ($CSPGuestUsers) { + [System.Collections.Generic.List[PSCustomObject]]$BulkRequests = @($CSPGuestUsers | ForEach-Object { + @{ + id = $($_.id) + method = 'DELETE' + url = "/users/$($_.id)" + } + }) + + $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter + + $results.Add('Successfully removed guest users') + Write-LogMessage -user $ExecutingUser -API $APIName -message 'CSP Guest users were removed' -Sev 'Info' -tenant $TenantFilter + } else { + $results.Add('No guest users found to remove') + } + } catch { + $errors.Add("Something went wrong while deleting guest users: $($_.Exception.message)") } - } catch { - $errors.Add("Something went wrong while deleting guest users: $($_.Exception.message)") } - } - if ($request.body.RemoveCSPnotificationContacts -eq $true) { - # Remove all email adresses that match the CSP tenants domains from the contact properties in /organization - try { + if ($request.body.RemoveCSPnotificationContacts -eq $true) { + # Remove all email adresses that match the CSP tenants domains from the contact properties in /organization try { - $domains = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/domains?`$select=id" -tenantid $env:TenantID -NoAuthCheck:$true).id - } catch { - throw "Failed to retrieve CSP domains: $($_.Exception.message)" - } + try { + $domains = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/domains?`$select=id" -tenantid $env:TenantID -NoAuthCheck:$true).id + } catch { + throw "Failed to retrieve CSP domains: $($_.Exception.message)" + } - try { - # Get /organization data - $orgContacts = New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/organization?`$select=id,marketingNotificationEmails,securityComplianceNotificationMails,technicalNotificationMails" -tenantid $TenantFilter + try { + # Get /organization data + $orgContacts = New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/organization?`$select=id,marketingNotificationEmails,securityComplianceNotificationMails,technicalNotificationMails" -tenantid $TenantFilter + } catch { + throw "Failed to retrieve CSP domains: $($_.Exception.message)" + } } catch { - throw "Failed to retrieve CSP domains: $($_.Exception.message)" + $errors.Add("$($_.Exception.message)") } - } catch { - $errors.Add("$($_.Exception.message)") - } - - # foreach through the properties we want to check/update - @('marketingNotificationEmails', 'securityComplianceNotificationMails', 'technicalNotificationMails') | ForEach-Object { - $property = $_ - $propertyContacts = $orgContacts.($($property)) - if ($propertyContacts -AND ($domains -notcontains ($propertyContacts | ForEach-Object { $_.Split('@')[1] }))) { - $newPropertyContent = [System.Collections.Generic.List[object]]($propertyContacts | Where-Object { $domains -notcontains $_.Split('@')[1] }) - - $patchContactBody = if (!($newPropertyContent)) { "{ `"$($property)`" : [] }" } else { [pscustomobject]@{ $property = $newPropertyContent } | ConvertTo-Json } + # foreach through the properties we want to check/update + @('marketingNotificationEmails', 'securityComplianceNotificationMails', 'technicalNotificationMails') | ForEach-Object { + $property = $_ + $propertyContacts = $orgContacts.($($property)) + + if ($propertyContacts -AND ($domains -notcontains ($propertyContacts | ForEach-Object { $_.Split('@')[1] }))) { + $newPropertyContent = [System.Collections.Generic.List[object]]($propertyContacts | Where-Object { $domains -notcontains $_.Split('@')[1] }) + + $patchContactBody = if (!($newPropertyContent)) { "{ `"$($property)`" : [] }" } else { [pscustomobject]@{ $property = $newPropertyContent } | ConvertTo-Json } + + try { + New-GraphPostRequest -type PATCH -body $patchContactBody -Uri "https://graph.microsoft.com/v1.0/organization/$($orgContacts.id)" -tenantid $Tenantfilter -ContentType 'application/json' + $results.Add("Successfully removed notification contacts from $($property): $(($propertyContacts | Where-Object { $domains -contains $_.Split('@')[1] }))") + Write-LogMessage -user $ExecutingUser -API $APIName -message "Contacts were removed from $($property)" -Sev 'Info' -tenant $TenantFilter + } catch { + $errors.Add("Failed to update property $($property): $($_.Exception.message)") + } + } else { + $results.Add("No notification contacts found in $($property)") + } + } + # Add logic for privacyProfile later - rvdwegen + } + $VendorApps = $Request.Body.vendorApplications + if ($VendorApps) { + $VendorApps | ForEach-Object { try { - New-GraphPostRequest -type PATCH -body $patchContactBody -Uri "https://graph.microsoft.com/v1.0/organization/$($orgContacts.id)" -tenantid $Tenantfilter -ContentType 'application/json' - $results.Add("Successfully removed notification contacts from $($property): $(($propertyContacts | Where-Object { $domains -contains $_.Split('@')[1] }))") - Write-LogMessage -user $ExecutingUser -API $APIName -message "Contacts were removed from $($property)" -Sev 'Info' -tenant $TenantFilter + $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.value)" -tenantid $Tenantfilter) + $results.Add("Successfully removed app $($_.label)") + Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.label) was removed" -Sev 'Info' -tenant $TenantFilter } catch { - $errors.Add("Failed to update property $($property): $($_.Exception.message)") + #$results.Add("Failed to removed app $($_.displayName)") + $errors.Add("Failed to removed app $($_.label)") } - } else { - $results.Add("No notification contacts found in $($property)") } } - # Add logic for privacyProfile later - rvdwegen - } - $VendorApps = $Request.Body.vendorApplications - if ($VendorApps) { - $VendorApps | ForEach-Object { + # All customer tenant specific actions ALWAYS have to be completed before this action! + if ($request.body.RemoveMultitenantCSPApps -eq $true) { + # Remove multi-tenant apps with the CSP tenant as origin try { - $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.value)" -tenantid $Tenantfilter) - $results.Add("Successfully removed app $($_.label)") - Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.label) was removed" -Sev 'Info' -tenant $TenantFilter + $multitenantCSPApps = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/servicePrincipals?`$count=true&`$select=displayName,appId,id,appOwnerOrganizationId&`$filter=appOwnerOrganizationId eq $($env:TenantID)" -tenantid $Tenantfilter -ComplexFilter) + $sortedArray = $multitenantCSPApps | Sort-Object @{Expression = { if ($_.appId -eq $ENV:ApplicationID) { 1 } else { 0 } }; Ascending = $true } + $sortedArray | ForEach-Object { + try { + $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.id)" -tenantid $Tenantfilter) + $results.Add("Successfully removed app $($_.displayName)") + Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.displayName) was removed" -Sev 'Info' -tenant $TenantFilter + } catch { + #$results.Add("Failed to removed app $($_.displayName)") + $errors.Add("Failed to removed app $($_.displayName)") + } + } } catch { - #$results.Add("Failed to removed app $($_.displayName)") - $errors.Add("Failed to removed app $($_.label)") + #$results.Add("Failed to retrieve multitenant apps, no apps have been removed: $($_.Exception.message)") + $errors.Add("Failed to retrieve multitenant CSP apps, no apps have been removed: $($_.Exception.message)") } } - } - - # All customer tenant specific actions ALWAYS have to be completed before this action! - if ($request.body.RemoveMultitenantCSPApps -eq $true) { - # Remove multi-tenant apps with the CSP tenant as origin - try { - $multitenantCSPApps = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/servicePrincipals?`$count=true&`$select=displayName,appId,id,appOwnerOrganizationId&`$filter=appOwnerOrganizationId eq $($env:TenantID)" -tenantid $Tenantfilter -ComplexFilter) - $sortedArray = $multitenantCSPApps | Sort-Object @{Expression = { if ($_.appId -eq $ENV:ApplicationID) { 1 } else { 0 } }; Ascending = $true } - $sortedArray | ForEach-Object { - try { - $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.id)" -tenantid $Tenantfilter) - $results.Add("Successfully removed app $($_.displayName)") - Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.displayName) was removed" -Sev 'Info' -tenant $TenantFilter - } catch { - #$results.Add("Failed to removed app $($_.displayName)") - $errors.Add("Failed to removed app $($_.displayName)") + $ClearCache = $false + if ($request.body.TerminateGDAP -eq $true) { + # Terminate GDAP relationships + $ClearCache = $true + try { + $delegatedAdminRelationships = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships?`$filter=(status eq 'active') AND (customer/tenantId eq '$tenantid')" -tenantid $env:TenantID) + $delegatedAdminRelationships | ForEach-Object { + try { + $terminate = (New-GraphPostRequest -type 'POST' -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/$($_.id)/requests" -body '{"action":"terminate"}' -ContentType 'application/json' -tenantid $env:TenantID) + $results.Add("Successfully terminated GDAP relationship $($_.displayName) from tenant $TenantFilter") + Write-LogMessage -user $ExecutingUser -API $APIName -message "GDAP Relationship $($_.displayName) has been terminated" -Sev 'Info' -tenant $TenantFilter + + } catch { + $($_.Exception.message) + #$results.Add("Failed to terminate GDAP relationship $($_.displayName): $($_.Exception.message)") + $errors.Add("Failed to terminate GDAP relationship $($_.displayName): $($_.Exception.message)") + } } + } catch { + $($_.Exception.message) + #$results.Add("Failed to retrieve GDAP relationships, no relationships have been terminated: $($_.Exception.message)") + $errors.Add("Failed to retrieve GDAP relationships, no relationships have been terminated: $($_.Exception.message)") } - } catch { - #$results.Add("Failed to retrieve multitenant apps, no apps have been removed: $($_.Exception.message)") - $errors.Add("Failed to retrieve multitenant CSP apps, no apps have been removed: $($_.Exception.message)") } - } - $ClearCache = $false - if ($request.body.TerminateGDAP -eq $true) { - # Terminate GDAP relationships - $ClearCache = $true - try { - $delegatedAdminRelationships = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships?`$filter=(status eq 'active') AND (customer/tenantId eq '$tenantid')" -tenantid $env:TenantID) - $delegatedAdminRelationships | ForEach-Object { - try { - $terminate = (New-GraphPostRequest -type 'POST' -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/$($_.id)/requests" -body '{"action":"terminate"}' -ContentType 'application/json' -tenantid $env:TenantID) - $results.Add("Successfully terminated GDAP relationship $($_.displayName) from tenant $TenantFilter") - Write-LogMessage -user $ExecutingUser -API $APIName -message "GDAP Relationship $($_.displayName) has been terminated" -Sev 'Info' -tenant $TenantFilter - } catch { - $($_.Exception.message) - #$results.Add("Failed to terminate GDAP relationship $($_.displayName): $($_.Exception.message)") - $errors.Add("Failed to terminate GDAP relationship $($_.displayName): $($_.Exception.message)") - } + if ($request.body.TerminateContract -eq $true) { + # Terminate contract relationship + try { + $terminate = (New-GraphPostRequest -type 'PATCH' -body '{ "relationshipToPartner": "none" }' -Uri "https://api.partnercenter.microsoft.com/v1/customers/$TenantFilter" -ContentType 'application/json' -scope 'https://api.partnercenter.microsoft.com/user_impersonation' -tenantid $env:TenantID) + $results.Add('Successfully terminated contract relationship') + Write-LogMessage -user $ExecutingUser -API $APIName -message 'Contract relationship terminated' -Sev 'Info' -tenant $TenantFilter + } catch { + #$results.Add("Failed to terminate contract relationship: $($_.Exception.message)") + $errors.Add("Failed to terminate contract relationship: $($_.Exception.message)") } - } catch { - $($_.Exception.message) - #$results.Add("Failed to retrieve GDAP relationships, no relationships have been terminated: $($_.Exception.message)") - $errors.Add("Failed to retrieve GDAP relationships, no relationships have been terminated: $($_.Exception.message)") - } - } - - if ($request.body.TerminateContract -eq $true) { - # Terminate contract relationship - try { - $terminate = (New-GraphPostRequest -type 'PATCH' -body '{ "relationshipToPartner": "none" }' -Uri "https://api.partnercenter.microsoft.com/v1/customers/$TenantFilter" -ContentType 'application/json' -scope 'https://api.partnercenter.microsoft.com/user_impersonation' -tenantid $env:TenantID) - $results.Add('Successfully terminated contract relationship') - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Contract relationship terminated' -Sev 'Info' -tenant $TenantFilter - } catch { - #$results.Add("Failed to terminate contract relationship: $($_.Exception.message)") - $errors.Add("Failed to terminate contract relationship: $($_.Exception.message)") } } From 895191d9c20f0a77080d84c33a638b75b6ebf7ba Mon Sep 17 00:00:00 2001 From: Esco Date: Thu, 6 Feb 2025 13:46:47 +0100 Subject: [PATCH 033/138] fix: rename Action to SafeAttachmentAction --- .../Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index a35f420cf73f..d45abf7e5973 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -64,7 +64,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and ($CurrentState.Enable -eq $true) -and - ($CurrentState.Action -eq $Settings.Action) -and + ($CurrentState.Action -eq $Settings.SafeAttachmentAction) -and ($CurrentState.QuarantineTag -eq $Settings.QuarantineTag) -and ($CurrentState.Redirect -eq $Settings.Redirect) -and (($null -eq $Settings.RedirectAddress) -or ($CurrentState.RedirectAddress -eq $Settings.RedirectAddress)) @@ -87,7 +87,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { } else { $cmdparams = @{ Enable = $true - Action = $Settings.Action + Action = $Settings.SafeAttachmentAction QuarantineTag = $Settings.QuarantineTag Redirect = $Settings.Redirect RedirectAddress = $Settings.RedirectAddress From a339077081880b983c1880abb7445bb720eee8fb Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 6 Feb 2025 11:42:15 -0500 Subject: [PATCH 034/138] Add HaloPSA ticket type query Update extension mapping to display ticket type options Update new-halotpsaticket to use .value field or defined field --- .../Invoke-ExecExtensionMapping.ps1 | 4 +++ .../Public/Halo/Get-HaloTicketType.ps1 | 28 +++++++++++++++++++ .../Public/Halo/Get-HaloToken.ps1 | 1 - .../Public/Halo/New-HaloPSATicket.ps1 | 22 ++++++++------- 4 files changed, 44 insertions(+), 11 deletions(-) create mode 100644 Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 index 01558e4c2c9f..bc442e67f9da 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 @@ -38,6 +38,10 @@ Function Invoke-ExecExtensionMapping { 'Sherweb' { $Body = Get-SherwebMapping -CIPPMapping $Table } + 'HaloPSAFields' { + $TicketTypes = Get-HaloTicketType + $Body = @{'TicketTypes' = $TicketTypes } + } } } diff --git a/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 b/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 new file mode 100644 index 000000000000..a69b5915e761 --- /dev/null +++ b/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 @@ -0,0 +1,28 @@ +function Get-HaloTicketType { + <# + .SYNOPSIS + Get Halo Ticket Type + .DESCRIPTION + Get Halo Ticket Type + .EXAMPLE + Get-HaloTicketType + + #> + [CmdletBinding()] + param () + $Table = Get-CIPPTable -TableName Extensionsconfig + try { + $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).HaloPSA + $Token = Get-HaloToken -configuration $Configuration + + Invoke-RestMethod -Uri "$($Configuration.ResourceURL)/TicketType?showall=true&showinactive=true&access_control_level=2&include_defaults=true&domain=reqs" -ContentType 'application/json' -Method GET -Headers @{Authorization = "Bearer $($Token.access_token)" } + } catch { + $Message = if ($_.ErrorDetails.Message) { + Get-NormalizedError -Message $_.ErrorDetails.Message + } else { + $_.Exception.message + } + @(@{name = "Could not get HaloPSA Ticket Types, error: $Message"; id = '' }) + } +} + diff --git a/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 b/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 index 545da1377a99..6ca2edaeefb7 100644 --- a/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 +++ b/Modules/CippExtensions/Public/Halo/Get-HaloToken.ps1 @@ -12,7 +12,6 @@ function Get-HaloToken { client_secret = $Secret scope = 'all' } - Write-Host ($body | ConvertTo-Json) if ($Configuration.Tenant -ne 'None') { $Tenant = "?tenant=$($Configuration.Tenant)" } $token = Invoke-RestMethod -Uri "$($Configuration.AuthURL)/token$Tenant" -Method Post -Body $body -ContentType 'application/x-www-form-urlencoded' return $token diff --git a/Modules/CippExtensions/Public/Halo/New-HaloPSATicket.ps1 b/Modules/CippExtensions/Public/Halo/New-HaloPSATicket.ps1 index e29ef33bd84c..440e24842e1c 100644 --- a/Modules/CippExtensions/Public/Halo/New-HaloPSATicket.ps1 +++ b/Modules/CippExtensions/Public/Halo/New-HaloPSATicket.ps1 @@ -1,5 +1,5 @@ function New-HaloPSATicket { - [CmdletBinding()] + [CmdletBinding(SupportsShouldProcess)] param ( $title, $description, @@ -29,25 +29,27 @@ function New-HaloPSATicket { } if ($Configuration.TicketType) { - $object | Add-Member -MemberType NoteProperty -Name 'tickettype_id' -Value $Configuration.TicketType -Force + $TicketType = $Configuration.TicketType.value ?? $Configuration.TicketType + $object | Add-Member -MemberType NoteProperty -Name 'tickettype_id' -Value $TicketType -Force } #use the token to create a new ticket in HaloPSA $body = ConvertTo-Json -Compress -Depth 10 -InputObject @($Object) - - Write-Host 'Sending ticket to HaloPSA' - Write-Host $body + Write-Information 'Sending ticket to HaloPSA' + Write-Information $body try { - $Ticket = Invoke-RestMethod -Uri "$($Configuration.ResourceURL)/Tickets" -ContentType 'application/json; charset=utf-8' -Method Post -Body $body -Headers @{Authorization = "Bearer $($token.access_token)" } + if ($PSCmdlet.ShouldProcess('Send ticket to HaloPSA', 'Create ticket')) { + $Ticket = Invoke-RestMethod -Uri "$($Configuration.ResourceURL)/Tickets" -ContentType 'application/json; charset=utf-8' -Method Post -Body $body -Headers @{Authorization = "Bearer $($token.access_token)" } + Write-Information "Ticket created in HaloPSA: $($Ticket.id)" + } } catch { $Message = if ($_.ErrorDetails.Message) { Get-NormalizedError -Message $_.ErrorDetails.Message } else { $_.Exception.message } - Write-LogMessage -message "Failed to send ticket to HaloPSA: $Message" -API 'HaloPSATicket' -sev Error - Write-Host "Failed to send ticket to HaloPSA: $Message" - Write-Host "Body we tried to ship: $body" + Write-LogMessage -message "Failed to send ticket to HaloPSA: $Message" -API 'HaloPSATicket' -sev Error -LogData (Get-CippException -Exception $_) + Write-Information "Failed to send ticket to HaloPSA: $Message" + Write-Information "Body we tried to ship: $body" } - } From 334ee85be231cd62dc88f6ebaf3c9550801a7ae9 Mon Sep 17 00:00:00 2001 From: redanthrax Date: Tue, 4 Feb 2025 08:15:44 -0800 Subject: [PATCH 035/138] Intune Script Edit Support function for intune script edit. Add permissions for devicemanagement scripts. --- .../Endpoint/MEM/Invoke-EditIntuneScript.ps1 | 48 +++++++++++++++++++ Modules/CIPPCore/Public/SAMManifest.json | 4 ++ 2 files changed, 52 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 new file mode 100644 index 000000000000..557fcae46252 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 @@ -0,0 +1,48 @@ +using namespace System.Net + +function Invoke-EditIntuneScript { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Endpoint.MEM.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + + $graphUrl = "https://graph.microsoft.com/beta" + switch($Request.Method) { + "GET" { + $parms = @{ + uri = "$graphUrl/deviceManagement/deviceManagementScripts/$($Request.Query.ScriptId)" + tenantid = $Request.Query.TenantFilter + } + + $intuneScript = New-GraphGetRequest @parms + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $intuneScript + }) + } + "PATCH" { + $parms = @{ + uri = "$graphUrl/deviceManagement/deviceManagementScripts/$($Request.Body.ScriptId)" + tenantid = $Request.Body.TenantFilter + body = $Request.Body.IntuneScript + } + $patchResult = New-GraphPOSTRequest @parms -type "PATCH" + $body = [pscustomobject]@{'Results' = $patchResult } + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + } + "POST" { + Write-Output "Adding script" + } + } +} diff --git a/Modules/CIPPCore/Public/SAMManifest.json b/Modules/CIPPCore/Public/SAMManifest.json index c1a3d192fc34..65b801589a7f 100644 --- a/Modules/CIPPCore/Public/SAMManifest.json +++ b/Modules/CIPPCore/Public/SAMManifest.json @@ -87,6 +87,10 @@ "id": "e330c4f0-4170-414e-a55a-2f022ec2b57b", "type": "Role" }, + { + "id": "9255e99d-faf5-445e-bbf7-cb71482737c4", + "type": "Role" + }, { "id": "06a5fe6d-c49d-46a7-b082-56b1b14103c7", "type": "Role" From 5d0a4d668680029683e674ae62b52a0a00783d9c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 6 Feb 2025 15:08:33 -0500 Subject: [PATCH 036/138] extension updates install passpushposh v1.2.0 - thanks @adamburley update pwpush extension to support pro accounts and branding improve extension test Co-Authored-By: Adam Burley <52085927+adamburley@users.noreply.github.com> --- .../Invoke-ExecExtensionMapping.ps1 | 6 + .../Extensions/Invoke-ExecExtensionTest.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 6 +- .../Invoke-ListExtensionsConfig.ps1 | 14 + .../Public/PwPush/Get-PwPushAccount.ps1 | 13 + .../Public/PwPush/New-PwPushLink.ps1 | 1 + .../Public/PwPush/Set-PwPushConfig.ps1 | 13 +- Modules/PassPushPosh/0.3.0/PassPushPosh.psm1 | 959 ----------------- .../{0.3.0 => 1.2.0}/PSGetModuleInfo.xml | 81 +- .../{0.3.0 => 1.2.0}/PassPushPosh.psd1 | 30 +- Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 | 983 ++++++++++++++++++ 11 files changed, 1084 insertions(+), 1024 deletions(-) create mode 100644 Modules/CippExtensions/Public/PwPush/Get-PwPushAccount.ps1 delete mode 100644 Modules/PassPushPosh/0.3.0/PassPushPosh.psm1 rename Modules/PassPushPosh/{0.3.0 => 1.2.0}/PSGetModuleInfo.xml (53%) rename Modules/PassPushPosh/{0.3.0 => 1.2.0}/PassPushPosh.psd1 (77%) create mode 100644 Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 index bc442e67f9da..fda01b0845c6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 @@ -42,6 +42,12 @@ Function Invoke-ExecExtensionMapping { $TicketTypes = Get-HaloTicketType $Body = @{'TicketTypes' = $TicketTypes } } + 'PWPushFields' { + $Accounts = Get-PwPushAccount + $Body = @{ + 'Accounts' = $Accounts + } + } } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 index 17e7a1b2b246..6c5a1ea5df04 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 @@ -56,7 +56,7 @@ Function Invoke-ExecExtensionTest { $Payload = 'This is a test from CIPP' $PasswordLink = New-PwPushLink -Payload $Payload if ($PasswordLink) { - $Results = [pscustomobject]@{'Results' = 'Successfully generated PWPush'; 'Link' = $PasswordLink } + $Results = [pscustomobject]@{Results = @(@{'resultText' = 'Successfully generated PWPush, hit the Copy to Clipboard button to retrieve the test.'; 'copyField' = $PasswordLink; 'state' = 'success' }) } } else { $Results = [pscustomobject]@{'Results' = 'PWPush is not enabled' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 59a15a4caf65..b5a03a747a1b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -76,9 +76,9 @@ function Invoke-ExecApiClient { 'Enabled' = $Request.Body.Enabled ?? $false } $Results = @{ - text = "API Client created '$($Client.AppName)'" - copyField = $APIConfig.ApplicationSecret - severity = 'success' + resultText = "API Client created '$($Client.AppName)'" + copyField = $APIConfig.ApplicationSecret + state = 'success' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 index e2feff0542d7..ffd21e3b3e2c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 @@ -16,7 +16,21 @@ Function Invoke-ListExtensionsConfig { $Table = Get-CIPPTable -TableName Extensionsconfig try { $Body = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -Depth 10 -ErrorAction Stop + if ($Body.HaloPSA.TicketType -and !$Body.HaloPSA.TicketType.value) { + # translate ticket type to autocomplete format + Write-Information "Ticket Type: $($Body.HaloPSA.TicketType)" + $Types = Get-HaloTicketType + $Type = $Types | Where-Object { $_.id -eq $Body.HaloPSA.TicketType } + #Write-Information ($Type | ConvertTo-Json) + if ($Type) { + $Body.HaloPSA.TicketType = @{ + label = $Type.name + value = $Type.id + } + } + } } catch { + Write-Information (Get-CippException -Exception $_ | ConvertTo-Json) $Body = @{} } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CippExtensions/Public/PwPush/Get-PwPushAccount.ps1 b/Modules/CippExtensions/Public/PwPush/Get-PwPushAccount.ps1 new file mode 100644 index 000000000000..f5e5198a1633 --- /dev/null +++ b/Modules/CippExtensions/Public/PwPush/Get-PwPushAccount.ps1 @@ -0,0 +1,13 @@ +function Get-PwPushAccount { + $Table = Get-CIPPTable -TableName Extensionsconfig + $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).PWPush + if ($Configuration.Enabled -eq $true -and $Configuration.PWPushPro -eq $true) { + Set-PwPushConfig -Configuration $Configuration + Get-PushAccount + } else { + return @(@{ + name = 'PWPush Pro is not enabled or configured. Make sure to save the configuration first.'; + id = '' + }) + } +} diff --git a/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 b/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 index 566bf8c3cb45..a4afea1d7c17 100644 --- a/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 +++ b/Modules/CippExtensions/Public/PwPush/New-PwPushLink.ps1 @@ -13,6 +13,7 @@ function New-PwPushLink { if ($Configuration.ExpireAfterDays) { $PushParams.ExpireAfterDays = $Configuration.ExpireAfterDays } if ($Configuration.ExpireAfterViews) { $PushParams.ExpireAfterViews = $Configuration.ExpireAfterViews } if ($Configuration.DeletableByViewer) { $PushParams.DeletableByViewer = $Configuration.DeletableByViewer } + if ($Configuration.AccountId) { $PushParams.AccountId = $Configuration.AccountId.value } try { if ($PSCmdlet.ShouldProcess('Create a new PwPush link')) { $Link = New-Push @PushParams diff --git a/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 b/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 index 321534395f9f..0913609f5b96 100644 --- a/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 +++ b/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 @@ -17,15 +17,26 @@ function Set-PwPushConfig { if ($Configuration.BaseUrl) { $InitParams.BaseUrl = $Configuration.BaseUrl } - if (![string]::IsNullOrEmpty($Configuration.EmailAddress)) { + if (![string]::IsNullOrEmpty($Configuration.EmailAddress) -or $Configuration.PWPushPro -eq $true) { $ApiKey = Get-ExtensionAPIKey -Extension 'PWPush' if (![string]::IsNullOrEmpty($ApiKey)) { $InitParams.APIKey = $ApiKey + } + if (![string]::IsNullOrEmpty($Configuration.EmailAddress)) { $InitParams.EmailAddress = $Configuration.EmailAddress } + if ($Configuration.PWPushPro -eq $true) { + $InitParams.AccountType = 'Pro' + $InitParams.Remove('BaseUrl') + } } + Write-Information ($InitParams | ConvertTo-Json) + + $Module = Get-Module PassPushPosh -ListAvailable + Write-Host $Module.Version if ($PSCmdlet.ShouldProcess('Initialize-PassPushPosh')) { Initialize-PassPushPosh @InitParams } } + diff --git a/Modules/PassPushPosh/0.3.0/PassPushPosh.psm1 b/Modules/PassPushPosh/0.3.0/PassPushPosh.psm1 deleted file mode 100644 index 7f6363d3f47d..000000000000 --- a/Modules/PassPushPosh/0.3.0/PassPushPosh.psm1 +++ /dev/null @@ -1,959 +0,0 @@ -class PasswordPush { - [string]$Payload - [string] hidden $__UrlToken - [string] hidden $__LinkBase - [bool]$RetrievalStep - [bool]$IsExpired - [bool]$IsDeleted - [bool]$IsDeletableByViewer - [int]$ExpireAfterDays - [int]$DaysRemaining - [int]$ExpireAfterViews - [int]$ViewsRemaining - [DateTime]$DateCreated - [DateTime]$DateUpdated - [DateTime]$DateExpired - # Added by constructors: - #[string]$URLToken - #[string]$Link - #[string]$LinkDirect - #[string]$LinkRetrievalStep - - PasswordPush() { - # Blank constructor - } - - # Constructor to allow casting or explicit import from a PSObject Representing the result of an API call - PasswordPush([PSCustomObject]$APIresponseObject) { - throw NotImplementedException - } - - # Allow casting or explicit import from the raw Content of an API call - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '', Scope = 'Function', Justification = 'Global variables are used for module session helpers.')] - PasswordPush([string]$JsonResponse) { - Write-Debug 'New PasswordPush object instantiated from JsonResponse string' - Initialize-PassPushPosh # Initialize the module if not yet done. - - $_j = $JsonResponse | ConvertFrom-Json - $this.Payload = $_j.payload - $this.IsExpired = $_j.expired - $this.IsDeleted = $_j.deleted - $this.IsDeletableByViewer = $_j.deletable_by_viewer - $this.ExpireAfterDays = $_j.expire_after_days - $this.DaysRemaining = $_j.days_remaining - $this.ExpireAfterViews = $_j.expire_after_views - $this.ViewsRemaining = $_j.views_remaining - $this.DateCreated = $_j.created_at - $this.DateUpdated = $_j.updated_at - $this.DateExpired = if ($_j.expired_on) { $_j.expired_on } else { [DateTime]0 } - - - $this | Add-Member -Name 'UrlToken' -MemberType ScriptProperty -Value { - return $this.__UrlToken - } -SecondValue { - $this.__UrlToken = $_ - $this.__LinkBase = "$Global:PPPBaseUrl/p/$($this.__UrlToken)" - } - $this.__UrlToken = $_j.url_token - $this.__LinkBase = "$Global:PPPBaseUrl/p/$($this.__UrlToken)" - $this | Add-Member -Name 'LinkDirect' -MemberType ScriptProperty -Value { return $this.__LinkBase } -SecondValue { - Write-Warning 'LinkDirect is a read-only calculated member.' - Write-Debug 'Link* members are calculated based on the Global BaseUrl and Push Retrieval Step values' - } - $this | Add-Member -Name 'LinkRetrievalStep' -MemberType ScriptProperty -Value { return "$($this.__LinkBase)/r" } -SecondValue { - Write-Warning 'LinkRetrievalStep is a read-only calculated member.' - Write-Debug 'Link* members are calculated based on the Global BaseUrl and Push Retrieval Step values' - } - $this | Add-Member -Name 'Link' -MemberType ScriptProperty -Value { - $_Link = if ($this.RetrievalStep) { $this.LinkRetrievalStep } else { $this.LinkDirect } - Write-Debug "Presented Link: $_link" - return $_Link - } -SecondValue { - Write-Warning 'Link is a read-only calculated member.' - Write-Debug 'Link* members are calculated based on the Global BaseUrl and Push Retrieval Step values' - } - } -} - -function ConvertTo-PasswordPush { - <# - .SYNOPSIS - Convert API call response to a PasswordPush object - - .DESCRIPTION - Accepts a JSON string returned from the Password Pusher API and converts it to a [PasswordPush] object. - This allows calculated push retrieval URLs and a more "PowerShell" experience. - Generally you won't need to use this directly, it's automatically invoked within Register-Push and Request-Push. - - .INPUTS - [string] - - .OUTPUTS - [PasswordPush] for single object - [PasswordPush[]] for Json array data - - .EXAMPLE - # Common usage - from within the Register-Push cmdlet - PS> $myPush = Register-Push -Payload "This is my secret!" - PS> $myPush.Link # The link parameter always presents the URL as it would appear with the same settings selected on pwpush.com - - https://pwpush.com/p/rz6nryvl-d4 - - .EXAMPLE - # Manually invoking the API - PS> $rawJson = Invoke-WebRequest ` - -Uri https://pwpush.com/p.json ` - -Method Post ` - -Body '{"password": { "payload": "This is my secret!"}}' ` - -ContentType 'application/json' | - Select-Object -ExpandProperty Content - PS> $rawJson - {"expire_after_days":7,"expire_after_views":5,"expired":false,"url_token":"rz6nryvl-d4","created_at":"2022-11-18T14:16:29.821Z","updated_at":"2022-11-18T14:16:29.821Z","deleted":false,"deletable_by_viewer":true,"retrieval_step":false,"expired_on":null,"days_remaining":7,"views_remaining":5} - PS> $rawJson | ConvertTo-PasswordPush - UrlToken : rz6nryvl-d4 - LinkDirect : https://pwpush.com/p/rz6nryvl-d4 - LinkRetrievalStep : https://pwpush.com/p/rz6nryvl-d4/r - Link : https://pwpush.com/p/rz6nryvl-d4 - Payload : - RetrievalStep : False - IsExpired : False - IsDeleted : False - IsDeletableByViewer : True - ExpireAfterDays : 7 - DaysRemaining : 7 - ExpireAfterViews : 5 - ViewsRemaining : 5 - DateCreated : 11/18/2022 2:16:29 PM - DateUpdated : 11/18/2022 2:16:29 PM - DateExpired : 1/1/0001 12:00:00 AM - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/ConvertTo-PasswordPush.md - - .NOTES - Needs a rewrite / cleanup - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '', Scope = 'Function', Justification = 'Creates a new object, no risk of overwriting data.')] - [CmdletBinding()] - [OutputType([PasswordPush])] - param( - # The string result of an API call from the Password Pusher application - [parameter(Mandatory, ValueFromPipeline)] - [ValidateNotNullOrEmpty()] - [string]$JsonResponse - ) - process { - try { - $jsonObject = $JsonResponse | ConvertFrom-Json - foreach ($o in $jsonObject) { - [PasswordPush]($o | ConvertTo-Json) # TODO fix this mess - } - } - catch { - Write-Debug 'Error in ConvertTo-PasswordPush coercing JSON object to PasswordPush object' - Write-Debug "JsonResponse parameter value: [[$JsonResponse]]" - Write-Error $_ - } - } -} -function Get-Dashboard { - <# - .SYNOPSIS - Get a list of active or expired Pushes for an authenticated user - - .DESCRIPTION - Retrieves a list of Pushes - active or expired - for an authenticated user. - Active and Expired are different endpoints, so to get both you'll need to make - two calls. - - .INPUTS - [string] 'Active' or 'Expired' - - .OUTPUTS - [PasswordPush[]] Array of pushes with data - [string] raw response body from API call - - .EXAMPLE - Get-Dashboard - - .EXAMPLE - Get-Dashboard Active - - .EXAMPLE - Get-Dashboard -Dashboard Expired - - .EXAMPLE - Get-Dashboard -Raw - [{"expire_after_days":1,"expire_after_views":5,"expired":false,"url_token":"xm3q7czvtdpmyg","created_at":"2022-11-19T18:10:42.055Z","updated_at":"2022-11-19T18:10:42.055Z","deleted":false,"deletable_by_viewer":true,"retrieval_step":false,"expired_on":null,"note":null,"days_remaining":1,"views_remaining":3}] - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-Dashboard.md - - .LINK - https://pwpush.com/api/1.0/dashboard.en.html - - .LINK - Get-PushAuditLog - - .NOTES - TODO update Invoke-Webrequest flow and error-handling to match other functions - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '', Scope = 'Function', Justification = 'Global variables are used for module session helpers.')] - [CmdletBinding()] - [OutputType([PasswordPush[]],[string])] - param( - # URL Token from a secret - [parameter(Position=0)] - [ValidateSet('Active','Expired')] - [ValidateNotNullOrEmpty()] - [string] - $Dashboard = 'Active', - - # Return content of API call directly - [Parameter()] - [switch] - $Raw - ) - if (-not $Global:PPPHeaders) { Write-Error 'Dashboard access requires authentication. Run Initialize-PassPushPosh and pass your email address and API key before retrying.' -ErrorAction Stop -Category AuthenticationError } - try { - $uri = "$Global:PPPBaseUrl/d/" - if ($Dashboard -eq 'Active') { $uri += 'active.json' } - elseif ($Dashboard -eq 'Expired') { $uri += 'expired.json' } - Write-Debug "Requesting $uri" - $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $Global:PPPHeaders -ErrorAction Stop - if ($Raw) { return $response.Content } - else { - return $response.Content | ConvertTo-PasswordPush - } - } catch { - Write-Verbose "An exception was caught: $($_.Exception.Message)" - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name 'PPPLastError' -Value $_ - Write-Debug -Message 'Response object set to global variable $PPPLastError' - } - throw # Re-throw the error - } -} -function Get-Push { - <# - .SYNOPSIS - Retrieve the secret contents of a Push - - .DESCRIPTION - Accepts a URL Token string, returns the contents of a Push along with - metadata regarding that Push. Note, Get-Push will return data on an expired - Push (datestamps, etc) even if it does not return the Push contents. - - .INPUTS - [string] - - .OUTPUTS - [PasswordPush] or [string] - - .EXAMPLE - Get-Push -URLToken gzv65wiiuciy - - .EXAMPLE - Get-Push -URLToken gzv65wiiuciy -Raw - {"payload":"I am your payload!","expired":false,"deleted":false,"expired_on":"","expire_after_days":1,"expire_after_views":4,"url_token":"bwzehzem_xu-","created_at":"2022-11-21T13:20:08.635Z","updated_at":"2022-11-21T13:23:45.342Z","deletable_by_viewer":true,"retrieval_step":false,"days_remaining":1,"views_remaining":4} - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-Push.md - - .LINK - https://pwpush.com/api/1.0/passwords/show.en.html - - .LINK - New-Push - - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars','',Scope='Function',Justification='Global variables are used for module session helpers.')] - [CmdletBinding()] - [OutputType([PasswordPush])] - param( - # URL Token for the secret - [parameter(Mandatory,ValueFromPipeline,Position=0)] - [ValidateNotNullOrEmpty()] - [Alias('Token')] - $URLToken, - - # Return the raw response body from the API call - [Parameter()] - [switch] - $Raw - ) - begin { Initialize-PassPushPosh -Verbose:$VerbosePreference -Debug:$DebugPreference } - - process { - try { - $iwrSplat = @{ - 'Method' = 'Get' - 'ContentType' = 'application/json' - 'Uri' = "$Global:PPPBaseUrl/p/$URLToken.json" - 'UserAgent' = $Global:PPPUserAgent - } - if ($Global:PPPHeaders) { $iwrSplat['Headers'] = $Global:PPPHeaders } - Write-Verbose "Sending HTTP request: $($iwrSplat | Out-String)" - $response = Invoke-WebRequest @iwrSplat -ErrorAction Stop - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name PPPLastCall -Value $response - Write-Debug 'Response to Invoke-WebRequest set to PPPLastCall Global variable' - } - if ($Raw) { - Write-Debug "Returning raw object:`n$($response.Content)" - return $response.Content - } - return $response.Content | ConvertTo-PasswordPush - } catch { - Write-Verbose "An exception was caught: $($_.Exception.Message)" - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name PPPLastError -Value $_ - Write-Debug -Message 'Response object set to global variable $PPPLastError' - } - } - } -} -function Get-PushAuditLog { - <# - .SYNOPSIS - Get the view log of an authenticated Push - - .DESCRIPTION - Retrieves the view log of a Push created under an authenticated session. - Returns an array of custom objects with view data. If the query is - successful but there are no results, it returns an empty array. - If there's an error, a single object is returned with information. - See "handling errors" under NOTES - - .INPUTS - [string] - - .OUTPUTS - [PsCustomObject[]] Array of entries. - [PsCustomObject] If there's an error in the call, it will be returned an object with a property - named 'error'. The value of that member will contain more information - - .EXAMPLE - Get-PushAuditLog -URLToken 'mytokenfromapush' - ip : 75.202.43.56,102.70.135.200 - user_agent : Mozilla/5.0 (Macintosh; Darwin 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:20:05 PDT 2022; root:xnu-8020.140.49~2/RELEASE_ARM64_T8101; - en-US) PowerShell/7.2.7 - referrer : - successful : True - created_at : 11/19/2022 6:32:42 PM - updated_at : 11/19/2022 6:32:42 PM - kind : 0 - - .EXAMPLE - # If there are no views, an empty array is returned - Get-PushAuditLog -URLToken 'mytokenthatsneverbeenseen' - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-PushAuditLog.md - - .LINK - https://pwpush.com/api/1.0/passwords/audit.en.html - - .LINK - Get-Dashboard - - .NOTES - Handling Errors: - The API returns different HTTP status codes and results depending where the - call fails. - - | HTTP RESPONSE | Error Reason | Response Body | Sample Object Returned | Note | - |------------------|---------------------------------|----------------------------------------------|--------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| - | 401 UNAUTHORIZED | Invalid API key or email | None | @{ 'Error'= 'Authentication error. Verify email address and API key.'; 'ErrorCode'= 401 } | | - | 200 OK | Push created by another account | {"error":"That push doesn't belong to you."} | @{ 'Error'= "That Push doesn't belong to you"; 'ErrorCode'= 403 } | Function transforms error code to 403 to allow easier response management | - | 404 NOT FOUND | Invalid URL token | None | @{ 'Error'= 'Invalid token. Verify your Push URL token is correct.'; 'ErrorCode'= 404 } | This is different than the response to a delete Push query - in this case it will only return 404 if the token is invalid. | - - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '', Scope = 'Function', Justification = 'Global variables are used for module session helpers.')] - [CmdletBinding()] - [OutputType([PSCustomObject[]],[string])] - param( - # URL Token from a secret - [parameter(ValueFromPipeline)] - [ValidateNotNullOrEmpty()] - [string] - $URLToken, - - # Return content of API call directly - [Parameter()] - [switch] - $Raw - ) - begin { - if (-not $Global:PPPHeaders) { Write-Error 'Retrieving audit logs requires authentication. Run Initialize-PassPushPosh and pass your email address and API key before retrying.' -ErrorAction Stop -Category AuthenticationError } - } - process { - try { - $uri = "$Global:PPPBaseUrl/p/$URLToken/audit.json" - Write-Debug 'Requesting $uri' - $response = Invoke-WebRequest -Uri $uri -Method Get -Headers $Global:PPPHeaders -ErrorAction Stop - if ([int]$response.StatusCode -eq 200 -and $response.Content -ieq "{`"error`":`"That push doesn't belong to you.`"}") { - $result = [PSCustomObject]@{ 'Error' = "That Push doesn't belong to you"; 'ErrorCode' = 403 } - Write-Warning $result.Error - return $result - } - if ($Raw) { return $response.Content } else { return $response.Content | ConvertFrom-Json } - } - catch { - Write-Verbose "An exception was caught: $($_.Exception.Message)" - if ([int]$_.Exception.Response.StatusCode -eq 401) { # Could be optimized - $result = [PSCustomObject]@{ 'Error' = 'Authentication error. Verify email address and API key.'; 'ErrorCode' = 401 } - Write-Warning $result.Error - return $result - } elseif ([int]$_.Exception.Response.StatusCode -eq 404) { - $result = [PSCustomObject]@{ 'Error' = 'Invalid token. Verify your Push URL token is correct.'; 'ErrorCode' = 404 } - Write-Warning $result.Error - return $result - } - elseif ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name 'PPPLastError' -Value $_ - Write-Debug -Message 'Response object set to global variable $PPPLastError' - return [PSCustomObject]@{ - 'Error' = $_.Exception.Message - 'ErrorCode' = [int]$_.Exception.Response.StatusCode - 'ErrorMessage' = $_.Exception.Response.ReasonPhrase - } - } - } - } -} - -# Invalid API key / email - 401 -# Invalid URL Token - 404 -# Valid token but not mine - 200, content = {"error":"That push doesn't belong to you."} -# Success but no views - 200, content = : {"views":[]} -# Success with view history {"views":[{"ip":"75.118.137.58,172.70.135.200","user_agent":"Mozilla/5.0 (Macintosh; Darwin 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:20:05 PDT 2022; root:xnu-8020.140.49~2/RELEASE_ARM64_T8101; en-US) PowerShell/7.2.7","referrer":"","successful":true,"created_at":"2022-11-19T18:32:42.277Z","updated_at":"2022-11-19T18:32:42.277Z","kind":0}]} -# Content.Views -<# -ip : 75.118.137.58,172.70.135.200 -user_agent : Mozilla/5.0 (Macintosh; Darwin 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:20:05 PDT 2022; root:xnu-8020.140.49~2/RELEASE_ARM64_T8101; -en-US) PowerShell/7.2.7 -referrer : -successful : True -created_at : 11/19/2022 6:32:42 PM -updated_at : 11/19/2022 6:32:42 PM -kind : 0 -#> -function Get-SecretLink { - <# - .SYNOPSIS - Returns a fully qualified secret link to a push of given URL Token - - .DESCRIPTION - Accepts a string value for a URL Token and retrieves a full URL link to the secret. - Returned value is a 1-step retrieval link depending on option selected during Push creation. - Returns false if URL Token is invalid, however it will return a URL if the token is valid - but the Push is expired or deleted. - - .INPUTS - [string] URL Token value - - .OUTPUTS - [string] Fully qualified URL - [bool] $False if Push URL Token is invalid. Note: Expired or deleted Pushes will still return a link. - - .EXAMPLE - Get-SecretLink -URLToken gzv65wiiuciy - https://pwpush.com/p/gzv65wiiuciy/r - - .EXAMPLE - Get-SecretLink -URLToken gzv65wiiuciy -Raw - { "url": "https://pwpush.com/p/0fkapnbo_pwp4gi8uy0/r" } - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-SecretLink.md - - .LINK - https://pwpush.com/api/1.0/passwords/preview.en.html - - .NOTES - Including this endpoint for completeness - however it is generally unnecessary. - The only thing this endpoint does is return a different value depending if "Use 1-click retrieval step" - was selected when the Push was created. Since both the 1-click and the direct links are available - regardless if that option is selected, the links are calculable and both are included by default in a - [PasswordPush] object. - - As it returns false if a Push URL token is not valid you can use it to test if a Push exists without - burning a view. - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars','',Scope='Function',Justification='Global variables are used for module session helpers.')] - [CmdletBinding()] - [Alias('Get-PushPreview')] - [OutputType('[string]')] - param( - # URL Token for the secret - [parameter(Mandatory, ValueFromPipeline)] - [ValidateLength(5, 256)] - [string]$URLToken, - - # Return the raw response body from the API call - [Parameter()] - [switch] - $Raw - ) - begin { Initialize-PassPushPosh -Verbose:$VerbosePreference -Debug:$DebugPreference } - process { - try { - $iwrSplat = @{ - 'Method' = 'Get' - 'ContentType' = 'application/json' - 'Uri' = "$Global:PPPBaseUrl/p/$URLToken/preview.json" - 'UserAgent' = $Global:PPPUserAgent - } - if ($Global:PPPHeaders) { $iwrSplat['Headers'] = $Global:PPPHeaders } - Write-Verbose "Sending HTTP request: $($iwrSplat | Out-String)" - $responseContent = Invoke-WebRequest @iwrSplat | Select-Object -ExpandProperty Content - if ($Raw) { return $responseContent } - else { return $responseContent | ConvertFrom-Json | Select-Object -ExpandProperty url } - } - catch { - Write-Verbose "An exception was caught: $($_.Exception.Message)" - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name 'PPPLastError' -Value $_ - Write-Debug -Message 'Response object set to global variable $PPPLastError' - } - } - } -} -function Initialize-PassPushPosh { - <# - .SYNOPSIS - Initialize the PassPushPosh module - - .DESCRIPTION - Sets global variables to handle the server URL and headers (authentication). - Called automatically by module Functions if it is not called explicitly prior, so you don't actually need - to call it unless you're going to use the authenticated API or alternate server, etc - Default parameters use the pwpush.com domain and anonymous authentication. - - .EXAMPLE - # Initialize with default settings - PS > Initialize-PassPushPosh - - .EXAMPLE - # Initialize with authentication - PS > Initialize-PassPushPosh -EmailAddress 'youremail@example.com' -ApiKey '239jf0jsdflskdjf' -Verbose - - VERBOSE: Initializing PassPushPosh. ApiKey: [x-kdjf], BaseUrl: https://pwpush.com - - .EXAMPLE - # Initialize with another server with authentication - PS > Initialize-PassPushPosh -BaseUrl https://myprivatepwpushinstance.com -EmailAddress 'youremail@example.com' -ApiKey '239jf0jsdflskdjf' -Verbose - - VERBOSE: Initializing PassPushPosh. ApiKey: [x-kdjf], BaseUrl: https://myprivatepwpushinstance.com - - .EXAMPLE - # Set a custom User Agent - PS > InitializePassPushPosh -UserAgent "I'm a cool dude with a cool script." - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/Initialize-PassPushPosh.md - - .NOTES - All variables set by this function start with PPP. - - PPPHeaders - - PPPUserAgent - - PPPBaseUrl - - -WhatIf setting for Set-Variable -Global is disabled, otherwise -WhatIf - calls for other functions would return incorrect data in the case this - function has not yet run. - - TODO: Review API key pattern for parameter validation - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars','',Scope='Function',Justification='Global variables are used for module session helpers.')] - [CmdletBinding(DefaultParameterSetName='Anonymous')] - param ( - # Email address to use for authenticated calls. - [Parameter(Mandatory,Position=0,ParameterSetName='Authenticated')] - [ValidatePattern('.+\@.+\..+')] - [string]$EmailAddress, - - # API Key for authenticated calls. - [Parameter(Mandatory,Position=1,ParameterSetName='Authenticated')] - [ValidateLength(5,256)] - [string]$ApiKey, - - # Base URL for API calls. Allows use of module with private instances of Password Pusher - # Default: https://pwpush.com - [Parameter(Position=0,ParameterSetName='Anonymous')] - [Parameter(Position=2,ParameterSetName='Authenticated')] - [ValidatePattern('^https?:\/\/[a-zA-Z0-9-_]+.[a-zA-Z0-9]+')] - [string]$BaseUrl, - - # Set a specific user agent. Default user agent is a combination of the - # module info, what your OS reports itself as, and a hash based on - # your username + workstation or domain name. This way the UA can be - # semi-consistent across sessions but not identifying. - [Parameter()] - [ValidateNotNullOrEmpty()] - [string] - $UserAgent, - - # Force setting new information. If module is already initialized you can use this to - # Re-initialize with default settings. Implied if either ApiKey or BaseUrl is provided. - [Parameter()][switch]$Force - ) - if ($Global:PPPBaseURL -and $true -inotin $Force, [bool]$ApiKey, [bool]$BaseUrl, [bool]$UserAgent) { Write-Debug -Message 'PassPushPosh is already initialized.' } - else { - $defaultBaseUrl = 'https://pwpush.com' - $apiKeyOutput = if ($ApiKey) { 'x-' + $ApiKey.Substring($ApiKey.Length-4) } else { 'None' } - - if (-not $Global:PPPBaseURL) { # Not initialized - if (-not $BaseUrl) { $BaseUrl = $defaultBaseUrl } - Write-Verbose "Initializing PassPushPosh. ApiKey: [$apiKeyOutput], BaseUrl: $BaseUrl" - } elseif ($Force -or $ApiKey -or $BaseURL) { - if (-not $BaseUrl) { $BaseUrl = $defaultBaseUrl } - $oldApiKeyOutput = if ($Global:PPPApiKey) { 'x-' + $Global:PPPApiKey.Substring($Global:PPPApiKey.Length-4) } else { 'None' } - Write-Verbose "Re-initializing PassPushPosh. Old ApiKey: [$oldApiKeyOutput] New ApiKey: [$apiKeyOutput], Old BaseUrl: $Global:PPPBaseUrl New BaseUrl: $BaseUrl" - } - if ($PSCmdlet.ParameterSetName -eq 'Authenticated') { - Set-Variable -Scope Global -Name PPPHeaders -WhatIf:$false -Value @{ - 'X-User-Email' = $EmailAddress - 'X-User-Token' = $ApiKey - } - } elseif ($Global:PPPHeaders) { # Remove if present - covers case where module is reinitialized from an authenticated to an anonymous session - Remove-Variable -Scope Global -Name PPPHeaders -WhatIf:$false - } - - if (-not $UserAgent) { - $osVersion = [System.Environment]::OSVersion - $userAtDomain = "{0}@{1}" -f [System.Environment]::UserName, [System.Environment]::UserDomainName - $uAD64 = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($userAtDomain)) - Write-Debug "$userAtDomain transformed to $uAD64. First 20 characters $($uAD64.Substring(0,20))" - $UserAgent = "PassPushPosh/$((Get-Module -Name PassPushPosh).Version.ToString()) $osVersion/$($uAD64.Substring(0,20))" - Write-Verbose "Generated user agent: $UserAgent" - } else { - Write-Verbose "Using specified user agent: $UserAgent" - } - - Set-Variable -WhatIf:$false -Scope Global -Name PPPBaseURL -Value $BaseUrl.TrimEnd('/') - Set-Variable -WhatIf:$false -Scope Global -Name PPPUserAgent -Value $UserAgent - } -} -function New-PasswordPush { - <# - .SYNOPSIS - Create a new blank Password Push object. - - .DESCRIPTION - Creates a blank [PasswordPush]. - Generally not needed, use ConvertTo-PasswordPush - See New-Push if you're trying to create a new secret to send - - .INPUTS - None - - .OUTPUTS - [PasswordPush] - - .EXAMPLE - New-PasswordPush - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/New-PasswordPush.md - - .NOTES - TODO Rewrite - make this work including read-only properties - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '', Scope = 'Function', Justification = 'Creates a new object, no risk of overwriting data.')] - [CmdletBinding()] - param () - return [PasswordPush]::new() -} -function New-Push { - <# - .SYNOPSIS - Create a new Password Push - - .DESCRIPTION - Create a new Push on the specified Password Pusher instance. The - programmatic equivalent of going to pwpush.com and entering info. - Returns [PasswordPush] object. Link member is a link created based on - 1-step setting however both 1-step and direct links - are always provided at LinkRetrievalStep and LinkDirect. - - .EXAMPLE - $myPush = New-Push "Here's my secret!" - PS > $myPush | Select-Object Link, LinkRetrievalStep, LinkDirect - - Link : https://pwpush.com/p/gzv65wiiuciy # Requested style - LinkRetrievalStep : https://pwpush.com/p/gzv65wiiuciy/r # 1-step - LinkDirect : https://pwpush.com/p/gzv65wiiuciy # Direct - - .EXAMPLE - "Super secret secret" | New-Push -RetrievalStep | Select-Object -ExpandProperty Link - - https://pwpush.com/p/gzv65wiiuciy/r - - - .EXAMPLE - # "Burn after reading" style Push - PS > New-Push -Payload "Still secret text!" -ExpireAfterViews 1 -RetrievalStep - - .INPUTS - [string] - - .OUTPUTS - [PasswordPush] Push object - [string] Raw result of API call - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/New-Push.md - - .LINK - https://pwpush.com/api/1.0/passwords/create.en.html - - .LINK - Get-Push - - .NOTES - Maximum for -ExpireAfterDays and -ExpireAfterViews is based on the default - values for Password Pusher and what's used on the public instance - (pwpush.com). If you're using this with a private instance and want to - override that value you'll need to fork this module. - - TODO: Support [PasswordPush] input objects, testing - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars','',Scope='Function',Justification='Global variables are used for module session helpers.')] - [CmdletBinding(SupportsShouldProcess,ConfirmImpact='Low',DefaultParameterSetName='Anonymous')] - [OutputType([PasswordPush],[string],[bool])] # Returntype should be [PasswordPush] but I've yet to find a way to add class access to a function on a module... - param( - # The password or secret text to share. - [Parameter(Mandatory=$true,ValueFromPipeline,Position=0)] - [Alias('Password')] - [ValidateNotNullOrEmpty()] - [string]$Payload, - - # Label for this Push (requires Authenticated session) - [Parameter(ParameterSetName='RequiresAuthentication')] - [ValidateNotNullOrEmpty()] - [string]$Note, - - # Expire secret link and delete after this many days. - [Parameter()] - [ValidateRange(1,90)] - [int] - $ExpireAfterDays, - - # Expire secret link after this many views. - [Parameter()] - [ValidateRange(1,100)] - [int] - $ExpireAfterViews, - - # Allow the recipient of a Push to delete it. - [Parameter()] - [switch] - $DeletableByViewer, - - # Require recipient click an extra link to view Push payload. - # Helps to avoid chat systems and URL scanners from eating up views. - # Note that the retrieval step URL is always available for a push. This - # parameter changes if the 1-click link is used in the Link parameter - # and returned from the secret link helper (Get-SecretLink) - [Parameter()] - [switch] - $RetrievalStep, - - # Return the raw response body from the API call - [Parameter()] - [switch] - $Raw - ) - - begin { - Initialize-PassPushPosh -Verbose:$VerbosePreference -Debug:$DebugPreference - } - - process { - if ($PSCmdlet.ParameterSetName -eq 'RequiresAuthentication' -and -not $Global:PPPHeaders.'X-User-Token') { Write-Error -Message 'Setting a note requires an authenticated call.'; return $false } - - $body = @{ - 'password' = @{ - 'payload' = $Payload - } - } - $shouldString = 'Submit {0} push with Payload of length {1}' -f $PSCmdlet.ParameterSetName, $Payload.Length - if ($Note) { - $body.password.note = $note - $shouldString += " with note $note" - } - if ($ExpireAfterDays) { - $body.password.expire_after_days = $ExpireAfterDays - $shouldString += ', expire after {0} days' -f $ExpireAfterDays - } - if ($ExpireAfterViews) { - $body.password.expire_after_views = $ExpireAfterViews - $shouldString += ', expire after {0} views' -f $ExpireAfterViews - } - $body.password.deletable_by_viewer = if ($DeletableByViewer) { - $shouldString += ', deletable by viewer' - $true - } else { - $shouldString += ', NOT deletable by viewer' - $false - } - $body.password.retrieval_step = if ($RetrievalStep) { - $shouldString += ', with a 1-click retrieval step' - $true - } else { - $shouldString += ', with a direct link' - $false - } - if ($VerbosePreference -eq [System.Management.Automation.ActionPreference]::Continue) { - # Sanitize input so we're not logging or outputting the payload - $vBody = $body.Clone() - $vBody.password.payload = "A payload of length $($body.password.payload.Length.ToString())" - $vBs = $vBody | ConvertTo-Json | Out-String - Write-Verbose "Call Body (sanitized): $vBs" - } - - $iwrSplat = @{ - 'Method' = 'Post' - 'ContentType' = 'application/json' - 'Body' = ($body | ConvertTo-Json) - 'Uri' = "$Global:PPPBaseUrl/p.json" - 'UserAgent' = $Global:PPPUserAgent - } - if ($Global:PPPHeaders.'X-User-Token') { $iwrSplat['Headers'] = $Global:PPPHeaders } - Write-Verbose "Sending HTTP request (minus body): $($iwrSplat | Select-Object Method,ContentType,Uri,UserAgent,Headers | Out-String)" - if ($PSCmdlet.ShouldProcess($shouldString, $iwrSplat.Uri, 'Submit new Push')) { - try { - $response = Invoke-WebRequest @iwrSplat - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name PPPLastCall -Value $response - Write-Debug 'Response to Invoke-WebRequest set to PPPLastCall Global variable' - } - if ($Raw) { - Write-Debug "Returning raw object: $($response.Content)" - return $response.Content - } - return $response.Content | ConvertTo-PasswordPush - } catch { - Write-Verbose "An exception was caught: $($_.Exception.Message)" - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name PPPLastError -Value $_ - Write-Debug -Message 'Response object set to global variable $PPPLastError' - } - } - } - } -} -function Remove-Push { - <# - .SYNOPSIS - Remove a Push - - .DESCRIPTION - Remove (invalidate) an active push. Requires the Push be either set as - deletable by viewer, or that you are authenticated as the creator of the - Push. - - If you have authorization to delete a push (deletable by viewer TRUE or - you are the Push owner) the endpoint will always return 200 OK with a Push - object, regardless if the Push was previously deleted or expired. - - If the Push URL Token is invalid OR you are not authorized to delete the - Push, the endpoint returns 404 and this function returns $false - - .INPUTS - [string] URL Token - [PasswordPush] representing the Push to remove - - .OUTPUTS - [bool] True on success, otherwise False - - .EXAMPLE - Remove-Push -URLToken bwzehzem_xu- - - .EXAMPLE - Remove-Push -URLToken -Raw - {"expired":true,"deleted":true,"expired_on":"2022-11-21T13:23:45.341Z","expire_after_days":1,"expire_after_views":4,"url_token":"bwzehzem_xu-","created_at":"2022-11-21T13:20:08.635Z","updated_at":"2022-11-21T13:23:45.342Z","deletable_by_viewer":true,"retrieval_step":false,"days_remaining":1,"views_remaining":4} - - .LINK - https://github.com/adamburley/PassPushPosh/blob/main/Docs/Remove-Push.md - - .LINK - https://pwpush.com/api/1.0/passwords/destroy.en.html - - .NOTES - TODO testing and debugging - #> - [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars','',Scope='Function',Justification='Global variables are used for module session helpers.')] - [CmdletBinding(SupportsShouldProcess,DefaultParameterSetName='Token')] - [OutputType([PasswordPush],[string],[bool])] - param( - # URL Token for the secret - [parameter(ValueFromPipeline,ParameterSetName='Token')] - [ValidateNotNullOrEmpty()] - [Alias('Token')] - [string] - $URLToken, - - # PasswordPush object - [Parameter(ValueFromPipeline,ParameterSetName='Object')] - [PasswordPush] - $PushObject, - - # Return the raw response body from the API call - [parameter()] - [switch] - $Raw - ) - process { - try { - if ($PSCmdlet.ParameterSetName -eq 'Object') { - Write-Debug -Message "Remove-Push was passed a PasswordPush object with URLToken: [$($PushObject.URLToken)]" - if (-not $PushObject.IsDeletableByViewer -and -not $Global:PPPHeaders) { #Pre-qualify if this will succeed - Write-Warning -Message 'Unable to remove Push. Push is not marked as deletable by viewer and you are not authenticated.' - return $false - } - if ($PushObject.IsDeletableByViewer) { - Write-Verbose "Push is flagged as deletable by viewer, should be deletable." - } else { Write-Verbose "In an authenticated API session. Push will be deletable if it was created by authenticated user." } - $URLToken = $PushObject.URLToken - } else { - Write-Debug -Message "Remove-Push was passed a URLToken: [$URLToken]" - } - Write-Verbose -Message "Push with URL Token [$URLToken] will be deleted if 'Deletable by viewer' was enabled or you are the creator of the push and are authenticated." - $iwrSplat = @{ - 'Method' = 'Delete' - 'ContentType' = 'application/json' - 'Uri' = "$Global:PPPBaseUrl/p/$URLToken.json" - 'UserAgent' = $Global:PPPUserAgent - } - if ($Global:PPPHeaders) { $iwrSplat['Headers'] = $Global:PPPHeaders } - Write-Verbose "Sending HTTP request: $($iwrSplat | Out-String)" - if ($PSCmdlet.ShouldProcess('Delete',"Push with token [$URLToken]")) { - $response = Invoke-WebRequest @iwrSplat - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name PPPLastCall -Value $response - Write-Debug 'Response to Invoke-WebRequest set to PPPLastCall Global variable' - } - if ($Raw) { - Write-Debug "Returning raw object: $($response.Content)" - return $response.Content - } - return $response.Content | ConvertTo-PasswordPush - } - } catch { - if ($_.Exception.Response.StatusCode -eq 404) { - Write-Warning "Failed to delete Push. This can indicate an invalid URL Token, that the password was not marked deletable, or that you are not the owner." - return $false - } else { - Write-Verbose "An exception was caught: $($_.Exception.Message)" - if ($DebugPreference -eq [System.Management.Automation.ActionPreference]::Continue) { - Set-Variable -Scope Global -Name PPPLastError -Value $_ - Write-Debug -Message 'Response object set to global variable $PPPLastError' - } - $_ - } - } - } -} diff --git a/Modules/PassPushPosh/0.3.0/PSGetModuleInfo.xml b/Modules/PassPushPosh/1.2.0/PSGetModuleInfo.xml similarity index 53% rename from Modules/PassPushPosh/0.3.0/PSGetModuleInfo.xml rename to Modules/PassPushPosh/1.2.0/PSGetModuleInfo.xml index f18deba883e8..0189606b3555 100644 --- a/Modules/PassPushPosh/0.3.0/PSGetModuleInfo.xml +++ b/Modules/PassPushPosh/1.2.0/PSGetModuleInfo.xml @@ -7,18 +7,18 @@ PassPushPosh - 0.3.0 + 1.2.0 Module - *PassPushPosh* is a PowerShell Module for interfacing with the Password Pusher secure password / string sharing application, primarily through pwpush.com. It supports creating, retrieving, and deleting anonymous and authenticated pushes and getting Push and Dashboard data for authenticated users._x000D__x000A__x000D__x000A_Cmdlets provide clear responses to errors, support additional messaging via -Debug and -Verbose, transaction testing via -Whatif and -Confirm, and in general try to be as "Powershell-y" as possible. + PassPushPosh is a PowerShell Module for accessing the Password Pusher application via API. It supports creating, retrieving, and deleting anonymous and authenticated pushes and getting Push and Dashboard data for authenticated users. Adam Burley AdamBurley Adam Burley, 2022 -
2024-07-24T01:39:52-04:00
+
2025-02-06T18:21:26-05:00
https://www.gnu.org/licenses/gpl-3.0.en.html https://github.com/adamburley/PassPushPosh - + https://github.com/adamburley/PassPushPosh/blob/main/pwplogo85x85.png?raw=true System.Object[] @@ -26,7 +26,6 @@ System.Object - PSEdition_Desktop PSEdition_Core Windows Linux @@ -42,34 +41,47 @@ - Command + DscResource + + + + + + Function + - ConvertTo-PasswordPush Get-Dashboard Get-Push + Get-PushAccount Get-PushAuditLog Get-SecretLink Initialize-PassPushPosh - New-PasswordPush New-Push Remove-Push - Function - + RoleCapability + + + + Workflow + + + + Command + - ConvertTo-PasswordPush Get-Dashboard Get-Push + Get-PushAccount Get-PushAuditLog Get-SecretLink Initialize-PassPushPosh - New-PasswordPush New-Push Remove-Push @@ -77,27 +89,12 @@ Cmdlet - - - - - - - RoleCapability - - - - DscResource - - - - Workflow - + - 0.3.0 - Remove route translations from URI segments for compatibility with PasswordPusher v1.42.0. See pglombardo/PasswordPusher/pull/2353_x000D__x000A_ 0.2.3 - Bug fixing in New-Push. See PR #1_x000D__x000A_ 0.2.2 - Fixed issue with Get-Dashboard returning error referencing -JsonIsArray parameter_x000D__x000A_ General - Module is generally functional but has not been extensively bug-tested. Reccomend not implementing into a production environment at this time. + 1.2.0 - Add compatibility with Premium and Pro API endpoints and branding._x000D__x000A_ 1.0.0 - Major refactor, add capabilities and improve testing and build process._x000D__x000A_ 0.3.0 - Remove route translations from URI segments for compatibility with PasswordPusher v1.42.0. See pglombardo/PasswordPusher/pull/2353 @@ -112,31 +109,31 @@ Adam Burley, 2022 - *PassPushPosh* is a PowerShell Module for interfacing with the Password Pusher secure password / string sharing application, primarily through pwpush.com. It supports creating, retrieving, and deleting anonymous and authenticated pushes and getting Push and Dashboard data for authenticated users._x000D__x000A__x000D__x000A_Cmdlets provide clear responses to errors, support additional messaging via -Debug and -Verbose, transaction testing via -Whatif and -Confirm, and in general try to be as "Powershell-y" as possible. + PassPushPosh is a PowerShell Module for accessing the Password Pusher application via API. It supports creating, retrieving, and deleting anonymous and authenticated pushes and getting Push and Dashboard data for authenticated users. False - 0.3.0 - Remove route translations from URI segments for compatibility with PasswordPusher v1.42.0. See pglombardo/PasswordPusher/pull/2353_x000D__x000A_ 0.2.3 - Bug fixing in New-Push. See PR #1_x000D__x000A_ 0.2.2 - Fixed issue with Get-Dashboard returning error referencing -JsonIsArray parameter_x000D__x000A_ General - Module is generally functional but has not been extensively bug-tested. Reccomend not implementing into a production environment at this time. + 1.2.0 - Add compatibility with Premium and Pro API endpoints and branding._x000D__x000A_ 1.0.0 - Major refactor, add capabilities and improve testing and build process._x000D__x000A_ 0.3.0 - Remove route translations from URI segments for compatibility with PasswordPusher v1.42.0. See pglombardo/PasswordPusher/pull/2353 True True - 0 - 82 - 14562 - 7/24/2024 1:39:52 AM -04:00 - 7/24/2024 1:39:52 AM -04:00 - 7/24/2024 1:39:52 AM -04:00 - PSEdition_Desktop PSEdition_Core Windows Linux MacOS Password PSModule PSFunction_ConvertTo-PasswordPush PSCommand_ConvertTo-PasswordPush PSFunction_Get-Dashboard PSCommand_Get-Dashboard PSFunction_Get-Push PSCommand_Get-Push PSFunction_Get-PushAuditLog PSCommand_Get-PushAuditLog PSFunction_Get-SecretLink PSCommand_Get-SecretLink PSFunction_Initialize-PassPushPosh PSCommand_Initialize-PassPushPosh PSFunction_New-PasswordPush PSCommand_New-PasswordPush PSFunction_New-Push PSCommand_New-Push PSFunction_Remove-Push PSCommand_Remove-Push PSIncludes_Function + 2 + 221 + 14279 + 2/6/2025 6:21:26 PM -05:00 + 2/6/2025 6:21:26 PM -05:00 + 2/6/2025 6:40:00 PM -05:00 + PSEdition_Core Windows Linux MacOS Password PSModule PSFunction_Get-Dashboard PSCommand_Get-Dashboard PSFunction_Get-Push PSCommand_Get-Push PSFunction_Get-PushAccount PSCommand_Get-PushAccount PSFunction_Get-PushAuditLog PSCommand_Get-PushAuditLog PSFunction_Get-SecretLink PSCommand_Get-SecretLink PSFunction_Initialize-PassPushPosh PSCommand_Initialize-PassPushPosh PSFunction_New-Push PSCommand_New-Push PSFunction_Remove-Push PSCommand_Remove-Push PSIncludes_Function False - 2024-07-24T01:39:52Z - 0.3.0 + 2025-02-06T18:40:00Z + 1.2.0 Adam Burley false Module PassPushPosh.nuspec|PassPushPosh.psd1|PassPushPosh.psm1 5d8a1afd-a912-440f-a9b9-e79f42a05f21 - 5.1 + 7.0 Burley.dev - C:\GitHub\CIPP Workspace\CIPP-API\Modules\PassPushPosh\0.3.0 + C:\GitHub\CIPP Workspace\CIPP-API\Modules\PassPushPosh\1.2.0 diff --git a/Modules/PassPushPosh/0.3.0/PassPushPosh.psd1 b/Modules/PassPushPosh/1.2.0/PassPushPosh.psd1 similarity index 77% rename from Modules/PassPushPosh/0.3.0/PassPushPosh.psd1 rename to Modules/PassPushPosh/1.2.0/PassPushPosh.psd1 index 0245ff599c4e..1afc05451086 100644 --- a/Modules/PassPushPosh/0.3.0/PassPushPosh.psd1 +++ b/Modules/PassPushPosh/1.2.0/PassPushPosh.psd1 @@ -3,7 +3,7 @@ # # Generated by: Adam Burley # -# Generated on: 7/23/2024 +# Generated on: 2/6/2025 # @{ @@ -12,10 +12,10 @@ RootModule = 'PassPushPosh.psm1' # Version number of this module. -ModuleVersion = '0.3.0' +ModuleVersion = '1.2.0' # Supported PSEditions -# CompatiblePSEditions = @() +CompatiblePSEditions = 'Core' # ID used to uniquely identify this module GUID = '5d8a1afd-a912-440f-a9b9-e79f42a05f21' @@ -30,12 +30,10 @@ CompanyName = 'Burley.dev' Copyright = 'Adam Burley, 2022' # Description of the functionality provided by this module -Description = '*PassPushPosh* is a PowerShell Module for interfacing with the Password Pusher secure password / string sharing application, primarily through pwpush.com. It supports creating, retrieving, and deleting anonymous and authenticated pushes and getting Push and Dashboard data for authenticated users. - -Cmdlets provide clear responses to errors, support additional messaging via -Debug and -Verbose, transaction testing via -Whatif and -Confirm, and in general try to be as "Powershell-y" as possible.' +Description = 'PassPushPosh is a PowerShell Module for accessing the Password Pusher application via API. It supports creating, retrieving, and deleting anonymous and authenticated pushes and getting Push and Dashboard data for authenticated users.' # Minimum version of the PowerShell engine required by this module -PowerShellVersion = '5.1' +PowerShellVersion = '7.0' # Name of the PowerShell host required by this module # PowerShellHostName = '' @@ -71,15 +69,13 @@ PowerShellVersion = '5.1' # NestedModules = @() # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. -FunctionsToExport = 'ConvertTo-PasswordPush', 'Get-Dashboard', 'Get-Push', - 'Get-PushAuditLog', 'Get-SecretLink', 'Initialize-PassPushPosh', - 'New-PasswordPush', 'New-Push', 'Remove-Push' +FunctionsToExport = @('Get-Dashboard','Get-Push','Get-PushAccount','Get-PushAuditLog','Get-SecretLink','Initialize-PassPushPosh','New-Push','Remove-Push') # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() # Variables to export from this module -VariablesToExport = '*' +# VariablesToExport = @() # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. AliasesToExport = 'Get-PushPreview' @@ -99,7 +95,7 @@ PrivateData = @{ PSData = @{ # Tags applied to this module. These help with module discovery in online galleries. - Tags = 'PSEdition_Desktop','PSEdition_Core','Windows','Linux','MacOS','Password' + Tags = 'PSEdition_Core','Windows','Linux','MacOS','Password' # A URL to the license for this module. LicenseUri = 'https://www.gnu.org/licenses/gpl-3.0.en.html' @@ -108,14 +104,13 @@ PrivateData = @{ ProjectUri = 'https://github.com/adamburley/PassPushPosh' # A URL to an icon representing this module. - # IconUri = '' + IconUri = 'https://github.com/adamburley/PassPushPosh/blob/main/pwplogo85x85.png?raw=true' # ReleaseNotes of this module ReleaseNotes = ' - 0.3.0 - Remove route translations from URI segments for compatibility with PasswordPusher v1.42.0. See pglombardo/PasswordPusher/pull/2353 - 0.2.3 - Bug fixing in New-Push. See PR #1 - 0.2.2 - Fixed issue with Get-Dashboard returning error referencing -JsonIsArray parameter - General - Module is generally functional but has not been extensively bug-tested. Reccomend not implementing into a production environment at this time.' + 1.2.0 - Add compatibility with Premium and Pro API endpoints and branding. + 1.0.0 - Major refactor, add capabilities and improve testing and build process. + 0.3.0 - Remove route translations from URI segments for compatibility with PasswordPusher v1.42.0. See pglombardo/PasswordPusher/pull/2353' # Prerelease string of this module # Prerelease = '' @@ -137,4 +132,3 @@ HelpInfoURI = 'https://github.com/adamburley/PassPushPosh/blob/main/Docs' # DefaultCommandPrefix = '' } - diff --git a/Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 b/Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 new file mode 100644 index 000000000000..5abc0900bc2d --- /dev/null +++ b/Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 @@ -0,0 +1,983 @@ +#Region '.\Classes\PasswordPush.ps1' -1 + +class PasswordPush { + [string]$Note + [string]$Payload + [string] hidden $__UrlToken + [string] hidden $__LinkBase + [bool]$RetrievalStep + [bool]$IsExpired + [bool]$IsDeleted + [bool]$IsDeletableByViewer + [int]$ExpireAfterDays + [int]$DaysRemaining + [int]$ExpireAfterViews + [int]$ViewsRemaining + [DateTime]$DateCreated + [DateTime]$DateUpdated + [DateTime]$DateExpired + # Added by constructors: + #[string]$URLToken + #[string]$Link + #[string]$LinkDirect + #[string]$LinkRetrievalStep + + PasswordPush() { + # Blank constructor + } + + # Constructor to allow casting or explicit import from a PSObject Representing the result of an API call + PasswordPush([PSCustomObject]$APIresponseObject) { + throw NotImplementedException + } + + # Allow casting or explicit import from the raw Content of an API call + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '', Scope = 'Function', Justification = 'Global variables are used for module session helpers.')] + PasswordPush([string]$JsonResponse) { + Write-Debug 'New PasswordPush object instantiated from JsonResponse string' + Initialize-PassPushPosh # Initialize the module if not yet done. + + $_j = $JsonResponse | ConvertFrom-Json + $this.Note = $_j.note + $this.Payload = $_j.payload + $this.IsExpired = $_j.expired + $this.IsDeleted = $_j.deleted + $this.IsDeletableByViewer = $_j.deletable_by_viewer + $this.ExpireAfterDays = $_j.expire_after_days + $this.DaysRemaining = $_j.days_remaining + $this.ExpireAfterViews = $_j.expire_after_views + $this.ViewsRemaining = $_j.views_remaining + $this.DateCreated = $_j.created_at + $this.DateUpdated = $_j.updated_at + $this.DateExpired = if ($_j.expired_on) { $_j.expired_on } else { [DateTime]0 } + $this.RetrievalStep = $_j.retrieval_step + + + $this | Add-Member -Name 'UrlToken' -MemberType ScriptProperty -Value { + return $this.__UrlToken + } -SecondValue { + $this.__UrlToken = $_ + $this.__LinkBase = $_j.html_url ?? "$Script:PPPBaseUrl/p/$($this.__UrlToken)" + } + $this.__UrlToken = $_j.url_token + $this.__LinkBase = $_j.html_url ?? "$Script:PPPBaseUrl/p/$($this.__UrlToken)" + $this | Add-Member -Name 'LinkDirect' -MemberType ScriptProperty -Value { return $this.__LinkBase } -SecondValue { + Write-Warning 'LinkDirect is a read-only calculated member.' + Write-Debug 'Link* members are calculated based on the Global BaseUrl and Push Retrieval Step values' + } + $this | Add-Member -Name 'LinkRetrievalStep' -MemberType ScriptProperty -Value { return "$($this.__LinkBase)/r" } -SecondValue { + Write-Warning 'LinkRetrievalStep is a read-only calculated member.' + Write-Debug 'Link* members are calculated based on the Global BaseUrl and Push Retrieval Step values' + } + $this | Add-Member -Name 'Link' -MemberType ScriptProperty -Value { + $_Link = if ($this.RetrievalStep) { $this.LinkRetrievalStep } else { $this.LinkDirect } + Write-Debug "Presented Link: $_link" + $_Link + } -SecondValue { + Write-Warning 'Link is a read-only calculated member.' + Write-Debug 'Link* members are calculated based on the Global BaseUrl and Push Retrieval Step values' + } + } +} +#EndRegion '.\Classes\PasswordPush.ps1' 80 +#Region '.\Classes\TypeAccelerators.ps1' -1 + +# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_classes?view=powershell-7.4#exporting-classes-with-type-accelerators +# Define the types to export with type accelerators. +$ExportableTypes =@( + [PasswordPush] +) +# Get the internal TypeAccelerators class to use its static methods. +$TypeAcceleratorsClass = [psobject].Assembly.GetType( + 'System.Management.Automation.TypeAccelerators' +) +# Ensure none of the types would clobber an existing type accelerator. +# If a type accelerator with the same name exists, throw an exception. +$ExistingTypeAccelerators = $TypeAcceleratorsClass::Get +foreach ($Type in $ExportableTypes) { + if ($Type.FullName -in $ExistingTypeAccelerators.Keys) { + $Message = @( + "Unable to register type accelerator '$($Type.FullName)'" + 'Accelerator already exists.' + ) -join ' - ' + + throw [System.Management.Automation.ErrorRecord]::new( + [System.InvalidOperationException]::new($Message), + 'TypeAcceleratorAlreadyExists', + [System.Management.Automation.ErrorCategory]::InvalidOperation, + $Type.FullName + ) + } +} +# Add type accelerators for every exportable type. +foreach ($Type in $ExportableTypes) { + $TypeAcceleratorsClass::Add($Type.FullName, $Type) +} +# Remove type accelerators when the module is removed. +($MyInvocation.MyCommand.ScriptBlock.Module.OnRemove = { + foreach($Type in $ExportableTypes) { + $TypeAcceleratorsClass::Remove($Type.FullName) + } +}.GetNewClosure()) | Out-Null +#EndRegion '.\Classes\TypeAccelerators.ps1' 38 +#Region '.\Private\ConvertTo-PasswordPush.ps1' -1 + + <# + .SYNOPSIS + Convert API call response to a PasswordPush object + + .DESCRIPTION + Accepts a JSON string returned from the Password Pusher API and converts it to a [PasswordPush] object. + This allows calculated push retrieval URLs and a more "PowerShell" experience. + Generally you won't need to use this directly, it's automatically invoked within Register-Push and Request-Push. + + .PARAMETER JsonResponse + The string result of an API call from the Password Pusher application + + .INPUTS + [string] + + .OUTPUTS + [PasswordPush] for single object + [PasswordPush[]] for Json array data + + .EXAMPLE + # Common usage - from within the Register-Push cmdlet + PS> $myPush = Register-Push -Payload "This is my secret!" + PS> $myPush.Link # The link parameter always presents the URL as it would appear with the same settings selected on pwpush.com + + https://pwpush.com/p/rz6nryvl-d4 + + .EXAMPLE + # Manually invoking the API + PS> $rawJson = Invoke-WebRequest ` + -Uri https://pwpush.com/p.json ` + -Method Post ` + -Body '{"password": { "payload": "This is my secret!"}}' ` + -ContentType 'application/json' | + Select-Object -ExpandProperty Content + PS> $rawJson + {"expire_after_days":7,"expire_after_views":5,"expired":false,"url_token":"rz6nryvl-d4","created_at":"2022-11-18T14:16:29.821Z","updated_at":"2022-11-18T14:16:29.821Z","deleted":false,"deletable_by_viewer":true,"retrieval_step":false,"expired_on":null,"days_remaining":7,"views_remaining":5} + PS> $rawJson | ConvertTo-PasswordPush + UrlToken : rz6nryvl-d4 + LinkDirect : https://pwpush.com/p/rz6nryvl-d4 + LinkRetrievalStep : https://pwpush.com/p/rz6nryvl-d4/r + Link : https://pwpush.com/p/rz6nryvl-d4 + Payload : + RetrievalStep : False + IsExpired : False + IsDeleted : False + IsDeletableByViewer : True + ExpireAfterDays : 7 + DaysRemaining : 7 + ExpireAfterViews : 5 + ViewsRemaining : 5 + DateCreated : 11/18/2022 2:16:29 PM + DateUpdated : 11/18/2022 2:16:29 PM + DateExpired : 1/1/0001 12:00:00 AM + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/ConvertTo-PasswordPush.md + + .NOTES + Needs a rewrite / cleanup + #> +function ConvertTo-PasswordPush { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '', Scope = 'Function', Justification = 'Creates a new object, no risk of overwriting data.')] + [CmdletBinding()] + [OutputType([PasswordPush])] + param( + [parameter(Mandatory, ValueFromPipeline)] + [ValidateNotNullOrEmpty()] + $JsonResponse + ) + process { + try { + $jsonObject = if ($JsonResponse -is [string]) { $JsonResponse | ConvertFrom-Json } else { $JsonResponse } + foreach ($o in $jsonObject) { + [PasswordPush]($o | ConvertTo-Json) # TODO fix this mess + } + } + catch { + Write-Debug 'Error in ConvertTo-PasswordPush coercing JSON object to PasswordPush object' + Write-Debug "JsonResponse parameter value: [[$JsonResponse]]" + Write-Error $_ + } + } +} +#EndRegion '.\Private\ConvertTo-PasswordPush.ps1' 84 +#Region '.\Private\Format-PasswordPusherSecret.ps1' -1 + +function Format-PasswordPusherSecret { + [CmdletBinding()] + [OutputType([string])] + param( + [Parameter(Mandatory)] + [AllowEmptyString()] + [string]$Secret, + + [Parameter()] + [switch]$ShowSample + ) + process { + if ($Secret -eq '') { + "length 0" + continue + } + $length = $Secret.Length + $last4 = $Secret.Substring($length - 4) + if ($ShowSample) { + "length $length ending [$last4]" + } + else { + "length $length" + } + } +} +#EndRegion '.\Private\Format-PasswordPusherSecret.ps1' 27 +#Region '.\Private\Invoke-PasswordPusherAPI.ps1' -1 + +function Invoke-PasswordPusherAPI { + [CmdletBinding()] + [OutputType([PSCustomObject])] + param( + [string]$Endpoint, + [Microsoft.PowerShell.Commands.WebRequestMethod]$Method = [Microsoft.PowerShell.Commands.WebRequestMethod]::Get, + [object]$Body, + + [Switch]$ReturnErrors + ) + process { + $_uri = "$Script:PPPBaseURL/$Endpoint" + Write-Debug "Invoke-PasswordPusherAPI: $Method $_uri" + + $iwrSplat = @{ + 'Method' = $Method + 'ContentType' = 'application/json' + 'Body' = ($body | ConvertTo-Json) + 'Uri' = $_uri + 'UserAgent' = $Script:PPPUserAgent + } + if ($Script:PPPHeaders.'X-User-Token') { + $iwrSplat['Headers'] = $Script:PPPHeaders + Write-Debug "Authenticated with API token $(Format-PasswordPusherSecret -Secret $Script:PPPHeaders.'X-User-Token' -ShowSample)" + } + if ($Script:PPPHeaders.'Authorization') { + $iwrSplat['Headers'] = $Script:PPPHeaders + Write-Debug "Authenticated with API token $(Format-PasswordPusherSecret -Secret $Script:PPPHeaders.'Authorization' -ShowSample)" + } + $callInfo = "$Method $_uri" + Write-Verbose "Sending HTTP request: $callInfo" + + $call = Invoke-WebRequest @iwrSplat -SkipHttpErrorCheck + Write-Debug "Response: $($call.StatusCode) $($call.Content)" + if (Test-Json -Json $call.Content) { + $result = $call.Content | ConvertFrom-Json + if ($ReturnErrors -or $call.StatusCode -eq 200 -or $null -eq $result.error) { + $result + } else { + Write-Error -Message "$callInfo : $($call.StatusCode) $($result.error)" + } + } else { + Write-Error -Message "Parseable JSON not returned by API. $callInfo : $($call.StatusCode) $($call.Content)" + } + } +} +#EndRegion '.\Private\Invoke-PasswordPusherAPI.ps1' 47 +#Region '.\Public\Get-Dashboard.ps1' -1 + +<# + .SYNOPSIS + Get a list of active or expired Pushes for an authenticated user + + .DESCRIPTION + Retrieves a list of Pushes - active or expired - for an authenticated user. + Active and Expired are different endpoints, so to get both you'll need to make + two calls. + + .PARAMETER Dashboard + The type of dashboard to retrieve. Active or Expired. + + .INPUTS + [string] 'Active' or 'Expired' + + .OUTPUTS + [PasswordPush[]] Array of pushes with data + + .EXAMPLE + Get-Dashboard + + .EXAMPLE + Get-Dashboard Active + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-Dashboard.md + + .LINK + https://pwpush.com/api/1.0/passwords/active.en.html + + .LINK + Get-PushAuditLog + + #> +function Get-Dashboard { + [CmdletBinding()] + [OutputType([PasswordPush[]])] + param( + [parameter(Position = 0)] + [ValidateSet('Active', 'Expired')] + [ValidateNotNullOrEmpty()] + [string] + $Dashboard = 'Active' + ) + process { + if (-not $Script:PPPHeaders) { Write-Error 'Dashboard access requires authentication. Run Initialize-PassPushPosh and pass your email address and API key before retrying.' -ErrorAction Stop -Category AuthenticationError } + $uri = "p/$($Dashboard -eq 'Active' ? 'active.json' : 'expired.json')" + Invoke-PasswordPusherAPI -Endpoint $uri -Method Get | ConvertTo-PasswordPush + } +} +#EndRegion '.\Public\Get-Dashboard.ps1' 51 +#Region '.\Public\Get-Push.ps1' -1 + +<# + .SYNOPSIS + Retrieve the secret contents of a Push + + .DESCRIPTION + Get-Push accepts a URL Token string and returns the contents of a Push along with + metadata regarding that Push. Note: Get-Push will return data on an expired + Push (datestamps, etc) even if it does not return the Push contents. + + .PARAMETER URLToken + URL Token for the secret + + .PARAMETER Passhrase + An additional phrase required to view the secret. Required if the Push was created with a Passphrase. + + .INPUTS + [string] + + .OUTPUTS + [PasswordPush] + + .EXAMPLE + Get-Push -URLToken gzv65wiiuciy + + .EXAMPLE + Get-Push -URLToken gzv65wiiuciy -Passphrase "My Passphrase" + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-Push.md + + .LINK + https://pwpush.com/api/1.0/passwords.en.html + + .LINK + https://github.com/pglombardo/PasswordPusher/blob/c2909b2d5f1315f9b66939c9fbc7fd47b0cfeb03/app/controllers/passwords_controller.rb#L89 + + .LINK + New-Push + + #> +function Get-Push { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingPlainTextForPassword", "Passphrase", Justification = "DE0001: SecureString shouldn't be used")] + [CmdletBinding()] + [OutputType([PasswordPush])] + param( + [Parameter(Mandatory, ValueFromPipeline)] + [ValidateNotNullOrEmpty()] + [Alias('Token')] + $URLToken, + + [Parameter()] + [String]$Passphrase + ) + begin { Initialize-PassPushPosh -Verbose:$VerbosePreference -Debug:$DebugPreference } + process { + $endpoint = $Passphrase ? "p/$URLToken.json?passphrase=$Passphrase" : "p/$URLToken.json" + $result = Invoke-PasswordPusherAPI -Endpoint $endpoint -ReturnErrors + switch ($result.error){ + 'not-found' { Write-Error -Message "Push not found. Check the token you provided. Tokens are case-sensitive." } + 'This push has a passphrase that was incorrect or not provided.' { if ($Passphrase) { Write-Error -Message "Incorrect passphrase provided." } else { Write-Error -Message "Passphrase required. Specify with the -Passphrase parameter." } } + default { $result | ConvertTo-PasswordPush } + } + } +} +#EndRegion '.\Public\Get-Push.ps1' 65 +#Region '.\Public\Get-PushAccount.ps1' -1 + +<# + .SYNOPSIS + Get a list of accounts for an authenticated user + + .DESCRIPTION + Retrieves a list of accounts for an authenticated user. + + .LINK + Get-PushAuditLog + + #> +function Get-PushAccount { + [CmdletBinding()] + [OutputType([PasswordPush[]])] + param() + process { + if (-not $Script:PPPHeaders) { Write-Error 'Dashboard access requires authentication. Run Initialize-PassPushPosh and pass your email address and API key before retrying.' -ErrorAction Stop -Category AuthenticationError } + $uri = 'api/v1/accounts' + Invoke-PasswordPusherAPI -Endpoint $uri -Method Get + } +} +#EndRegion '.\Public\Get-PushAccount.ps1' 22 +#Region '.\Public\Get-PushAuditLog.ps1' -1 + +<# + .SYNOPSIS + Get the view log of an authenticated Push + + .DESCRIPTION + Retrieves the view log of a Push created under an authenticated session. + Returns an array of custom objects with view data. If the query is + successful but there are no results, it returns an empty array. + If there's an error, a single object is returned with information. + See "handling errors" under NOTES + + .PARAMETER URLToken + URL Token from a secret + + .INPUTS + [string] + + .OUTPUTS + [PsCustomObject[]] Array of entries. + [PsCustomObject] If there's an error in the call, it will be returned an object with a property + named 'error'. The value of that member will contain more information + + .EXAMPLE + Get-PushAuditLog -URLToken 'mytokenfromapush' + ip : 75.202.43.56,102.70.135.200 + user_agent : Mozilla/5.0 (Macintosh; Darwin 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:20:05 PDT 2022; root:xnu-8020.140.49~2/RELEASE_ARM64_T8101; + en-US) PowerShell/7.2.7 + referrer : + successful : True + created_at : 11/19/2022 6:32:42 PM + updated_at : 11/19/2022 6:32:42 PM + kind : 0 + + .EXAMPLE + # If there are no views, an empty array is returned + Get-PushAuditLog -URLToken 'mytokenthatsneverbeenseen' + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-PushAuditLog.md + + .LINK + https://pwpush.com/api/1.0/passwords/audit.en.html + + .LINK + Get-Dashboard + + .NOTES + Handling Errors: + The API returns different HTTP status codes and results depending where the + call fails. + + | HTTP RESPONSE | Error Reason | Response Body | Sample Object Returned | Note | + |------------------|---------------------------------|----------------------------------------------|--------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| + | 401 UNAUTHORIZED | Invalid API key or email | None | @{ 'Error'= 'Authentication error. Verify email address and API key.'; 'ErrorCode'= 401 } | | + | 200 OK | Push created by another account | {"error":"That push doesn't belong to you."} | @{ 'Error'= "That Push doesn't belong to you"; 'ErrorCode'= 403 } | Function transforms error code to 403 to allow easier response management | + | 404 NOT FOUND | Invalid URL token | None | @{ 'Error'= 'Invalid token. Verify your Push URL token is correct.'; 'ErrorCode'= 404 } | This is different than the response to a delete Push query - in this case it will only return 404 if the token is invalid. | + + #> +function Get-PushAuditLog { + [CmdletBinding()] + [OutputType([PSCustomObject[]])] + param( + [parameter(Mandatory, ValueFromPipeline)] + [Alias('Token')] + [string] + $URLToken + ) + begin { + if (-not $Script:PPPHeaders) { Write-Error 'Retrieving audit logs requires authentication. Run Initialize-PassPushPosh and pass your email address and API key before retrying.' -ErrorAction Stop -Category AuthenticationError } + } + process { + $response = Invoke-PasswordPusherAPI -Endpoint "p/$URLToken/audit.json" -ReturnErrors + switch ($response.error) { + 'not-found' { Write-Error -Message "Push not found. Check the token you provided. Tokens are case-sensitive." } + { $null -ne $_ -and $_ -ne 'not-found' } { Write-Error -Message $_ } + default { $response | Select-Object -ExpandProperty views } + } + } +} +#EndRegion '.\Public\Get-PushAuditLog.ps1' 80 +#Region '.\Public\Get-SecretLink.ps1' -1 + +<# + .SYNOPSIS + Returns a fully qualified secret link to a push of given URL Token + + .DESCRIPTION + Accepts a string value for a URL Token and retrieves a full URL link to the secret. + Returned value is a 1-step retrieval link depending on option selected during Push creation. + Returns false if URL Token is invalid, however it will return a URL if the token is valid + but the Push is expired or deleted. + + .PARAMETER URLToken + URL Token for the secret + + .INPUTS + [string] URL Token value + + .OUTPUTS + [string] Fully qualified URL + + .EXAMPLE + Get-SecretLink -URLToken gzv65wiiuciy + https://pwpush.com/p/gzv65wiiuciy/r + + .EXAMPLE + Get-SecretLink -URLToken gzv65wiiuciy -Raw + { "url": "https://pwpush.com/p/0fkapnbo_pwp4gi8uy0/r" } + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/Get-SecretLink.md + + .LINK + https://pwpush.com/api/1.0/passwords/preview.en.html + + .NOTES + Including this endpoint for completeness - however it is generally unnecessary. + The only thing this endpoint does is return a different value depending if "Use 1-click retrieval step" + was selected when the Push was created. Since both the 1-click and the direct links are available + regardless if that option is selected, the links are calculable and both are included by default in a + [PasswordPush] object. + + As it returns false if a Push URL token is not valid you can use it to test if a Push exists without + burning a view. + #> +function Get-SecretLink { + [CmdletBinding()] + [Alias('Get-PushPreview')] + [OutputType('[string]')] + param( + [parameter(Mandatory, ValueFromPipeline)] + [Alias('Token')] + [ValidateLength(5, 256)] + [string]$URLToken + ) + begin { Initialize-PassPushPosh -Verbose:$VerbosePreference -Debug:$DebugPreference } + process { + Invoke-PasswordPusherAPI -Endpoint "p/$URLToken/preview.json" | Select-Object -ExpandProperty url + } +} +#EndRegion '.\Public\Get-SecretLink.ps1' 59 +#Region '.\Public\Initialize-PassPushPosh.ps1' -1 + +<# + .SYNOPSIS + Initialize the PassPushPosh module + + .DESCRIPTION + Initialize-PassPushPosh sets variables for the module's use during the remainder of the session. + Server URL and User Agent values are set by default but may be overridden. + If invoked with email address and API key, calls are sent as authenticated. Otherwise they default to + anonymous. + + This function is called automatically if needed, defaulting to the public pwpush.com service. + + .PARAMETER AccountType + For paid users, specify the account type as Premium or Pro. Not required for free accounts and self-hosted. + + .PARAMETER EmailAddress + Email address for authenticated calls. + + .PARAMETER ApiKey + API key for authenticated calls. + + .PARAMETER BaseUrl + Base URL for API calls. Allows use of module with private instances of Password Pusher + Default: https://pwpush.com + + .PARAMETER UserAgent + Set a specific user agent. Default user agent is a combination of the + module info, what your OS reports itself as, and a hash based on + your username + workstation or domain name. This way the UA can be + semi-consistent across sessions but not identifying. + + .PARAMETER Force + Force setting new information. If module is already initialized you can use this to + Re-initialize with default settings. Implied if either ApiKey or BaseUrl is provided. + + .EXAMPLE + # Initialize with default settings + PS > Initialize-PassPushPosh + + .EXAMPLE + # Initialize with authentication + PS > Initialize-PassPushPosh -EmailAddress 'youremail@example.com' -ApiKey '239jf0jsdflskdjf' -Verbose + + VERBOSE: Initializing PassPushPosh. ApiKey: [x-kdjf], BaseUrl: https://pwpush.com + + .EXAMPLE + # Initialize with another server with authentication + PS > Initialize-PassPushPosh -BaseUrl https://myprivatepwpushinstance.com -EmailAddress 'youremail@example.com' -ApiKey '239jf0jsdflskdjf' -Verbose + + VERBOSE: Initializing PassPushPosh. ApiKey: [x-kdjf], BaseUrl: https://myprivatepwpushinstance.com + + .EXAMPLE + # Set a custom User Agent + PS > InitializePassPushPosh -UserAgent "I'm a cool dude with a cool script." + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/Initialize-PassPushPosh.md + + .NOTES + -WhatIf setting for Set-Variable -Script is disabled, otherwise -WhatIf + calls for other functions would return incorrect data in the case this + function has not yet run. + #> +function Initialize-PassPushPosh { + [CmdletBinding(DefaultParameterSetName = 'Anonymous')] + param ( + [Parameter(ParameterSetName = 'Pro')] + [ValidateSet('Premium', 'Pro')] + [string]$AccountType = 'Pro', + + [Parameter(Mandatory, Position = 0, ParameterSetName = 'Authenticated')] + [ValidatePattern('.+\@.+\..+', ErrorMessage = 'Please specify a valid email address')] + [string]$EmailAddress, + + [Parameter(Mandatory, ParameterSetName = 'Pro')] + [Parameter(Mandatory, Position = 1, ParameterSetName = 'Authenticated')] + [ValidateLength(5, 256)] + [string]$ApiKey, + + [Parameter(Position = 0, ParameterSetName = 'Anonymous')] + [Parameter(Position = 2, ParameterSetName = 'Authenticated')] + [ValidatePattern('^https?:\/\/[a-zA-Z0-9-_]+.[a-zA-Z0-9]+')] + [string]$BaseUrl, + + [Parameter()] + [ValidateNotNullOrEmpty()] + [string] + $UserAgent, + + [Parameter()][switch]$Force + ) + if ($Script:PPPBaseURL -and $true -inotin $Force, [bool]$ApiKey, [bool]$BaseUrl, [bool]$UserAgent) { Write-Debug -Message 'PassPushPosh is already initialized.' } + else { + $defaultBaseUrl = 'https://pwpush.com' + $apiKeyOutput = $ApiKey ? (Format-PasswordPusherSecret -Secret $ApiKey -ShowSample) : 'None' + + if (-not $Script:PPPBaseURL) { + # Not initialized + if (-not $BaseUrl) { $BaseUrl = $defaultBaseUrl } + Write-Verbose "Initializing PassPushPosh. ApiKey: [$apiKeyOutput], BaseUrl: $BaseUrl" + } + elseif ($Force -or $ApiKey -or $BaseURL) { + if (-not $BaseUrl) { $BaseUrl = $defaultBaseUrl } + $oldApiKeyOutput = if ($Script:PPPApiKey) { Format-PasswordPusherSecret -Secret $Script:PPPApiKey -ShowSample } else { 'None' } + Write-Verbose "Re-initializing PassPushPosh. Old ApiKey: [$oldApiKeyOutput] New ApiKey: [$apiKeyOutput], Old BaseUrl: $Script:PPPBaseUrl New BaseUrl: $BaseUrl" + } + if ($PSCmdlet.ParameterSetName -eq 'Authenticated') { + + Set-Variable -Scope Script -Name PPPHeaders -WhatIf:$false -Value @{ + 'X-User-Email' = $EmailAddress + 'X-User-Token' = $ApiKey + } + } + elseif ($PSCmdlet.ParameterSetName -eq 'Pro') { + Write-Debug "Initializing for paid tier $($AccountType)" + Set-Variable -Scope Script -Name PPPHeaders -WhatIf:$false -Value @{ + 'Authorization' = "Bearer $ApiKey" + } + } + elseif ($Script:PPPHeaders) { + # Remove if present - covers case where module is reinitialized from an authenticated to an anonymous session + Remove-Variable -Scope Script -Name PPPHeaders -WhatIf:$false + } + + if (-not $UserAgent) { + $osVersion = [System.Environment]::OSVersion + $userAtDomain = '{0}@{1}' -f [System.Environment]::UserName, [System.Environment]::UserDomainName + $uAD64 = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($userAtDomain)) + Write-Debug "$userAtDomain transformed to $uAD64. First 20 characters $($uAD64.Substring(0,20))" + # Version tag is replaced by the semantic version number at build time. See PassPushPosh/issues/11 for context + $UserAgent = "PassPushPosh/1.2.0 $osVersion/$($uAD64.Substring(0,20))" + # $UserAgent = "PassPushPosh/$((Get-Module -Name PassPushPosh).Version.ToString()) $osVersion/$($uAD64.Substring(0,20))" + Write-Verbose "Generated user agent: $UserAgent" + } + else { + Write-Verbose "Using specified user agent: $UserAgent" + } + + Set-Variable -WhatIf:$false -Scope Script -Name PPPBaseURL -Value $BaseUrl.TrimEnd('/') + Set-Variable -WhatIf:$false -Scope Script -Name PPPUserAgent -Value $UserAgent + } +} +#EndRegion '.\Public\Initialize-PassPushPosh.ps1' 143 +#Region '.\Public\New-Push.ps1' -1 + +<# + .SYNOPSIS + Create a new Push + + .DESCRIPTION + Create a new Push on the specified Password Pusher instance. The + programmatic equivalent of going to pwpush.com and entering info. + Returns [PasswordPush] object. Link member is a link created based on + 1-step setting however both 1-step and direct links + are always provided at LinkRetrievalStep and LinkDirect properties. + + .PARAMETER Payload + The URL password or secret text to share. + + .PARAMETER Passphrase + Require recipients to enter this passphrase to view the created push. + + .PARAMETER Note + The note for this push. Visible only to the push creator. Requires authentication. + + .PARAMETER ExpireAfterDays + Expire secret link and delete after this many days. + + .PARAMETER ExpireAfterViews + Expire secret link and delete after this many views. + + .PARAMETER DeletableByViewer + Allow the recipient of a Push to delete it. + + .PARAMETER RetrievalStep + Require recipient click an extra link to view Push payload. + Helps to avoid chat systems and URL scanners from eating up views. + Note that the retrieval step URL is always available for a push. This + parameter changes if the 1-click link is used in the Link parameter + and returned from the secret link helper (Get-SecretLink) + + .PARAMETER AccountId + Account ID to associate with this push. Requires authentication. + + .INPUTS + [string] + + .OUTPUTS + [PasswordPush] Representation of the submitted push + + .EXAMPLE + $myPush = New-Push "Here's my secret!" + PS > $myPush | Select-Object Link, LinkRetrievalStep, LinkDirect + + Link : https://pwpush.com/p/gzv65wiiuciy # Requested style + LinkRetrievalStep : https://pwpush.com/p/gzv65wiiuciy/r # 1-step + LinkDirect : https://pwpush.com/p/gzv65wiiuciy # Direct + + .EXAMPLE + "Super secret secret" | New-Push -RetrievalStep | Select-Object -ExpandProperty Link + + https://pwpush.com/p/gzv65wiiuciy/r + + + .EXAMPLE + # "Burn after reading" style Push + PS > New-Push -Payload "Still secret text!" -ExpireAfterViews 1 -RetrievalStep + + .LINK + https://github.com/adamburley/PassPushPosh/blob/main/Docs/New-Push.md + + .LINK + https://pwpush.com/api/1.0/passwords/create.en.html + + .LINK + https://github.com/pglombardo/PasswordPusher/blob/c2909b2d5f1315f9b66939c9fbc7fd47b0cfeb03/app/controllers/passwords_controller.rb#L120 + + .LINK + Get-Push + + .NOTES + Maximum for -ExpireAfterDays and -ExpireAfterViews is based on the default + values for Password Pusher and what's used on the public instance + (pwpush.com). If you're using this with a private instance and want to + override that value you'll need to fork this module. + #> +function New-Push { + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', 'Passphrase', Justification = "DE0001: SecureString shouldn't be used")] + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'Low', DefaultParameterSetName = 'Anonymous')] + [OutputType([PasswordPush])] + param( + [Parameter(Mandatory = $true, ValueFromPipeline, Position = 0)] + [Alias('Password')] + [ValidateNotNullOrEmpty()] + [string]$Payload, + + [Parameter()] + [string]$Passphrase, + + [Parameter(ParameterSetName = 'Authenticated')] + [ValidateScript({ $null -ne $Script:PPPHeaders.'X-User-Token' -or $null -ne $Script:PPPHeaders.Authorization }, ErrorMessage = 'Adding a note requires authentication.')] + [ValidateNotNullOrEmpty()] + [string]$Note, + + [Parameter()] + [ValidateRange(1, 90)] + [int] + $ExpireAfterDays, + + [Parameter()] + [ValidateRange(1, 100)] + [int] + $ExpireAfterViews, + + [Parameter()] + [switch] + $DeletableByViewer, + + [Parameter()] + [switch] + $RetrievalStep, + + [Parameter()] + [ValidateScript({ $null -ne $Script:PPPHeaders.Authorization }, ErrorMessage = 'Adding an account id requires authentication.')] + $AccountId + ) + + begin { + Initialize-PassPushPosh -Verbose:$VerbosePreference -Debug:$DebugPreference + } + process { + $body = @{ + 'password' = @{ + 'payload' = $Payload + } + } + $shouldString = 'Submit {0} push with Payload of length {1}' -f $PSCmdlet.ParameterSetName, $Payload.Length + if ($Passphrase) { + $body.password.passphrase = $Passphrase + $shouldString += ", with passphrase of length $($Passphrase.Length)" + } + if ($Note) { + $body.password.note = $note + $shouldString += ", with note $note" + } + if ($ExpireAfterDays) { + $body.password.expire_after_days = $ExpireAfterDays + $shouldString += ', expire after {0} days' -f $ExpireAfterDays + } + if ($ExpireAfterViews) { + $body.password.expire_after_views = $ExpireAfterViews + $shouldString += ', expire after {0} views' -f $ExpireAfterViews + } + if ($AccountId) { + $body.account_id = $AccountId + $shouldString += ', with account ID {0}' -f $AccountId + } + $body.password.deletable_by_viewer = if ($DeletableByViewer) { + $shouldString += ', deletable by viewer' + $true + } else { + $shouldString += ', NOT deletable by viewer' + $false + } + $body.password.retrieval_step = if ($RetrievalStep) { + $shouldString += ', with a 1-click retrieval step' + $true + } else { + $shouldString += ', with a direct link' + $false + } + if ($PSCmdlet.ShouldProcess($shouldString, $iwrSplat.Uri, 'Submit new Push')) { + $response = Invoke-PasswordPusherAPI -Endpoint 'p.json' -Method Post -Body $body + $response | ConvertTo-PasswordPush + } + } +} +#EndRegion '.\Public\New-Push.ps1' 173 +#Region '.\Public\Remove-Push.ps1' -1 + +<# +.SYNOPSIS +Remove a Push + +.DESCRIPTION +Remove (invalidate) an active push. Requires the Push be either set as +deletable by viewer, or that you are authenticated as the creator of the +Push. + +If you have authorization to delete a push (deletable by viewer TRUE or +you are the Push owner) the endpoint will always return 200 OK with a Push +object, regardless if the Push was previously deleted or expired. + +If the Push URL Token is invalid OR you are not authorized to delete the +Push, the endpoint returns 404 and this function returns $false + +.PARAMETER URLToken +URL Token for the secret + +.PARAMETER PushObject +PasswordPush object + +.INPUTS +[string] URL Token +[PasswordPush] representing the Push to remove + +.OUTPUTS +[bool] True on success, otherwise False + +.EXAMPLE +Remove-Push -URLToken bwzehzem_xu- + +.EXAMPLE +Remove-Push -URLToken + +.LINK +https://github.com/adamburley/PassPushPosh/blob/main/Docs/Remove-Push.md + +.LINK +https://pwpush.com/api/1.0/passwords/destroy.en.html + +.NOTES +TODO testing and debugging +#> +function Remove-Push { + [CmdletBinding(SupportsShouldProcess, DefaultParameterSetName = 'Token')] + [OutputType([PasswordPush], [bool])] + param( + [parameter(ValueFromPipeline, ParameterSetName = 'Token')] + [ValidateNotNullOrEmpty()] + [Alias('Token')] + [string] + $URLToken, + + [Parameter(ValueFromPipeline, ParameterSetName = 'Object')] + [PasswordPush] + $PushObject + ) + process { + if ($PSCmdlet.ParameterSetName -eq 'Object') { + Write-Debug -Message "Remove-Push was passed a PasswordPush object with URLToken: [$($PushObject.URLToken)]" + if (-not $PushObject.IsDeletableByViewer -and -not $Script:PPPHeaders) { + #Pre-qualify if this will succeed + Write-Warning -Message 'Unable to remove Push. Push is not marked as deletable by viewer and you are not authenticated.' + continue + } + if ($PushObject.IsDeletableByViewer) { + Write-Verbose "Push is flagged as deletable by viewer, should be deletable." + } + else { Write-Verbose "In an authenticated API session. Push will be deletable if it was created by authenticated user." } + $URLToken = $PushObject.URLToken + } + else { + Write-Debug -Message "Remove-Push was passed a URLToken: [$URLToken]" + } + Write-Verbose -Message "Push with URL Token [$URLToken] will be deleted if 'Deletable by viewer' was enabled or you are the creator of the push and are authenticated." + if ($PSCmdlet.ShouldProcess('Delete', "Push with token [$URLToken]")) { + $result = Invoke-PasswordPusherAPI -Endpoint "p/$URLToken.json" -Method 'Delete' -ReturnErrors + if ($result.error) { + Write-Error -Message "Unable to remove Push with token [$URLToken]. Error: $($result.error)" + } + else { + $result | ConvertTo-PasswordPush + } + } + } +} +#EndRegion '.\Public\Remove-Push.ps1' 88 From c8870a11405ab3bac75c5a7e1aac1df3f180da96 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 6 Feb 2025 15:18:12 -0500 Subject: [PATCH 037/138] fix api client results --- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index b5a03a747a1b..f005a7287b47 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -117,22 +117,22 @@ function Invoke-ExecApiClient { $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.ClientId)'" if (!$Client) { $Results = @{ - text = 'API client not found' - severity = 'error' + resultText = 'API client not found' + severity = 'error' } } else { $ApiConfig = New-CIPPAPIConfig -ResetSecret -AppId $Request.Body.ClientId if ($ApiConfig.ApplicationSecret) { $Results = @{ - text = "API secret reset for $($Client.AppName)" - copyField = $ApiConfig.ApplicationSecret - severity = 'success' + resultText = "API secret reset for $($Client.AppName). Use the Copy to Clipboard button to retrieve the new secret." + copyField = $ApiConfig.ApplicationSecret + state = 'success' } } else { $Results = @{ - text = "Failed to reset secret for $($Client.AppName)" - severity = 'error' + resultText = "Failed to reset secret for $($Client.AppName)" + state = 'error' } } } From 3ccb6c14a9f7dfa3b34e552c17b2f448d8749c16 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 6 Feb 2025 15:26:26 -0500 Subject: [PATCH 038/138] Update Invoke-ExecApiClient.ps1 --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index f005a7287b47..36aee82752a2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -76,7 +76,7 @@ function Invoke-ExecApiClient { 'Enabled' = $Request.Body.Enabled ?? $false } $Results = @{ - resultText = "API Client created '$($Client.AppName)'" + resultText = "API Client created with the name '$($Client.AppName)'. Use the Copy to Clipboard button to retrieve the secret." copyField = $APIConfig.ApplicationSecret state = 'success' } From 764c314e0d29d5baae873ef66a38ac71b76cc9b0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 6 Feb 2025 23:06:07 +0100 Subject: [PATCH 039/138] template repo --- .../CIPPCore/Public/New-CIPPTemplateRun.ps1 | 327 +++++++++--------- 1 file changed, 170 insertions(+), 157 deletions(-) diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 index 6265eafb927b..96e68e4ac909 100644 --- a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 @@ -18,184 +18,197 @@ function New-CIPPTemplateRun { $key } } + if ($TemplateSettings.templateRepo) { + Write-Host 'Grabbing data from required template repo' + $RepoURI = "https://geoipdb.azurewebsites.net/api/GetTemplateRepo?repo=$($TemplateSettings.templateRepo.value)" + $RepoData = Invoke-RestMethod -Uri $RepoURI -Method GET -ContentType 'application/json' + $ImportTemplates = foreach ($task in $Tasks) { + switch ($Task) { + 'caTemplates' { $RepoData.ca } + 'policyTemplates' { $RepoData.policyTemplates } + 'groupTemplates' { $RepoData.groupTemplates } + 'standardTemplates' { $RepoData.standardTemplates } + } + } + + } else { + foreach ($Task in $Tasks) { + Write-Host "Working on task $Task" + switch ($Task) { + 'ca' { + Write-Host "Template Conditional Access Policies for $TenantFilter" + $Policies = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/policies?$top=999' -tenantid $TenantFilter + Write-Host 'Creating templates for found Conditional Access Policies' + foreach ($policy in $policies) { + try { + $Template = New-CIPPCATemplate -TenantFilter $TenantFilter -JSON $policy + #check existing templates, if the displayName is the same, overwrite it. + $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $policy.displayName } | Select-Object -First 1 + if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'CATemplate') { + "Policy $($policy.displayName) found, updating template" + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$Template" + RowKey = $ExistingPolicy.GUID + PartitionKey = 'CATemplate' + GUID = $ExistingPolicy.GUID + } -Force + } else { + "Policy $($policy.displayName) not found in existing templates, creating new template" + $GUID = (New-Guid).GUID + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$Template" + RowKey = "$GUID" + PartitionKey = 'CATemplate' + GUID = "$GUID" + } + } + } catch { + "Failed to create a template of the Conditional Access Policy with ID: $($policy.id). Error: $($_.Exception.Message)" + } + } + } + 'intuneconfig' { + Write-Host "Backup Intune Configuration Policies for $TenantFilter" + $GraphURLS = @("https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations?`$select=id,displayName,lastModifiedDateTime,roleScopeTagIds,microsoft.graph.unsupportedDeviceConfiguration/originalEntityTypeName&`$expand=assignments&top=1000" + 'https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles' + "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations?`$expand=assignments&top=999" + "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations?`$expand=assignments&`$filter=microsoft.graph.androidManagedStoreAppConfiguration/appSupportsOemConfig%20eq%20true" + 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' + ) + + $Policies = foreach ($url in $GraphURLS) { + try { + $Policies = New-GraphGetRequest -uri "$($url)" -tenantid $TenantFilter + $URLName = (($url).split('?') | Select-Object -First 1) -replace 'https://graph.microsoft.com/beta/deviceManagement/', '' + foreach ($Policy in $Policies) { + try { + $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.ID + $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1 + if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') { + "Policy $($Template.DisplayName) found, updating template" + $object = [PSCustomObject]@{ + Displayname = $Template.DisplayName + Description = $Template.Description + RAWJson = $Template.TemplateJson + Type = $Template.Type + GUID = $ExistingPolicy.GUID + } | ConvertTo-Json + + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$object" + RowKey = $ExistingPolicy.GUID + PartitionKey = 'IntuneTemplate' + } -Force + } else { + "Policy $($Template.DisplayName) not found in existing templates, creating new template" + $GUID = (New-Guid).GUID + $object = [PSCustomObject]@{ + Displayname = $Template.DisplayName + Description = $Template.Description + RAWJson = $Template.TemplateJson + Type = $Template.Type + GUID = $GUID + } | ConvertTo-Json + + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$object" + RowKey = "$GUID" + PartitionKey = 'IntuneTemplate' + } -Force + } + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + "Failed to create a template of the Intune Configuration Policy with ID: $($Policy.id). Error: $ErrorMessage" + } + } + } catch { + Write-Host "Failed to backup $url" + } + } + } + 'intunecompliance' { + Write-Host "Backup Intune Compliance Policies for $TenantFilter" + New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?$top=999' -tenantid $TenantFilter | ForEach-Object { + $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $_.ID + $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1 + if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') { + "Policy $($Template.DisplayName) found, updating template" + $object = [PSCustomObject]@{ + Displayname = $Template.DisplayName + Description = $Template.Description + RAWJson = $Template.TemplateJson + Type = $Template.Type + GUID = $ExistingPolicy.GUID + } | ConvertTo-Json - foreach ($Task in $Tasks) { - Write-Host "Working on task $Task" - switch ($Task) { - 'ca' { - Write-Host "Template Conditional Access Policies for $TenantFilter" - $Policies = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/conditionalAccess/policies?$top=999' -tenantid $TenantFilter - Write-Host 'Creating templates for found Conditional Access Policies' - foreach ($policy in $policies) { - try { - $Template = New-CIPPCATemplate -TenantFilter $TenantFilter -JSON $policy - #check existing templates, if the displayName is the same, overwrite it. - $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $policy.displayName } | Select-Object -First 1 - if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'CATemplate') { - "Policy $($policy.displayName) found, updating template" Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$Template" + JSON = "$object" RowKey = $ExistingPolicy.GUID - PartitionKey = 'CATemplate' - GUID = $ExistingPolicy.GUID + PartitionKey = 'IntuneTemplate' } -Force } else { - "Policy $($policy.displayName) not found in existing templates, creating new template" + "Policy $($Template.DisplayName) not found in existing templates, creating new template" $GUID = (New-Guid).GUID + $object = [PSCustomObject]@{ + Displayname = $Template.DisplayName + Description = $Template.Description + RAWJson = $Template.TemplateJson + Type = $Template.Type + GUID = $GUID + } | ConvertTo-Json + Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$Template" + JSON = "$object" RowKey = "$GUID" - PartitionKey = 'CATemplate' - GUID = "$GUID" - } + PartitionKey = 'IntuneTemplate' + } -Force } - } catch { - "Failed to create a template of the Conditional Access Policy with ID: $($policy.id). Error: $($_.Exception.Message)" } } - } - 'intuneconfig' { - Write-Host "Backup Intune Configuration Policies for $TenantFilter" - $GraphURLS = @("https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations?`$select=id,displayName,lastModifiedDateTime,roleScopeTagIds,microsoft.graph.unsupportedDeviceConfiguration/originalEntityTypeName&`$expand=assignments&top=1000" - 'https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles' - "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations?`$expand=assignments&top=999" - "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppConfigurations?`$expand=assignments&`$filter=microsoft.graph.androidManagedStoreAppConfiguration/appSupportsOemConfig%20eq%20true" - 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' - ) - $Policies = foreach ($url in $GraphURLS) { - try { - $Policies = New-GraphGetRequest -uri "$($url)" -tenantid $TenantFilter - $URLName = (($url).split('?') | Select-Object -First 1) -replace 'https://graph.microsoft.com/beta/deviceManagement/', '' - foreach ($Policy in $Policies) { - try { - $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.ID - $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1 - if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') { - "Policy $($Template.DisplayName) found, updating template" - $object = [PSCustomObject]@{ - Displayname = $Template.DisplayName - Description = $Template.Description - RAWJson = $Template.TemplateJson - Type = $Template.Type - GUID = $ExistingPolicy.GUID - } | ConvertTo-Json + 'intuneprotection' { + Write-Host "Backup Intune Protection Policies for $TenantFilter" + New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/managedAppPolicies?$top=999' -tenantid $TenantFilter | ForEach-Object { + $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $_.ID + $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1 + if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') { + "Policy $($Template.DisplayName) found, updating template" + $object = [PSCustomObject]@{ + Displayname = $Template.DisplayName + Description = $Template.Description + RAWJson = $Template.TemplateJson + Type = $Template.Type + GUID = $ExistingPolicy.GUID + } | ConvertTo-Json - Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$object" - RowKey = $ExistingPolicy.GUID - PartitionKey = 'IntuneTemplate' - } -Force - } else { - "Policy $($Template.DisplayName) not found in existing templates, creating new template" - $GUID = (New-Guid).GUID - $object = [PSCustomObject]@{ - Displayname = $Template.DisplayName - Description = $Template.Description - RAWJson = $Template.TemplateJson - Type = $Template.Type - GUID = $GUID - } | ConvertTo-Json + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$object" + RowKey = $ExistingPolicy.GUID + PartitionKey = 'IntuneTemplate' + } -Force + } else { + "Policy $($Template.DisplayName) not found in existing templates, creating new template" + $GUID = (New-Guid).GUID + $object = [PSCustomObject]@{ + Displayname = $Template.DisplayName + Description = $Template.Description + RAWJson = $Template.TemplateJson + Type = $Template.Type + GUID = $GUID + } | ConvertTo-Json - Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$object" - RowKey = "$GUID" - PartitionKey = 'IntuneTemplate' - } -Force - } - } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - "Failed to create a template of the Intune Configuration Policy with ID: $($Policy.id). Error: $ErrorMessage" - } + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$object" + RowKey = "$GUID" + PartitionKey = 'IntuneTemplate' + } -Force } - } catch { - Write-Host "Failed to backup $url" } } - } - 'intunecompliance' { - Write-Host "Backup Intune Compliance Policies for $TenantFilter" - New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?$top=999' -tenantid $TenantFilter | ForEach-Object { - $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $_.ID - $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1 - if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') { - "Policy $($Template.DisplayName) found, updating template" - $object = [PSCustomObject]@{ - Displayname = $Template.DisplayName - Description = $Template.Description - RAWJson = $Template.TemplateJson - Type = $Template.Type - GUID = $ExistingPolicy.GUID - } | ConvertTo-Json - Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$object" - RowKey = $ExistingPolicy.GUID - PartitionKey = 'IntuneTemplate' - } -Force - } else { - "Policy $($Template.DisplayName) not found in existing templates, creating new template" - $GUID = (New-Guid).GUID - $object = [PSCustomObject]@{ - Displayname = $Template.DisplayName - Description = $Template.Description - RAWJson = $Template.TemplateJson - Type = $Template.Type - GUID = $GUID - } | ConvertTo-Json - - Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$object" - RowKey = "$GUID" - PartitionKey = 'IntuneTemplate' - } -Force - } - - } } - - 'intuneprotection' { - Write-Host "Backup Intune Protection Policies for $TenantFilter" - New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/managedAppPolicies?$top=999' -tenantid $TenantFilter | ForEach-Object { - $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $_.ID - $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1 - if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') { - "Policy $($Template.DisplayName) found, updating template" - $object = [PSCustomObject]@{ - Displayname = $Template.DisplayName - Description = $Template.Description - RAWJson = $Template.TemplateJson - Type = $Template.Type - GUID = $ExistingPolicy.GUID - } | ConvertTo-Json - - Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$object" - RowKey = $ExistingPolicy.GUID - PartitionKey = 'IntuneTemplate' - } -Force - } else { - "Policy $($Template.DisplayName) not found in existing templates, creating new template" - $GUID = (New-Guid).GUID - $object = [PSCustomObject]@{ - Displayname = $Template.DisplayName - Description = $Template.Description - RAWJson = $Template.TemplateJson - Type = $Template.Type - GUID = $GUID - } | ConvertTo-Json - - Add-CIPPAzDataTableEntity @Table -Entity @{ - JSON = "$object" - RowKey = "$GUID" - PartitionKey = 'IntuneTemplate' - } -Force - } - } - } - } } return $BackupData From 56fde8af8d25ff9519e67b146045384785ada005 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 6 Feb 2025 18:07:35 -0500 Subject: [PATCH 040/138] GitHub API functions Add function to search repositories Add function to get file contents --- .../Private/GitHub/Get-GitHubFileContents.ps1 | 23 +++++++++++ .../GitHub/Invoke-GitHubApiRequest.ps1 | 1 + .../GitHub/Search-GitHubRepository.ps1 | 38 +++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 create mode 100644 Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 diff --git a/Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 b/Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 new file mode 100644 index 000000000000..8ffc02df6e18 --- /dev/null +++ b/Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 @@ -0,0 +1,23 @@ +function Get-GitHubFileContents { + [CmdletBinding()] + param ( + [Parameter(ValueFromPipelineByPropertyName = $true)] + $Url + ) + + process { + $Table = Get-CIPPTable -TableName Extensionsconfig + $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub + [uri]$Uri = $Url + $Path = $Uri.PathAndQuery.TrimStart('/') + $File = Invoke-GitHubApiRequest -Configuration $Configuration -Path "$Path" -Method GET + + return [PSCustomObject]@{ + name = $File.name + path = $File.path + content = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($File.content)) + sha = $File.sha + size = $File.size + } + } +} diff --git a/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 index 312a38f8534d..5f46d8fe04e0 100644 --- a/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 +++ b/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 @@ -20,6 +20,7 @@ function Invoke-GitHubApiRequest { } $FullUri = "https://api.github.com/$Path" + Write-Verbose "[$Method] $FullUri" return Invoke-RestMethod -Method $Method -Uri $FullUri -Headers $Headers -Body $Body } else { throw 'GitHub API is not enabled' diff --git a/Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 b/Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 new file mode 100644 index 000000000000..7f1c8ee6c75d --- /dev/null +++ b/Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 @@ -0,0 +1,38 @@ +function Search-GitHubRepository { + [CmdletBinding()] + Param ( + [string[]]$Repository, + [string]$Path, + [string]$SearchTerm, + [string]$Language, + [string]$Type = 'code' + ) + $Table = Get-CIPPTable -TableName Extensionsconfig + $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub + + $QueryParts = [System.Collections.Generic.List[string]]::new() + if ($Repository) { + $RepoParts = [System.Collections.Generic.List[string]]::new() + foreach ($Repo in $Repository) { + $RepoParts.Add("repo:$Repo") + } + if (($RepoParts | Measure-Object).Count -gt 1) { + $QueryParts.Add('(' + ($RepoParts -join ' OR ') + ')') + } else { + $QueryParts.Add($RepoParts[0]) + } + } + if ($Path) { + $QueryParts.Add("path:$Path") + } + if ($SearchTerm) { + $QueryParts.Add("`"$SearchTerm`"") + } + if ($Language) { + $QueryParts.Add("language:$Language") + } + + $Query = $QueryParts -join ' ' + Write-Information "Query: $Query" + Invoke-GitHubApiRequest -Configuration $Configuration -Path "search/$($Type)?q=$($Query)" -Method GET +} From e93b0978a42cc8249957096bb5c7d8b4197f1127 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 6 Feb 2025 23:15:49 -0500 Subject: [PATCH 041/138] switch geo ip lookup to post --- .../CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 index 4613ea2c3c68..41a0ae5a2854 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 @@ -12,13 +12,13 @@ Function Invoke-ExecAddTrustedIP { $Table = Get-CippTable -tablename 'trustedIps' Add-CIPPAzDataTableEntity @Table -Entity @{ - PartitionKey = $request.query.tenantfilter - RowKey = $Request.query.ip - state = $request.query.State + PartitionKey = $Request.Body.tenantfilter + RowKey = $Request.Body.IP + state = $Request.Body.State } -Force Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = @{ results = "Added $($Request.query.ip) to database with state $($Request.query.state) for $($Request.query.tenantfilter)" } + Body = @{ results = "Added $($Request.Body.IP) to database with state $($Request.Body.State) for $($Request.Body.tenantfilter)" } }) -} \ No newline at end of file +} From 653b356dc29aa132b73da9611a067d460fa3f270 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 7 Feb 2025 00:53:57 -0500 Subject: [PATCH 042/138] allow disabling api authentication --- .../Public/Authentication/Set-CippApiAuth.ps1 | 38 ++++++++++++------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 index cdcca269be4e..3a809dffee09 100644 --- a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 @@ -24,19 +24,33 @@ function Set-CippApiAuth { "api://$ClientId" } + if (!$AllowedAudiences) { $AllowedAudiences = @() } + if (!$ClientIds) { $ClientIds = @() } + # Set auth settings - $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ - registration = @{ - clientId = $ClientIds[0] ?? $ClientIds - openIdIssuer = "https://sts.windows.net/$TenantID/v2.0" - } - validation = @{ - allowedAudiences = @($AllowedAudiences) - defaultAuthorizationPolicy = @{ - allowedApplications = @($ClientIds) + + if (($ClientIds | Measure-Object).Count -gt 0) { + $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ + enabled = $true + registration = @{ + clientId = $ClientIds[0] ?? $ClientIds + openIdIssuer = "https://sts.windows.net/$TenantID/v2.0" + } + validation = @{ + allowedAudiences = @($AllowedAudiences) + defaultAuthorizationPolicy = @{ + allowedApplications = @($ClientIds) + } } } + } else { + $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ + enabled = $false + registration = @{} + validation = @{} + } } + $AuthSettings.properties.globalValidation = @{ unauthenticatedClientAction = 'Return401' } @@ -47,14 +61,12 @@ function Set-CippApiAuth { } } - Write-Information ($AuthSettings | ConvertTo-Json -Depth 10) - if ($PSCmdlet.ShouldProcess('Update auth settings')) { # Update auth settings - Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10) + $null = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10) } if ($PSCmdlet.ShouldProcess('Update allowed tenants')) { - Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId } + $null = Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId } } } From 3e8d41ffdde8ef30518d83d1e5ea17491fd1b8e0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 7 Feb 2025 13:24:53 +0100 Subject: [PATCH 043/138] fixes removal of tenantallowlists --- .../Standards/Invoke-AddStandardsTemplate.ps1 | 2 +- .../Invoke-RemoveTenantAllowBlockList.ps1 | 32 ++++++++++++------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 index a901e108b61b..8764326fef85 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -20,7 +20,7 @@ Function Invoke-AddStandardsTemplate { $request.body | Add-Member -NotePropertyName 'createdAt' -NotePropertyValue ($Request.body.createdAt ? $Request.body.createdAt : (Get-Date).ToUniversalTime()) -Force $Request.body | Add-Member -NotePropertyName 'updatedBy' -NotePropertyValue ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails -Force $Request.body | Add-Member -NotePropertyName 'updatedAt' -NotePropertyValue (Get-Date).ToUniversalTime() -Force - $JSON = (ConvertTo-Json -Depth 100 -InputObject ($Request.body)) + $JSON = (ConvertTo-Json -Compress -Depth 100 -InputObject ($Request.body)) $Table = Get-CippTable -tablename 'templates' $Table.Force = $true Add-CIPPAzDataTableEntity @Table -Entity @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 index 52807bdcc27f..1ad9b7f8ca75 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 @@ -16,31 +16,39 @@ Function Invoke-RemoveTenantAllowBlockList { # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' try { + + $listType = switch -Wildcard ($request.body.entries) { + '*@*' { 'Sender'; break } + '*.*' { 'Url'; break } + default { 'FileHash' } + } + Write-Host "List type is $listType" $ExoRequest = @{ - tenantid = $Request.query.tenantfilter + tenantid = $Request.body.tenantfilter cmdlet = 'Remove-TenantAllowBlockListItems' cmdParams = @{ - Entries = [string[]]$Request.query.entries - ListType = [string]$Request.query.listType + Entries = @($Request.body.entries) + ListType = $ListType } } - New-ExoRequest @ExoRequest + $Results = New-ExoRequest @ExoRequest + Write-Host $Results - $result = "Successfully removed $($Request.query.entries) from Block/Allow list" + $result = "Successfully removed $($Request.body.entries) from Block/Allow list" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Info' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - $result = "Failed to remove $($Request.query.entries). Error: $ErrorMessage" + $result = "Failed to remove $($Request.body.entries). Error: $ErrorMessage" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @{ - 'Results' = $result - 'Request' = $ExoRequest - } - }) + StatusCode = [HttpStatusCode]::OK + Body = @{ + 'Results' = $result + 'Request' = $ExoRequest + } + }) } From aca4768558e64ff806ab2a07ff43335f1a5d9def Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 7 Feb 2025 15:23:29 +0100 Subject: [PATCH 044/138] fix anchor issues bulk requests --- .../Public/GraphHelper/New-ExoBulkRequest.ps1 | 2 +- .../Public/GraphHelper/New-ExoRequest.ps1 | 14 +----- .../Invoke-CIPPStandardAutoAddProxy.ps1 | 43 +++++++++++++++++++ 3 files changed, 45 insertions(+), 14 deletions(-) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoAddProxy.ps1 diff --git a/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 index 20a976d1e023..a7e7b08fe6d6 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-ExoBulkRequest.ps1 @@ -64,7 +64,7 @@ function New-ExoBulkRequest { $OnMicrosoft = $Tenant.initialDomainName $Anchor = "UPN:SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}@$($OnMicrosoft)" } - $Headers['X-AnchorMailbox'] = $Anchor + $Headers['X-AnchorMailbox'] = "APP:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$($tenant.customerId)" $Headers['X-CmdletName'] = $cmd.CmdletInput.CmdletName $Headers['Accept'] = 'application/json; odata.metadata=minimal' $Headers['Accept-Encoding'] = 'gzip' diff --git a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 index cbf6c5dc1d87..dcdb0a3ae7a0 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 @@ -62,19 +62,7 @@ function New-ExoRequest { } } if (!$Anchor) { - if ($cmdparams.Identity) { $Anchor = $cmdparams.Identity } - if ($cmdparams.anr) { $Anchor = $cmdparams.anr } - if ($cmdparams.User) { $Anchor = $cmdparams.User } - if ($cmdparams.mailbox) { $Anchor = $cmdparams.mailbox } - if (!$Anchor -or $useSystemMailbox) { - if (!$Tenant.initialDomainName -or $Tenant.initialDomainName -notlike '*onmicrosoft.com*') { - $OnMicrosoft = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains?$top=999' -tenantid $tenantid -NoAuthCheck $NoAuthCheck | Where-Object -Property isInitial -EQ $true).id - } else { - $OnMicrosoft = $Tenant.initialDomainName - } - $anchor = "UPN:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$($OnMicrosoft)" - if ($cmdlet -in 'Set-AdminAuditLogConfig', 'Get-AdminAuditLogConfig', 'Enable-OrganizationCustomization', 'Get-OrganizationConfig', 'Set-OrganizationConfig') { $anchor = "UPN:SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}@$($OnMicrosoft)" } - } + $anchor = "APP:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$($tenant.customerId)" } #if the anchor is a GUID, try looking up the user. if ($Anchor -match '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$') { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoAddProxy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoAddProxy.ps1 new file mode 100644 index 000000000000..e74ff3a89996 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoAddProxy.ps1 @@ -0,0 +1,43 @@ +function Invoke-CIPPStandardAutoAddProxy { + param( + $Tenant, + $Settings, + $QueueItem + ) + + if ($Settings.remediate -eq $true) { + $Domains = New-ExoRequest -TenantId $Tenant -Cmdlet 'Get-AcceptedDomain' | Select-Object -ExpandProperty DomainName + + $AllMailboxes = New-ExoRequest -TenantId $Tenant -Cmdlet 'Get-Mailbox' + foreach ($Domain in $Domains) { + $ProcessMailboxes = $AllMailboxes | Where-Object { + $addresses = @($_.EmailAddresses) -replace '^[^:]+:' # remove SPO:, SMTP:, etc. + $hasDomain = $addresses | Where-Object { $_ -like "*@$Domain" } + if ($hasDomain) { return $false } else { return $true } + } + + $bulkRequest = foreach ($Mailbox in $ProcessMailboxes) { + $LocalPart = $Mailbox.UserPrincipalName -split '@' | Select-Object -First 1 + $NewAlias = "$LocalPart@$Domain" + @{ + CmdletInput = @{ + CmdletName = 'Set-Mailbox' + Parameters = @{Identity = $Mailbox.Identity ; EmailAddresses = @{ + '@odata.type' = '#Exchange.GenericHashTable' + Add = "smtp:$NewAlias" + } + } + } + } + } + $BatchResults = New-ExoBulkRequest -tenantid $Tenant -cmdletArray @($bulkRequest) + $BatchResults | ForEach-Object { + if ($_.error) { + $ErrorMessage = Get-CippException -Exception $_.error + Write-Host "Failed to apply new email policy to $($_.target) Error: $($ErrorMessage.NormalizedError)" + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Delegate Sent Items Style to $($_.error.target) Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + } + } + } + } +} From cb4a17c93e1a8bf2ebe0a7e21492eea88ccaf9cf Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 7 Feb 2025 16:31:16 +0100 Subject: [PATCH 045/138] paging fix --- .../HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index 5dd1c14a4ede..84c71d717418 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -41,7 +41,7 @@ Function Invoke-ListTeamsVoice { } $skip = $skip + 999 $Data - } while ( $Data.count % 999 -eq 0 ) + } while ($data.Count -eq 999) $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message From 88ecc079d2627fbce6bc9e45481504affc2d17a5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 7 Feb 2025 17:13:09 +0100 Subject: [PATCH 046/138] fixes for teams voice --- .../Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index 84c71d717418..cea4f93a512e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -24,31 +24,38 @@ Function Invoke-ListTeamsVoice { $users = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$top=999&`$select=id,userPrincipalName,displayName" -tenantid $TenantFilter) $skip = 0 $GraphRequest = do { + Write-Host "Getting page $skip" $data = (New-TeamsAPIGetRequest -uri "https://api.interfaces.records.teams.microsoft.com/Skype.TelephoneNumberMgmt/Tenants/$($Tenantid)/telephone-numbers?skip=$($skip)&locale=en-US&top=999" -tenantid $TenantFilter).TelephoneNumbers | ForEach-Object { + Write-Host 'Reached the loop' try { $CompleteRequest = $_ | Select-Object *, 'AssignedTo', 'AcquisitionDate' -ErrorAction SilentlyContinue - $CompleteRequest.AcquisitionDate = $CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1 + #Add AcquisitionDate to the object + $CompleteRequest.AcquisitionDate ? ($CompleteRequest.AcquisitionDate = CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1) : $null } catch { $CompleteRequest = $_ | Select-Object *, 'AssignedTo' -ErrorAction SilentlyContinue } - + $CompleteRequest.AssignedTo ? ($CompleteRequest | Add-Member -NotePropertyName 'AssignedTo' -NotePropertyValue 'Unassigned' -Force) : $null if ($CompleteRequest.TargetId -eq '00000000-0000-0000-0000-000000000000') { - $CompleteRequest.AssignedTo = 'Unassigned' + $CompleteRequest.AssignedTo ? ($CompleteRequest.AssignedTo = 'Unassigned') : $null } else { $CompleteRequest.AssignedTo = ($users | Where-Object -Property Id -EQ $CompleteRequest.TargetId).userPrincipalName } $CompleteRequest } + Write-Host 'Finished the loop' $skip = $skip + 999 $Data } while ($data.Count -eq 999) + Write-Host 'Exiting the Do.' $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $StatusCode = [HttpStatusCode]::Forbidden $GraphRequest = $ErrorMessage } - # Associate values to output bindings by calling 'Push-OutputBinding'. + Write-Host "Graph request is: $($GraphRequest)" + $Response = $GraphRequest + Write-Host 'Returning the response' Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode Body = @($GraphRequest) From 95d710836bd2dfb1027ca372855161425e7f032f Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 7 Feb 2025 17:22:45 +0100 Subject: [PATCH 047/138] fixes endless loop --- .../Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index cea4f93a512e..8d2b692325fb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -27,19 +27,9 @@ Function Invoke-ListTeamsVoice { Write-Host "Getting page $skip" $data = (New-TeamsAPIGetRequest -uri "https://api.interfaces.records.teams.microsoft.com/Skype.TelephoneNumberMgmt/Tenants/$($Tenantid)/telephone-numbers?skip=$($skip)&locale=en-US&top=999" -tenantid $TenantFilter).TelephoneNumbers | ForEach-Object { Write-Host 'Reached the loop' - try { - $CompleteRequest = $_ | Select-Object *, 'AssignedTo', 'AcquisitionDate' -ErrorAction SilentlyContinue - #Add AcquisitionDate to the object - $CompleteRequest.AcquisitionDate ? ($CompleteRequest.AcquisitionDate = CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1) : $null - } catch { - $CompleteRequest = $_ | Select-Object *, 'AssignedTo' -ErrorAction SilentlyContinue - } - $CompleteRequest.AssignedTo ? ($CompleteRequest | Add-Member -NotePropertyName 'AssignedTo' -NotePropertyValue 'Unassigned' -Force) : $null - if ($CompleteRequest.TargetId -eq '00000000-0000-0000-0000-000000000000') { - $CompleteRequest.AssignedTo ? ($CompleteRequest.AssignedTo = 'Unassigned') : $null - } else { - $CompleteRequest.AssignedTo = ($users | Where-Object -Property Id -EQ $CompleteRequest.TargetId).userPrincipalName - } + $CompleteRequest = $_ | Select-Object *, @{Name = 'AssignedTo'; Expression = { $users | Where-Object -Property id -EQ $_.AssignedTo.id } } + $CompleteRequest.AcquisitionDate ? ($CompleteRequest.AcquisitionDate = $CompleteRequest.AcquisitionDate -split 'T' | Select-Object -First 1) : ($CompleteRequest | Add-Member -NotePropertyName 'AcquisitionDate' -NotePropertyValue 'Unknown' -Force) + $CompleteRequest.AssignedTo ? $null : ($CompleteRequest | Add-Member -NotePropertyName 'AssignedTo' -NotePropertyValue 'Unassigned' -Force) $CompleteRequest } Write-Host 'Finished the loop' @@ -54,7 +44,6 @@ Function Invoke-ListTeamsVoice { $GraphRequest = $ErrorMessage } Write-Host "Graph request is: $($GraphRequest)" - $Response = $GraphRequest Write-Host 'Returning the response' Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode From d92e6f11a3f99f0ef7c3e9595bca46b6a78733a8 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 7 Feb 2025 11:34:02 -0500 Subject: [PATCH 048/138] Community Repos --- .../Extensions/Invoke-ExecExtensionTest.ps1 | 2 +- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 101 ++++++++++++++++++ .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 33 ++++++ .../GitHub/Invoke-ListCommunityRepos.ps1 | 38 +++++++ .../GitHub/Invoke-GitHubApiRequest.ps1 | 28 ----- .../GitHub/Search-GitHubRepository.ps1 | 38 ------- .../GitHub/Get-GitHubFileContents.ps1 | 4 +- .../Public/GitHub/Invoke-GitHubApiRequest.ps1 | 46 ++++++++ .../Public/GitHub/Search-GitHub.ps1 | 57 ++++++++++ 9 files changed, 277 insertions(+), 70 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 delete mode 100644 Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 delete mode 100644 Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 rename Modules/CippExtensions/{Private => Public}/GitHub/Get-GitHubFileContents.ps1 (68%) create mode 100644 Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 create mode 100644 Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 index 6c5a1ea5df04..b7494fbe60a0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 @@ -83,7 +83,7 @@ Function Invoke-ExecExtensionTest { $Results = [pscustomobject]@{'Results' = 'Successfully Connected to HIBP' } } 'GitHub' { - $GitHubResponse = Invoke-GitHubApiRequest -Configuration $Configuration.GitHub -Method 'GET' -Path 'user' + $GitHubResponse = Invoke-GitHubApiRequest -Method 'GET' -Path 'user' if ($GitHubResponse.login) { $Results = [pscustomobject]@{ 'Results' = "Successfully connected to GitHub user: $($GitHubResponse.login)" } } else { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 new file mode 100644 index 000000000000..174254ddbb4b --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -0,0 +1,101 @@ +function Invoke-ExecCommunityRepo { + <# + .SYNOPSIS + Make changes to a community repository + .DESCRIPTION + This function makes changes to a community repository in table storage + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.Core.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $Action = $Request.Body.Action + $Id = $Request.Body.Id + + $Table = Get-CIPPTable -TableName CommunityRepos + $Filter = "PartitionKey eq 'CommunityRepos' and RowKey eq '$($Id)'" + $RepoEntity = Get-CIPPAzDataTableEntity @Table -Filter $Filter + + switch ($Action) { + 'Add' { + $Repo = Invoke-GitHubApiRequest -Path "repositories/$($Id)" + $RepoEntity = @{ + PartitionKey = 'CommunityRepos' + RowKey = [string]$Repo.id + Name = [string]$Repo.name + Description = [string]$Repo.description + URL = [string]$Repo.html_url + FullName = [string]$Repo.full_name + Owner = [string]$Repo.owner.login + Visibility = [string]$Repo.visibility + WriteAccess = [bool]$Repo.permissions.push + Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) + } + + Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force | Out-Null + + $Results = @{ + resultText = "Community repository '$($Repo.name)' added" + state = 'success' + } + } + 'Update' { + if ($RepoEntity) { + $Repo = Invoke-GitHubApiRequest -Path "repositories/$($Id)" + $Update = @{ + PartitionKey = 'CommunityRepos' + RowKey = [string]$Repo.id + Name = [string]$Repo.name + Description = [string]$Repo.description + URL = [string]$Repo.html_url + FullName = [string]$Repo.full_name + Owner = [string]$Repo.owner.login + Visibility = [string]$Repo.visibility + WriteAccess = [bool]$Repo.permissions.push + Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) + ETag = $RepoEntity.ETag + } + + Update-CIPPAzDataTableEntity @Table -Entity $Update + + $Results = @{ + resultText = "Repository $($Repo.name) updated" + state = 'success' + } + } else { + $Results = @{ + resultText = "Repository $($Repo.name) not found" + state = 'error' + } + } + } + 'Delete' { + if ($RepoEntity) { + $Delete = $RepoEntity | Select-Object PartitionKey, RowKey, ETag + Remove-AzDataTableEntity @Table -Entity $Delete + } + $Results = @{ + resultText = "Repository $($Repo.name) deleted" + state = 'success' + } + } + default { + $Results = @{ + resultText = "Action $Action not supported" + state = 'error' + } + } + } + + $Body = @{ + Results = @($Results) + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 new file mode 100644 index 000000000000..d052a8ee913c --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -0,0 +1,33 @@ +function Invoke-ExecGitHubAction { + <# + .SYNOPSIS + Invoke GitHub Action + .DESCRIPTION + Call GitHub API + .ROLE + CIPP.Extension.ReadWrite + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + if ($Request.Body.Search) { + $Search = $Request.Body.Search | ConvertTo-Json | ConvertFrom-Json -AsHashtable + $SearchResults = Search-GitHub @Search + $Results = $SearchResults.items + $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results + } + + $Body = @{ + Results = $Results + } + if ($Metadata) { + $Body.Metadata = $Metadata + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 new file mode 100644 index 000000000000..1011f9fc4ad4 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -0,0 +1,38 @@ +function Invoke-ListCommunityRepos { + <# + .SYNOPSIS + List community repositories in Table Storage + .DESCRIPTION + This function lists community repositories in Table Storage + .FUNCTIONALITY + Entrypoint + .ROLE + CIPP.Core.Read + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $Table = Get-CIPPTable -TableName CommunityRepos + $Repos = Get-CIPPAzDataTableEntity @Table | ForEach-Object { + [pscustomobject]@{ + Id = $_.RowKey + Name = $_.Name + Description = $_.Description + URL = $_.URL + FullName = $_.FullName + Owner = $_.Owner + Visibility = $_.Visibility + WriteAccess = $_.WriteAccess + Permissions = $_.Permissions | ConvertFrom-Json + } + } + + $Body = @{ + Results = @($Repos) + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) +} diff --git a/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 deleted file mode 100644 index 5f46d8fe04e0..000000000000 --- a/Modules/CippExtensions/Private/GitHub/Invoke-GitHubApiRequest.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -function Invoke-GitHubApiRequest { - [CmdletBinding()] - param( - [Parameter(Mandatory = $true)] - $Configuration, - [string]$Method = 'GET', - [Parameter(Mandatory = $true)] - [string] - $Path, - [Parameter()] - $Body - ) - - if ($Configuration.Enabled) { - $APIKey = Get-ExtensionAPIKey -Extension 'GitHub' - $Headers = @{ - Authorization = "Bearer $($APIKey)" - 'User-Agent' = 'CIPP' - Accept = 'application/vnd.github.v3+json' - } - - $FullUri = "https://api.github.com/$Path" - Write-Verbose "[$Method] $FullUri" - return Invoke-RestMethod -Method $Method -Uri $FullUri -Headers $Headers -Body $Body - } else { - throw 'GitHub API is not enabled' - } -} diff --git a/Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 b/Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 deleted file mode 100644 index 7f1c8ee6c75d..000000000000 --- a/Modules/CippExtensions/Private/GitHub/Search-GitHubRepository.ps1 +++ /dev/null @@ -1,38 +0,0 @@ -function Search-GitHubRepository { - [CmdletBinding()] - Param ( - [string[]]$Repository, - [string]$Path, - [string]$SearchTerm, - [string]$Language, - [string]$Type = 'code' - ) - $Table = Get-CIPPTable -TableName Extensionsconfig - $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub - - $QueryParts = [System.Collections.Generic.List[string]]::new() - if ($Repository) { - $RepoParts = [System.Collections.Generic.List[string]]::new() - foreach ($Repo in $Repository) { - $RepoParts.Add("repo:$Repo") - } - if (($RepoParts | Measure-Object).Count -gt 1) { - $QueryParts.Add('(' + ($RepoParts -join ' OR ') + ')') - } else { - $QueryParts.Add($RepoParts[0]) - } - } - if ($Path) { - $QueryParts.Add("path:$Path") - } - if ($SearchTerm) { - $QueryParts.Add("`"$SearchTerm`"") - } - if ($Language) { - $QueryParts.Add("language:$Language") - } - - $Query = $QueryParts -join ' ' - Write-Information "Query: $Query" - Invoke-GitHubApiRequest -Configuration $Configuration -Path "search/$($Type)?q=$($Query)" -Method GET -} diff --git a/Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 similarity index 68% rename from Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 rename to Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 index 8ffc02df6e18..aee61b0c69f0 100644 --- a/Modules/CippExtensions/Private/GitHub/Get-GitHubFileContents.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 @@ -6,11 +6,9 @@ function Get-GitHubFileContents { ) process { - $Table = Get-CIPPTable -TableName Extensionsconfig - $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub [uri]$Uri = $Url $Path = $Uri.PathAndQuery.TrimStart('/') - $File = Invoke-GitHubApiRequest -Configuration $Configuration -Path "$Path" -Method GET + $File = Invoke-GitHubApiRequest -Path "$Path" -Method GET return [PSCustomObject]@{ name = $File.name diff --git a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 new file mode 100644 index 000000000000..1ae9c28e6e8d --- /dev/null +++ b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 @@ -0,0 +1,46 @@ +function Invoke-GitHubApiRequest { + [CmdletBinding()] + param( + [string]$Method = 'GET', + [Parameter(Mandatory = $true)] + [string] + $Path, + [Parameter()] + $Body, + [string]$Accept = 'application/vnd.github+json', + [switch]$ReturnHeaders + ) + + $Table = Get-CIPPTable -TableName Extensionsconfig + $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub + + if ($Configuration.Enabled) { + $APIKey = Get-ExtensionAPIKey -Extension 'GitHub' + $Headers = @{ + Authorization = "Bearer $($APIKey)" + 'User-Agent' = 'CIPP' + Accept = $Accept + } + + $FullUri = "https://api.github.com/$Path" + Write-Verbose "[$Method] $FullUri" + + $RestMethod = @{ + Method = $Method + Uri = $FullUri + Headers = $Headers + } + if ($ReturnHeaders.IsPresent) { + $RestMethod.ResponseHeadersVariable = 'ResponseHeaders' + } + + $Response = Invoke-RestMethod @RestMethod + if ($ReturnHeaders.IsPresent) { + $ResponseHeaders + } else { + $Response + } + } else { + throw 'GitHub API is not enabled' + } +} diff --git a/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 b/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 new file mode 100644 index 000000000000..4890f8118f04 --- /dev/null +++ b/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 @@ -0,0 +1,57 @@ +function Search-GitHub { + [CmdletBinding()] + Param ( + [string[]]$Repository, + [string[]]$User, + [string]$Path, + [string[]]$SearchTerm, + [string]$Language, + [ValidateSet('code', 'commits', 'issues', 'users', 'repositories', 'topics', 'labels')] + [string]$Type = 'code' + ) + + $QueryParts = [System.Collections.Generic.List[string]]::new() + if ($Repository) { + $RepoParts = [System.Collections.Generic.List[string]]::new() + foreach ($Repo in $Repository) { + $RepoParts.Add("repo:$Repo") + } + if (($RepoParts | Measure-Object).Count -gt 1) { + $QueryParts.Add('(' + ($RepoParts -join ' OR ') + ')') + } else { + $QueryParts.Add($RepoParts[0]) + } + } + if ($User) { + $UserParts = [System.Collections.Generic.List[string]]::new() + foreach ($U in $User) { + $UserParts.Add("user:$U") + } + if (($UserParts | Measure-Object).Count -gt 1) { + $QueryParts.Add('(' + ($UserParts -join ' OR ') + ')') + } else { + $QueryParts.Add($UserParts[0]) + } + } + if ($Path) { + $QueryParts.Add("path:$Path") + } + if ($SearchTerm) { + $SearchTermParts = [System.Collections.Generic.List[string]]::new() + foreach ($Term in $SearchTerm) { + $SearchTermParts.Add("`"$SearchTerm`"") + } + if (($SearchTermParts | Measure-Object).Count -gt 1) { + $QueryParts.Add('(' + ($SearchTermParts -join ' OR ') + ')') + } else { + $QueryParts.Add($SearchTermParts[0]) + } + } + if ($Language) { + $QueryParts.Add("language:$Language") + } + + $Query = $QueryParts -join ' ' + Write-Information "Query: $Query" + Invoke-GitHubApiRequest -Path "search/$($Type)?q=$($Query)" -Method GET +} From 5d7949c67259a5c280e3a72ebc887d57fdd960e6 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 7 Feb 2025 13:32:16 -0500 Subject: [PATCH 049/138] Community repo improvements Better search handling --- .../GitHub/Invoke-ListCommunityRepos.ps1 | 18 +++++++-------- .../Public/GitHub/Search-GitHub.ps1 | 22 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 index 1011f9fc4ad4..44b5087a2ff0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -15,15 +15,15 @@ function Invoke-ListCommunityRepos { $Table = Get-CIPPTable -TableName CommunityRepos $Repos = Get-CIPPAzDataTableEntity @Table | ForEach-Object { [pscustomobject]@{ - Id = $_.RowKey - Name = $_.Name - Description = $_.Description - URL = $_.URL - FullName = $_.FullName - Owner = $_.Owner - Visibility = $_.Visibility - WriteAccess = $_.WriteAccess - Permissions = $_.Permissions | ConvertFrom-Json + Id = $_.RowKey + Name = $_.Name + Description = $_.Description + URL = $_.URL + FullName = $_.FullName + Owner = $_.Owner + Visibility = $_.Visibility + WriteAccess = $_.WriteAccess + RepoPermissions = $_.Permissions | ConvertFrom-Json } } diff --git a/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 b/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 index 4890f8118f04..4d2ce0e02b60 100644 --- a/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 @@ -11,6 +11,17 @@ function Search-GitHub { ) $QueryParts = [System.Collections.Generic.List[string]]::new() + if ($SearchTerm) { + $SearchTermParts = [System.Collections.Generic.List[string]]::new() + foreach ($Term in $SearchTerm) { + $SearchTermParts.Add("`"$Term`"") + } + if (($SearchTermParts | Measure-Object).Count -gt 1) { + $QueryParts.Add(($SearchTermParts -join ' OR ')) + } else { + $QueryParts.Add($SearchTermParts[0]) + } + } if ($Repository) { $RepoParts = [System.Collections.Generic.List[string]]::new() foreach ($Repo in $Repository) { @@ -36,17 +47,6 @@ function Search-GitHub { if ($Path) { $QueryParts.Add("path:$Path") } - if ($SearchTerm) { - $SearchTermParts = [System.Collections.Generic.List[string]]::new() - foreach ($Term in $SearchTerm) { - $SearchTermParts.Add("`"$SearchTerm`"") - } - if (($SearchTermParts | Measure-Object).Count -gt 1) { - $QueryParts.Add('(' + ($SearchTermParts -join ' OR ') + ')') - } else { - $QueryParts.Add($SearchTermParts[0]) - } - } if ($Language) { $QueryParts.Add("language:$Language") } From 7cca82bd2b958d25be282fc62757c31e175be905 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 7 Feb 2025 15:15:43 -0500 Subject: [PATCH 050/138] Update Invoke-ExecGitHubAction.ps1 --- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index d052a8ee913c..3f7304be1b8f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -17,6 +17,9 @@ function Invoke-ExecGitHubAction { $SearchResults = Search-GitHub @Search $Results = $SearchResults.items $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results + } elseif ($Request.Body.GetFileContents) { + $Url = $Request.Body.GetFileContents.Url + $Results = Get-GitHubFileContents -Url $Url } $Body = @{ @@ -27,7 +30,7 @@ function Invoke-ExecGitHubAction { } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $Body - }) + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) } From 408106bf42132e42e1f059097fcfa7a428a0c575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 7 Feb 2025 19:07:41 +0100 Subject: [PATCH 051/138] Add edit room api and refactor others to fit too --- .../Email-Exchange/Invoke-AddRoomMailbox.ps1 | 14 +- .../Email-Exchange/Invoke-EditRoomMailbox.ps1 | 83 +++++++++++ .../Public/Entrypoints/Invoke-ListRooms.ps1 | 134 ++++++++++++++++-- 3 files changed, 210 insertions(+), 21 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 index 11b662d34d47..afb73394fb72 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 @@ -11,17 +11,13 @@ Function Invoke-AddRoomMailbox { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $User = $request.headers.'x-ms-client-principal' - - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Tenant = $Request.body.tenantid $Results = [System.Collections.Generic.List[Object]]::new() $MailboxObject = $Request.body - $Tenant = $MailboxObject.tenantid $AddRoomParams = [pscustomobject]@{ Name = $MailboxObject.username DisplayName = $MailboxObject.displayName @@ -34,7 +30,7 @@ Function Invoke-AddRoomMailbox { try { $AddRoomRequest = New-ExoRequest -tenantid $Tenant -cmdlet 'New-Mailbox' -cmdparams $AddRoomParams $Results.Add("Successfully created room: $($MailboxObject.DisplayName).") - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Created room $($MailboxObject.DisplayName) with id $($AddRoomRequest.id)" -Sev 'Info' + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant -message "Created room $($MailboxObject.DisplayName) with id $($AddRoomRequest.id)" -Sev 'Info' # Block sign-in for the mailbox try { @@ -47,7 +43,7 @@ Function Invoke-AddRoomMailbox { $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Failed to create room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant -message "Failed to create room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Results.Add("Failed to create Room mailbox $($MailboxObject.userPrincipalName). $($ErrorMessage.NormalizedError)") $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 new file mode 100644 index 000000000000..12e49c68494d --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 @@ -0,0 +1,83 @@ +using namespace System.Net + +Function Invoke-EditRoomMailbox { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Exchange.Room.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + + $Results = [System.Collections.Generic.List[Object]]::new() + $MailboxObject = $Request.body + $Tenant = $MailboxObject.tenantid + + # First update the mailbox properties + $UpdateMailboxParams = @{ + Identity = $MailboxObject.roomId + DisplayName = $MailboxObject.displayName + } + + if (![string]::IsNullOrWhiteSpace($MailboxObject.capacity)) { + $UpdateMailboxParams.Add('ResourceCapacity', $MailboxObject.capacity) + } + if (![string]::IsNullOrWhiteSpace($MailboxObject.hiddenFromAddressListsEnabled)) { + $UpdateMailboxParams.Add('HiddenFromAddressListsEnabled', $MailboxObject.hiddenFromAddressListsEnabled) + } + + + # Then update the place properties + $UpdatePlaceParams = @{ + Identity = $MailboxObject.roomId + } + + # Add optional parameters if they exist + $PlaceProperties = @( + 'Building', 'Floor', 'FloorLabel', 'Phone', + 'AudioDeviceName', 'VideoDeviceName', 'DisplayDeviceName', + 'IsWheelChairAccessible', 'Tags', + 'Street', 'City', 'State', 'CountryOrRegion', 'Desks', + 'PostalCode', 'Localities', 'SpaceType', 'CustomSpaceType', + 'ResourceLinks' + ) + + foreach ($prop in $PlaceProperties) { + if (![string]::IsNullOrWhiteSpace($MailboxObject.$prop)) { + $UpdatePlaceParams[$prop] = $MailboxObject.$prop + } + } + + try { + # Update mailbox properties + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams $UpdateMailboxParams + + # Update place properties + $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Place' -cmdParams $UpdatePlaceParams + $Results.Add("Successfully updated room: $($MailboxObject.DisplayName)") + + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant -message "Updated room $($MailboxObject.DisplayName)" -Sev 'Info' + $StatusCode = [HttpStatusCode]::OK + + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant -message "Failed to update room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + $Results.Add("Failed to update Room mailbox $($MailboxObject.userPrincipalName). $($ErrorMessage.NormalizedError)") + + $StatusCode = [HttpStatusCode]::Forbidden + } + + $Body = [pscustomobject]@{ 'Results' = @($Results) } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $Body + }) +} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 index b99a00ae4c83..5e68cfce3dc1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 @@ -11,22 +11,132 @@ Function Invoke-ListRooms { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. - $TenantFilter = $Request.Query.TenantFilter + $TenantFilter = $Request.Query.tenantFilter + $RoomId = $Request.Query.roomId try { - $params = @{ - uri = 'https://graph.microsoft.com/beta/places/microsoft.graph.room' - tenantid = $TenantFilter - AsApp = $true + if ($RoomId) { + # Get specific room mailbox + $RoomMailbox = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Mailbox' -cmdParams @{ + Identity = $RoomId + RecipientTypeDetails = 'RoomMailbox' + } | Select-Object -ExcludeProperty *@odata.type* + + # Get place details + $PlaceDetails = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Place' -cmdParams @{ + Identity = $RoomId + } | Select-Object -ExcludeProperty *@odata.type* + + if ($RoomMailbox -and $PlaceDetails) { + $GraphRequest = @( + [PSCustomObject]@{ + # Core Mailbox Properties + id = $RoomMailbox.ExternalDirectoryObjectId + displayName = $RoomMailbox.DisplayName + mail = $RoomMailbox.PrimarySmtpAddress + mailNickname = $RoomMailbox.Alias + accountDisabled = $RoomMailbox.AccountDisabled + hiddenFromAddressListsEnabled = $RoomMailbox.HiddenFromAddressListsEnabled + isDirSynced = $RoomMailbox.IsDirSynced + + # Room Booking Settings + bookingType = $PlaceDetails.BookingType + resourceDelegates = $PlaceDetails.ResourceDelegates + capacity = [int]($PlaceDetails.Capacity ?? $RoomMailbox.ResourceCapacity ?? 0) + + # Location Information + building = $PlaceDetails.Building + floor = $PlaceDetails.Floor + floorLabel = $PlaceDetails.FloorLabel + street = if ([string]::IsNullOrWhiteSpace($PlaceDetails.Street)) { $null } else { $PlaceDetails.Street } + city = if ([string]::IsNullOrWhiteSpace($PlaceDetails.City)) { $null } else { $PlaceDetails.City } + state = if ([string]::IsNullOrWhiteSpace($PlaceDetails.State)) { $null } else { $PlaceDetails.State } + postalCode = if ([string]::IsNullOrWhiteSpace($PlaceDetails.PostalCode)) { $null } else { $PlaceDetails.PostalCode } + countryOrRegion = if ([string]::IsNullOrWhiteSpace($PlaceDetails.CountryOrRegion)) { $null } else { $PlaceDetails.CountryOrRegion } + + # Room Equipment + audioDeviceName = $PlaceDetails.AudioDeviceName + videoDeviceName = $PlaceDetails.VideoDeviceName + displayDeviceName = $PlaceDetails.DisplayDeviceName + mtrEnabled = $PlaceDetails.MTREnabled + + # Room Features + isWheelChairAccessible = $PlaceDetails.IsWheelChairAccessible + phone = if ([string]::IsNullOrWhiteSpace($PlaceDetails.Phone)) { $null } else { $PlaceDetails.Phone } + tags = $PlaceDetails.Tags + spaceType = $PlaceDetails.SpaceType + } + ) + } + } else { + # Get all room mailboxes in one call + $RoomMailboxes = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Mailbox' -cmdParams @{ + RecipientTypeDetails = 'RoomMailbox' + ResultSize = 'Unlimited' + } | Select-Object -ExcludeProperty *@odata.type* + + # Get all places in one call + $Places = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Place' -cmdParams @{ + ResultSize = 'Unlimited' + } | Select-Object -ExcludeProperty *@odata.type* + + # Create hashtable for quick place lookups + $PlacesLookup = @{} + foreach ($Place in $Places) { + if ($Place.Identity) { + $PlacesLookup[$Place.Identity] = $Place + } + } + + $GraphRequest = @( + foreach ($Room in $RoomMailboxes) { + $PlaceDetails = $PlacesLookup[$Room.UserPrincipalName] ?? $PlacesLookup[$Room.PrimarySmtpAddress] + + [PSCustomObject]@{ + # Core Mailbox Properties + id = $Room.ExternalDirectoryObjectId + displayName = $Room.DisplayName + mail = $Room.PrimarySmtpAddress + mailNickname = $Room.Alias + accountDisabled = $Room.AccountDisabled + hiddenFromAddressListsEnabled = $Room.HiddenFromAddressListsEnabled + isDirSynced = $RoomMailbox.IsDirSynced + + # Room Booking Settings + bookingType = $PlaceDetails.BookingType + resourceDelegates = $PlaceDetails.ResourceDelegates + capacity = [int]($PlaceDetails.Capacity ?? $Room.ResourceCapacity ?? 0) + + # Location Information + building = $PlaceDetails.Building + floor = $PlaceDetails.Floor + floorLabel = $PlaceDetails.FloorLabel + street = if ([string]::IsNullOrWhiteSpace($PlaceDetails.Street)) { $null } else { $PlaceDetails.Street } + city = if ([string]::IsNullOrWhiteSpace($PlaceDetails.City)) { $null } else { $PlaceDetails.City } + state = if ([string]::IsNullOrWhiteSpace($PlaceDetails.State)) { $null } else { $PlaceDetails.State } + postalCode = if ([string]::IsNullOrWhiteSpace($PlaceDetails.PostalCode)) { $null } else { $PlaceDetails.PostalCode } + countryOrRegion = if ([string]::IsNullOrWhiteSpace($PlaceDetails.CountryOrRegion)) { $null } else { $PlaceDetails.CountryOrRegion } + + + # Room Equipment + audioDeviceName = $PlaceDetails.AudioDeviceName + videoDeviceName = $PlaceDetails.VideoDeviceName + displayDeviceName = $PlaceDetails.DisplayDeviceName + mtrEnabled = $PlaceDetails.MTREnabled + + # Room Features + isWheelChairAccessible = $PlaceDetails.IsWheelChairAccessible + phone = if ([string]::IsNullOrWhiteSpace($PlaceDetails.Phone)) { $null } else { $PlaceDetails.Phone } + tags = $PlaceDetails.Tags + spaceType = $PlaceDetails.SpaceType + } + } + ) } - $GraphRequest = New-GraphGetRequest @params $StatusCode = [HttpStatusCode]::OK } catch { @@ -34,10 +144,10 @@ Function Invoke-ListRooms { $StatusCode = [HttpStatusCode]::Forbidden $GraphRequest = $ErrorMessage } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode Body = @($GraphRequest | Sort-Object displayName) }) - } From f8bd7a063660e2aa628944bb1c38c422bf625c44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 7 Feb 2025 21:13:13 +0100 Subject: [PATCH 052/138] Switch room listing to Exchange Online commands due to Graph sync delay --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 index 5e68cfce3dc1..a74b36ef2eb3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 @@ -18,6 +18,7 @@ Function Invoke-ListRooms { $TenantFilter = $Request.Query.tenantFilter $RoomId = $Request.Query.roomId + # I dont like that i had to change it to EXO commands, but the waiting time for the Rooms to sync to Graph is too long :( -Bobby try { if ($RoomId) { # Get specific room mailbox From 2a3e64a0c59cc46a9e4c5aa8de80d86858d2885e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 7 Feb 2025 23:19:51 +0100 Subject: [PATCH 053/138] FEAT: Add Get-CIPPAlertEntraLicenseUtilization function for license utilization alerts --- .../Get-CIPPAlertEntraLicenseUtilization.ps1 | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 Modules/CIPPCore/Public/Alerts/Get-CIPPAlertEntraLicenseUtilization.ps1 diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertEntraLicenseUtilization.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertEntraLicenseUtilization.ps1 new file mode 100644 index 000000000000..3d6817d1c1eb --- /dev/null +++ b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertEntraLicenseUtilization.ps1 @@ -0,0 +1,53 @@ +function Get-CIPPAlertEntraLicenseUtilization { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + Param ( + [Parameter(Mandatory = $false)] + [Alias('input')] + $InputValue, + $TenantFilter + ) + try { + # Set threshold with fallback to 110% + $Threshold = if ($InputValue) { [int]$InputValue } else { 110 } + + $LicenseData = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/azureADPremiumLicenseInsight' -tenantid $($TenantFilter) + $Alerts = [System.Collections.Generic.List[string]]::new() + + # Check P1 License utilization + if ($LicenseData.entitledP1LicenseCount -gt 0) { + $P1Used = $LicenseData.p1FeatureUtilizations.conditionalAccess.userCount + $P1Entitled = $LicenseData.entitledP1LicenseCount + $P1Usage = ($P1Used / $P1Entitled) * 100 + $P1Overage = $P1Used - $P1Entitled + + if ($P1Usage -gt $Threshold -and $P1Overage -ge 5) { + $Alerts.Add("P1 License utilization is at $([math]::Round($P1Usage,2))% (Using $P1Used of $P1Entitled licenses, over by $P1Overage)") + } + } + + # Check P2 License utilization + if ($LicenseData.entitledP2LicenseCount -gt 0) { + $P2Used = $LicenseData.p2FeatureUtilizations.riskBasedConditionalAccess.userCount + $P2Entitled = $LicenseData.entitledP2LicenseCount + $P2Usage = ($P2Used / $P2Entitled) * 100 + $P2Overage = $P2Used - $P2Entitled + + if ($P2Usage -gt $Threshold -and $P2Overage -ge 5) { + $Alerts.Add("P2 License utilization is at $([math]::Round($P2Usage,2))% (Using $P2Used of $P2Entitled licenses, over by $P2Overage)") + } + } + + if ($Alerts.Count -gt 0) { + $AlertData = "License Over-utilization Alert (Threshold: $Threshold%, Min Overage: 5): $($Alerts -join ' | ')" + Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData + } + + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -message "Failed to check license utilization: $($ErrorMessage.NormalizedError)" -API 'License Utilization Alert' -tenant $TenantFilter -sev Info -LogData $ErrorMessage + } +} From 18edb2f113d9a34eddb5c46ebe7fe9795f59915c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 14:09:27 -0500 Subject: [PATCH 054/138] pwpush updates --- .../CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 | 6 ++---- .../PassPushPosh/{1.2.0 => 1.2.1}/PSGetModuleInfo.xml | 0 Modules/PassPushPosh/{1.2.0 => 1.2.1}/PassPushPosh.psd1 | 4 ++-- Modules/PassPushPosh/{1.2.0 => 1.2.1}/PassPushPosh.psm1 | 9 ++++++--- 4 files changed, 10 insertions(+), 9 deletions(-) rename Modules/PassPushPosh/{1.2.0 => 1.2.1}/PSGetModuleInfo.xml (100%) rename Modules/PassPushPosh/{1.2.0 => 1.2.1}/PassPushPosh.psd1 (99%) rename Modules/PassPushPosh/{1.2.0 => 1.2.1}/PassPushPosh.psm1 (98%) diff --git a/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 b/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 index 0913609f5b96..6c816f6f5fc6 100644 --- a/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 +++ b/Modules/CippExtensions/Public/PwPush/Set-PwPushConfig.ps1 @@ -17,7 +17,7 @@ function Set-PwPushConfig { if ($Configuration.BaseUrl) { $InitParams.BaseUrl = $Configuration.BaseUrl } - if (![string]::IsNullOrEmpty($Configuration.EmailAddress) -or $Configuration.PWPushPro -eq $true) { + if (![string]::IsNullOrEmpty($Configuration.EmailAddress) -or $Configuration.UseBearerAuth -eq $true) { $ApiKey = Get-ExtensionAPIKey -Extension 'PWPush' if (![string]::IsNullOrEmpty($ApiKey)) { @@ -26,12 +26,10 @@ function Set-PwPushConfig { if (![string]::IsNullOrEmpty($Configuration.EmailAddress)) { $InitParams.EmailAddress = $Configuration.EmailAddress } - if ($Configuration.PWPushPro -eq $true) { + if ($Configuration.UseBearerAuth -eq $true) { $InitParams.AccountType = 'Pro' - $InitParams.Remove('BaseUrl') } } - Write-Information ($InitParams | ConvertTo-Json) $Module = Get-Module PassPushPosh -ListAvailable Write-Host $Module.Version diff --git a/Modules/PassPushPosh/1.2.0/PSGetModuleInfo.xml b/Modules/PassPushPosh/1.2.1/PSGetModuleInfo.xml similarity index 100% rename from Modules/PassPushPosh/1.2.0/PSGetModuleInfo.xml rename to Modules/PassPushPosh/1.2.1/PSGetModuleInfo.xml diff --git a/Modules/PassPushPosh/1.2.0/PassPushPosh.psd1 b/Modules/PassPushPosh/1.2.1/PassPushPosh.psd1 similarity index 99% rename from Modules/PassPushPosh/1.2.0/PassPushPosh.psd1 rename to Modules/PassPushPosh/1.2.1/PassPushPosh.psd1 index 1afc05451086..0e676121021f 100644 --- a/Modules/PassPushPosh/1.2.0/PassPushPosh.psd1 +++ b/Modules/PassPushPosh/1.2.1/PassPushPosh.psd1 @@ -3,7 +3,7 @@ # # Generated by: Adam Burley # -# Generated on: 2/6/2025 +# Generated on: 2/8/2025 # @{ @@ -12,7 +12,7 @@ RootModule = 'PassPushPosh.psm1' # Version number of this module. -ModuleVersion = '1.2.0' +ModuleVersion = '1.2.1' # Supported PSEditions CompatiblePSEditions = 'Core' diff --git a/Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 b/Modules/PassPushPosh/1.2.1/PassPushPosh.psm1 similarity index 98% rename from Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 rename to Modules/PassPushPosh/1.2.1/PassPushPosh.psm1 index 5abc0900bc2d..e4d7643eec11 100644 --- a/Modules/PassPushPosh/1.2.0/PassPushPosh.psm1 +++ b/Modules/PassPushPosh/1.2.1/PassPushPosh.psm1 @@ -604,6 +604,8 @@ function Get-SecretLink { your username + workstation or domain name. This way the UA can be semi-consistent across sessions but not identifying. + Note: User agent must meet [RFC9110](https://www.rfc-editor.org/rfc/rfc9110#name-user-agent) specifications or the Password Pusher API will reject the call. + .PARAMETER Force Force setting new information. If module is already initialized you can use this to Re-initialize with default settings. Implied if either ApiKey or BaseUrl is provided. @@ -626,7 +628,7 @@ function Get-SecretLink { .EXAMPLE # Set a custom User Agent - PS > InitializePassPushPosh -UserAgent "I'm a cool dude with a cool script." + PS > InitializePassPushPosh -UserAgent "My-CoolUserAgent/1.12.1" .LINK https://github.com/adamburley/PassPushPosh/blob/main/Docs/Initialize-PassPushPosh.md @@ -654,6 +656,7 @@ function Initialize-PassPushPosh { [Parameter(Position = 0, ParameterSetName = 'Anonymous')] [Parameter(Position = 2, ParameterSetName = 'Authenticated')] + [Parameter(ParameterSetName = 'Pro')] [ValidatePattern('^https?:\/\/[a-zA-Z0-9-_]+.[a-zA-Z0-9]+')] [string]$BaseUrl, @@ -703,7 +706,7 @@ function Initialize-PassPushPosh { $uAD64 = [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($userAtDomain)) Write-Debug "$userAtDomain transformed to $uAD64. First 20 characters $($uAD64.Substring(0,20))" # Version tag is replaced by the semantic version number at build time. See PassPushPosh/issues/11 for context - $UserAgent = "PassPushPosh/1.2.0 $osVersion/$($uAD64.Substring(0,20))" + $UserAgent = "PassPushPosh/1.2.1 $osVersion/$($uAD64.Substring(0,20))" # $UserAgent = "PassPushPosh/$((Get-Module -Name PassPushPosh).Version.ToString()) $osVersion/$($uAD64.Substring(0,20))" Write-Verbose "Generated user agent: $UserAgent" } @@ -715,7 +718,7 @@ function Initialize-PassPushPosh { Set-Variable -WhatIf:$false -Scope Script -Name PPPUserAgent -Value $UserAgent } } -#EndRegion '.\Public\Initialize-PassPushPosh.ps1' 143 +#EndRegion '.\Public\Initialize-PassPushPosh.ps1' 146 #Region '.\Public\New-Push.ps1' -1 <# From b70c6284177a5402b750862fd2cad5c0b8bf53bf Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 14:11:43 -0500 Subject: [PATCH 055/138] notification / logging improvements add option to send webhook now from notifications accept entire request header object for added fields, app id, ip address allow fallback for old username style --- .../CIPP/Core/Invoke-ExecAddAlert.ps1 | 39 ++++++++++++++----- .../Public/Entrypoints/Invoke-ListLogs.ps1 | 4 +- .../Public/GraphHelper/Write-LogMessage.ps1 | 31 ++++++++++++--- 3 files changed, 58 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAddAlert.ps1 index 837b439f0a9a..4d59debe39f5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAddAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecAddAlert.ps1 @@ -10,18 +10,37 @@ Function Invoke-ExecAddAlert { [CmdletBinding()] param($Request, $TriggerMetadata) - if ($Request.Body.sendEmailNow) { - $CIPPAlert = @{ - Type = 'email' - Title = 'Test Email Alert' - HTMLContent = 'This is a test from CIPP' - TenantFilter = 'PartnerTenant' + $Severity = 'Alert' + + $Result = if ($Request.Body.sendEmailNow -or $Request.Body.sendWebhookNow -eq $true -or $Request.Body.writeLog -eq $true) { + $Title = 'CIPP Notification Test' + if ($Request.Body.sendEmailNow) { + $CIPPAlert = @{ + Type = 'email' + Title = $Title + HTMLContent = $Request.Body.text + } + Send-CIPPAlert @CIPPAlert + } + if ($Request.Body.sendWebhookNow) { + $JSONContent = @{ + Title = $Title + Text = $Request.Body.text + } | ConvertTo-Json -Compress + $CIPPAlert = @{ + Type = 'webhook' + Title = $Title + JSONContent = $JSONContent + } + Send-CIPPAlert @CIPPAlert + } + if ($Request.Body.writeLog) { + Write-LogMessage -headers $Request.Headers -API 'Alerts' -message $Request.Body.text -Sev $Severity + 'Successfully generated alert.' } - $Result = Send-CIPPAlert @CIPPAlert } else { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Alerts' -message $request.body.text -Sev $request.body.Severity - $Result = 'Successfully generated alert.' - # Associate values to output bindings by calling 'Push-OutputBinding'. + Write-LogMessage -headers $Request.Headers -API 'Alerts' -message $Request.Body.text -Sev $Severity + 'Successfully generated alert.' } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 index 56d168243bd4..cb777d173a9c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 @@ -61,13 +61,15 @@ Function Invoke-ListLogs { } else { 'None' } + AppId = $Row.AppId + IP = $Row.IP } } } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = @($ReturnedLog) + Body = @($ReturnedLog | Sort-Object -Property DateTime -Descending) }) } diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 index 27560afaa984..6c8a5f518e20 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 @@ -8,14 +8,31 @@ function Write-LogMessage { $tenant = 'None', $API = 'None', $tenantId = $null, + $headers, $user, $sev, $LogData = '' ) - try { + if ($Headers.'x-ms-client-principal-idp' -eq 'azureStaticWebApps' -or !$Headers.'x-ms-client-principal-idp') { + $user = $headers.'x-ms-client-principal' $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails - } catch { - $username = $user + } elseif ($Headers.'x-ms-client-principal-idp' -eq 'aad') { + $Table = Get-CIPPTable -TableName 'ApiClients' + $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($headers.'x-ms-client-principal-name')'" + $username = $Client.AppName ?? 'CIPP-API' + $AppId = $headers.'x-ms-client-principal-name' + } else { + try { + $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails + } catch { + $username = $user + } + } + + if ($headers.'x-forwarded-for') { + $ForwardedFor = $headers.'x-forwarded-for' -split ',' | Select-Object -First 1 + $IPRegex = '^(?(?:\d{1,3}(?:\.\d{1,3}){3}|\[[0-9a-fA-F:]+\]|[0-9a-fA-F:]+))(?::\d+)?$' + $IPAddress = $ForwardedFor -replace $IPRegex, '$1' -replace '[\[\]]', '' } if ($LogData) { $LogData = ConvertTo-Json -InputObject $LogData -Depth 10 -Compress } @@ -40,8 +57,12 @@ function Write-LogMessage { 'FunctionNode' = [string]$env:WEBSITE_SITE_NAME 'LogData' = [string]$LogData } - - + if ($IPAddress) { + $TableRow.IP = [string]$IPAddress + } + if ($AppId) { + $TableRow.AppId = [string]$AppId + } if ($tenantId) { $TableRow.Add('TenantID', [string]$tenantId) } From e772de7ed1f90a38c8c4a061e83e56e39d37769d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 15:19:55 -0500 Subject: [PATCH 056/138] improve logging for http functions --- .../Public/CippQueue/Invoke-ListCippQueue.ps1 | 4 +-- .../CippQueue/Invoke-RemoveCippQueue.ps1 | 4 +-- .../CIPP/Core/Invoke-ExecDurableFunctions.ps1 | 2 +- .../CIPP/Core/Invoke-ExecEditTemplate.ps1 | 6 ++-- .../CIPP/Core/Invoke-ExecGeoIPLookup.ps1 | 2 +- .../CIPP/Core/Invoke-ExecGraphRequest.ps1 | 6 ++-- .../Core/Invoke-ExecSetCIPPAutoBackup.ps1 | 2 +- .../CIPP/Core/Invoke-GetCippAlerts.ps1 | 2 +- .../CIPP/Core/Invoke-GetVersion.ps1 | 2 +- .../CIPP/Core/Invoke-ListGraphRequest.ps1 | 2 +- .../Invoke-ExecExtensionMapping.ps1 | 6 ++-- .../Extensions/Invoke-ExecExtensionSync.ps1 | 2 +- .../Extensions/Invoke-ListExtensionSync.ps1 | 2 +- .../Scheduler/Invoke-AddScheduledItem.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecBackendURLs.ps1 | 2 +- .../Settings/Invoke-ExecCPVPermissions.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecCustomRole.ps1 | 4 +-- .../CIPP/Settings/Invoke-ExecDnsConfig.ps1 | 10 +++--- .../Settings/Invoke-ExecExcludeLicenses.ps1 | 10 +++--- .../Settings/Invoke-ExecExcludeTenant.ps1 | 12 +++---- .../Invoke-ExecMaintenanceScripts.ps1 | 4 +-- .../Invoke-ExecNotificationConfig.ps1 | 2 +- .../Settings/Invoke-ExecPasswordConfig.ps1 | 2 +- .../Settings/Invoke-ExecPermissionRepair.ps1 | 2 +- .../Settings/Invoke-ExecRestoreBackup.ps1 | 8 ++--- .../Settings/Invoke-ExecSAMAppPermissions.ps1 | 2 +- .../CIPP/Setup/Invoke-ExecSAMSetup.ps1 | 2 +- .../Invoke-AddConnectionFilter.ps1 | 10 +++--- .../Invoke-AddConnectionFilterTemplate.ps1 | 6 ++-- .../Email-Exchange/Invoke-AddContact.ps1 | 6 ++-- .../Email-Exchange/Invoke-AddExConnector.ps1 | 6 ++-- .../Invoke-AddExConnectorTemplate.ps1 | 6 ++-- .../Email-Exchange/Invoke-AddSpamFilter.ps1 | 6 ++-- .../Invoke-AddSpamFilterTemplate.ps1 | 6 ++-- .../Invoke-EditAntiPhishingFilter.ps1 | 6 ++-- .../Invoke-EditMalwareFilter.ps1 | 6 ++-- .../Invoke-EditSafeAttachmentsFilter.ps1 | 6 ++-- .../Invoke-EditSafeLinksFilter.ps1 | 6 ++-- .../Email-Exchange/Invoke-EditSpamFilter.ps1 | 6 ++-- .../Email-Exchange/Invoke-ExecCopyForSent.ps1 | 2 +- .../Invoke-ExecEditCalendarPermissions.ps1 | 2 +- .../Invoke-ExecEditMailboxPermissions.ps1 | 30 ++++++++--------- .../Invoke-ExecEmailForward.ps1 | 6 ++-- .../Invoke-ExecEnableArchive.ps1 | 2 +- .../Invoke-ExecGroupsDelete.ps1 | 2 +- .../Invoke-ExecGroupsDeliveryManagement.ps1 | 4 +-- .../Invoke-ExecGroupsHideFromGAL.ps1 | 4 +-- .../Email-Exchange/Invoke-ExecMailTest.ps1 | 2 +- .../Invoke-ExecMailboxMobileDevices.ps1 | 2 +- .../Invoke-ExecMailboxRestore.ps1 | 2 +- .../Invoke-ExecQuarantineManagement.ps1 | 6 ++-- .../Invoke-ExecSetMailboxQuota.ps1 | 10 +++--- .../Email-Exchange/Invoke-ExecSetOoO.ps1 | 2 +- .../Invoke-ListAntiPhishingFilters.ps1 | 2 +- .../Invoke-ListConnectionFilter.ps1 | 2 +- .../Invoke-ListConnectionFilterTemplates.ps1 | 2 +- .../Invoke-ListMailQuarantine.ps1 | 2 +- .../Invoke-ListMailQuarantineMessage.ps1 | 2 +- .../Invoke-ListMalwareFilters.ps1 | 2 +- .../Invoke-ListMessageTrace.ps1 | 4 +-- .../Email-Exchange/Invoke-ListRecipients.ps1 | 2 +- .../Invoke-ListSafeAttachmentsFilters.ps1 | 2 +- .../Invoke-ListSafeLinksFilters.ps1 | 2 +- .../Invoke-ListSpamFilterTemplates.ps1 | 2 +- .../Email-Exchange/Invoke-ListSpamfilter.ps1 | 2 +- .../Invoke-ListTransportRules.ps1 | 2 +- .../Invoke-ListTransportRulesTemplates.ps1 | 2 +- .../Applications/Invoke-AddChocoApp.ps1 | 6 ++-- .../Applications/Invoke-AddMSPApp.ps1 | 6 ++-- .../Applications/Invoke-AddOfficeApp.ps1 | 8 ++--- .../Applications/Invoke-AddStoreApp.ps1 | 6 ++-- .../Applications/Invoke-ExecAssignApp.ps1 | 6 ++-- .../Invoke-ListApplicationQueue.ps1 | 2 +- .../Endpoint/Applications/Invoke-ListApps.ps1 | 2 +- .../Invoke-ListAppsRepository.ps1 | 2 +- .../Endpoint/Autopilot/Invoke-AddAPDevice.ps1 | 6 ++-- .../Autopilot/Invoke-AddAutopilotConfig.ps1 | 2 +- .../Autopilot/Invoke-AddEnrollment.ps1 | 2 +- .../Autopilot/Invoke-ListAPDevices.ps1 | 2 +- .../MEM/Invoke-AddDefenderDeployment.ps1 | 10 +++--- .../Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 | 8 ++--- .../Endpoint/MEM/Invoke-AddPolicy.ps1 | 6 ++-- .../Endpoint/MEM/Invoke-EditPolicy.ps1 | 8 ++--- .../Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 | 6 ++-- .../Endpoint/MEM/Invoke-ExecDeviceAction.ps1 | 2 +- .../MEM/Invoke-ExecGetRecoveryKey.ps1 | 2 +- .../Endpoint/Reports/Invoke-ListDevices.ps1 | 2 +- .../Administration/Groups/Invoke-AddGroup.ps1 | 6 ++-- .../Groups/Invoke-AddGroupTemplate.ps1 | 6 ++-- .../Groups/Invoke-EditGroup.ps1 | 32 +++++++++---------- .../Invoke-ListGroupSenderAuthentication.ps1 | 12 +++---- .../Administration/Users/Invoke-AddGuest.ps1 | 8 ++--- .../Administration/Users/Invoke-AddUser.ps1 | 2 +- .../Users/Invoke-AddUserBulk.ps1 | 6 ++-- .../Users/Invoke-ExecClrImmId.ps1 | 2 +- .../Users/Invoke-ExecCreateTAP.ps1 | 2 +- .../Users/Invoke-ExecDismissRiskyUser.ps1 | 2 +- .../Users/Invoke-ExecOffboardUser.ps1 | 2 +- .../Users/Invoke-ExecOneDriveShortCut.ps1 | 2 +- .../Users/Invoke-ExecResetMFA.ps1 | 4 +-- .../Users/Invoke-ExecResetPass.ps1 | 4 +-- .../Users/Invoke-ExecRevokeSessions.ps1 | 2 +- .../Users/Invoke-ExecSendPush.ps1 | 4 +-- ...voke-ListUserConditionalAccessPolicies.ps1 | 2 +- .../Users/Invoke-ListUserCounts.ps1 | 2 +- .../Users/Invoke-ListUserDevices.ps1 | 2 +- .../Users/Invoke-ListUserGroups.ps1 | 2 +- .../Users/Invoke-ListUserMailboxDetails.ps1 | 2 +- .../Users/Invoke-ListUserSettings.ps1 | 4 +-- .../Users/Invoke-ListUserSigninLogs.ps1 | 4 +-- .../Administration/Users/Invoke-ListUsers.ps1 | 2 +- .../Identity/Reports/Invoke-ListBasicAuth.ps1 | 6 ++-- .../Security/Invoke-ExecAlertsList.ps1 | 2 +- .../Security/Invoke-ExecIncidentsList.ps1 | 2 +- .../Security/Invoke-ExecSetSecurityAlert.ps1 | 6 ++-- .../Invoke-ExecSetSecurityIncident.ps1 | 8 ++--- .../Teams-Sharepoint/Invoke-AddSite.ps1 | 4 +-- .../Teams-Sharepoint/Invoke-AddSiteBulk.ps1 | 4 +-- .../Teams-Sharepoint/Invoke-AddTeam.ps1 | 6 ++-- ...cRemoveTeamsVoicePhoneNumberAssignment.ps1 | 6 ++-- .../Invoke-ListSharepointSettings.ps1 | 2 +- .../Teams-Sharepoint/Invoke-ListTeams.ps1 | 2 +- .../Invoke-ListTeamsLisLocation.ps1 | 2 +- .../Invoke-ListTeamsVoice.ps1 | 2 +- .../Administration/Alerts/Invoke-AddAlert.ps1 | 2 +- .../Alerts/Invoke-ListAlertsQueue.ps1 | 2 +- .../Alerts/Invoke-ListAuditLogs.ps1 | 2 +- .../Alerts/Invoke-ListWebhookAlert.ps1 | 2 +- .../Alerts/Invoke-RemoveQueuedAlert.ps1 | 6 ++-- .../Invoke-ExecAddMultiTenantApp.ps1 | 2 +- .../Invoke-ExecAppApproval.ps1 | 2 +- .../Invoke-ExecAppPermissionTemplate.ps1 | 2 +- .../Administration/Invoke-ExecAddSPN.ps1 | 2 +- .../Invoke-ExecUpdateSecureScore.ps1 | 2 +- .../Invoke-ListAppConsentRequests.ps1 | 4 +-- .../Tenant/Invoke-ListTenantDetails.ps1 | 4 +-- .../Tenant/Invoke-ListTenants.ps1 | 6 ++-- .../Tenant/Conditional/Invoke-AddCAPolicy.ps1 | 6 ++-- .../Conditional/Invoke-AddCATemplate.ps1 | 6 ++-- .../Conditional/Invoke-AddNamedLocation.ps1 | 6 ++-- .../Conditional/Invoke-EditCAPolicy.ps1 | 6 ++-- .../Tenant/Conditional/Invoke-ExecCACheck.ps1 | 2 +- .../Conditional/Invoke-ExecCAExclusion.ps1 | 2 +- .../Conditional/Invoke-ExecNamedLocation.ps1 | 4 +-- .../Conditional/Invoke-ListCAtemplates.ps1 | 2 +- .../Invoke-ListConditionalAccessPolicies.ps1 | 2 +- ...oke-ListConditionalAccessPolicyChanges.ps1 | 6 ++-- .../Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 | 2 +- .../Invoke-ExecDeleteGDAPRelationship.ps1 | 4 +-- .../GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 | 4 +-- .../Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 | 6 ++-- .../GDAP/Invoke-ExecGDAPInviteApproved.ps1 | 2 +- .../GDAP/Invoke-ExecGDAPRemoveGArole.ps1 | 4 +-- .../Tenant/GDAP/Invoke-ListGDAPInvite.ps1 | 2 +- .../Tenant/GDAP/Invoke-ListGDAPQueue.ps1 | 2 +- .../Tenant/GDAP/Invoke-ListGDAPRoles.ps1 | 2 +- .../Standards/Invoke-AddStandardsDeploy.ps1 | 6 ++-- .../Standards/Invoke-AddStandardsTemplate.ps1 | 4 +-- .../Invoke-BestPracticeAnalyser_List.ps1 | 2 +- .../Standards/Invoke-ExecStandardsRun.ps1 | 2 +- .../Tenant/Standards/Invoke-ListBPA.ps1 | 2 +- .../Standards/Invoke-ListBPATemplates.ps1 | 4 +-- .../Standards/Invoke-ListDomainHealth.ps1 | 4 +-- .../Tenant/Tools/Invoke-AddBPATemplate.ps1 | 6 ++-- .../Tools/Invoke-ExecGraphExplorerPreset.ps1 | 2 +- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 6 ++-- .../Invoke-AddTenantAllowBlockList.ps1 | 6 ++-- .../Entrypoints/Invoke-ExecBreachSearch.ps1 | 2 +- .../Entrypoints/Invoke-ExecCSPLicense.ps1 | 2 +- .../Entrypoints/Invoke-ExecListAppId.ps1 | 2 +- .../Entrypoints/Invoke-ExecRestoreDeleted.ps1 | 2 +- .../Entrypoints/Invoke-ExecSendOrgMessage.ps1 | 2 +- .../Invoke-ExecUniversalSearch.ps1 | 2 +- .../Entrypoints/Invoke-ExecUserSettings.ps1 | 4 +-- .../Invoke-ListAllTenantDeviceCompliance.ps1 | 2 +- .../Entrypoints/Invoke-ListAppStatus.ps1 | 2 +- .../Invoke-ListAutopilotconfig.ps1 | 2 +- .../Invoke-ListBreachesAccount.ps1 | 2 +- .../Entrypoints/Invoke-ListCSPLicenses.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListCSPsku.ps1 | 2 +- .../Invoke-ListCalendarPermissions.ps1 | 2 +- .../Entrypoints/Invoke-ListDefenderState.ps1 | 2 +- .../Entrypoints/Invoke-ListDeviceDetails.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListDomains.ps1 | 2 +- .../Invoke-ListExConnectorTemplates.ps1 | 2 +- .../Invoke-ListExtensionsConfig.ps1 | 2 +- .../Invoke-ListExternalTenantInfo.ps1 | 2 +- .../Invoke-ListFunctionParameters.ps1 | 2 +- .../Entrypoints/Invoke-ListFunctionStats.ps1 | 2 +- .../Invoke-ListGenericTestFunction.ps1 | 2 +- .../Invoke-ListGraphExplorerPresets.ps1 | 2 +- .../Entrypoints/Invoke-ListGroupTemplates.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListGroups.ps1 | 2 +- .../Entrypoints/Invoke-ListHaloClients.ps1 | 2 +- .../Entrypoints/Invoke-ListIntuneIntents.ps1 | 2 +- .../Invoke-ListIntuneTemplates.ps1 | 2 +- .../Entrypoints/Invoke-ListKnownIPDb.ps1 | 2 +- .../Entrypoints/Invoke-ListLicenses.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListLogs.ps1 | 2 +- .../Entrypoints/Invoke-ListMFAUsers.ps1 | 2 +- .../Entrypoints/Invoke-ListMailboxCAS.ps1 | 2 +- .../Invoke-ListMailboxMobileDevices.ps1 | 2 +- .../Invoke-ListMailboxRestores.ps1 | 2 +- .../Entrypoints/Invoke-ListMailboxes.ps1 | 2 +- .../Entrypoints/Invoke-ListNamedLocations.ps1 | 2 +- .../Invoke-ListNotificationConfig.ps1 | 2 +- .../Entrypoints/Invoke-ListOAuthApps.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListOrg.ps1 | 2 +- .../Invoke-ListPartnerRelationships.ps1 | 2 +- .../Invoke-ListPendingWebhooks.ps1 | 2 +- .../Entrypoints/Invoke-ListPotentialApps.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListRoles.ps1 | 2 +- .../Entrypoints/Invoke-ListRoomLists.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListRooms.ps1 | 2 +- .../Entrypoints/Invoke-ListServiceHealth.ps1 | 2 +- ...Invoke-ListSharedMailboxAccountEnabled.ps1 | 2 +- .../Invoke-ListSharedMailboxStatistics.ps1 | 2 +- .../Invoke-ListSharepointQuota.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListSignIns.ps1 | 6 ++-- .../Entrypoints/Invoke-ListStandards.ps1 | 2 +- .../Invoke-ListTenantAllowBlockList.ps1 | 2 +- .../Invoke-ListmailboxPermissions.ps1 | 2 +- .../Invoke-RemoveTenantAllowBlockList.ps1 | 6 ++-- .../Webhooks/Invoke-RemoveWebhookAlert.ps1 | 6 ++-- 224 files changed, 415 insertions(+), 415 deletions(-) diff --git a/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 index 7914041f8cf4..dbb98151836b 100644 --- a/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 +++ b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 @@ -9,7 +9,7 @@ function Invoke-ListCippQueue { if ($Request) { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -72,4 +72,4 @@ function Invoke-ListCippQueue { } else { return $QueueData } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 index 656aa592c8a7..d1e23d071548 100644 --- a/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 +++ b/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 @@ -8,7 +8,7 @@ function Invoke-RemoveCippQueue { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -22,4 +22,4 @@ function Invoke-RemoveCippQueue { StatusCode = [HttpStatusCode]::OK Body = @{Results = @('History cleared') } }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1 index e056a656c402..484bc24dab25 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1 @@ -9,7 +9,7 @@ function Invoke-ExecDurableFunctions { param($Request, $TriggerMetadata) $APIName = 'ExecDurableStats' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Collect info $StorageContext = New-AzStorageContext -ConnectionString $env:AzureWebJobsStorage diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 index 0d765e27a478..2e15e8fb05e8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecEditTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $Table = Get-CippTable -tablename 'templates' @@ -34,12 +34,12 @@ Function Invoke-ExecEditTemplate { PartitionKey = "$Type" GUID = "$GUID" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Edited template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Edited template $($Request.body.name) with GUID $GUID" -Sev 'Debug' } $body = [pscustomobject]@{ 'Results' = 'Successfully saved the template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to edit template: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to edit template: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Editing template failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 index cd3dbc1a42b6..b5e7f33ab05b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecGeoIPLookup { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $IP = $Request.Query.IP ?? $Request.Body.IP if (-not $IP) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 index 7ebe9d3aa714..e0b22d65cdeb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 @@ -9,7 +9,7 @@ Function Invoke-ExecGraphRequest { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Function ConvertTo-FlatObject { # https://evotec.xyz/powershell-converting-advanced-object-to-flat-object/ - MIT License @@ -91,10 +91,10 @@ Function Invoke-ExecGraphRequest { } catch { continue } - } + } } - $GraphRequest = $RawGraphRequest | Where-Object -Property '@odata.context' -EQ $null | ConvertTo-FlatObject + $GraphRequest = $RawGraphRequest | Where-Object -Property '@odata.context' -EQ $null | ConvertTo-FlatObject $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 index 84721b1e06c1..4bd1c95f607c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 @@ -33,7 +33,7 @@ Function Invoke-ExecSetCIPPAutoBackup { Add-CIPPScheduledTask -Task $TaskBody -hidden $false $Result = @{ 'Results' = 'Scheduled Task Successfully created' } } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Alerts' -message $request.body.text -Sev $request.body.Severity + Write-LogMessage -headers $Request.Headers -API 'Alerts' -message $request.body.text -Sev $request.body.Severity # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 index 377bd557879b..114c574efc03 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 @@ -68,7 +68,7 @@ Function Invoke-GetCippAlerts { if ($Rows) { $Rows | ForEach-Object { $Alerts.Add($_) } } $Alerts = @($Alerts) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 index 61df91438485..073477d7f3d3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 @@ -11,7 +11,7 @@ Function Invoke-GetVersion { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $CIPPVersion = $request.query.localversion diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 index 45bede27c0b2..a2079706437f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 @@ -12,7 +12,7 @@ function Invoke-ListGraphRequest { $APIName = $TriggerMetadata.FunctionName $Message = 'Accessed this API | Endpoint: {0}' -f $Request.Query.Endpoint - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message $Message -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message $Message -Sev 'Debug' $CippLink = ([System.Uri]$TriggerMetadata.Headers.Referer).PathAndQuery diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 index fda01b0845c6..2a4664d3fd05 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecExtensionMapping { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -77,7 +77,7 @@ Function Invoke-ExecExtensionMapping { } } } catch { - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } @@ -102,7 +102,7 @@ Function Invoke-ExecExtensionMapping { } } } catch { - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 index 136009bd740b..53e541598c8f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecExtensionSync { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' switch ($Request.Query.Extension) { 'Gradient' { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 index dd1564a91e73..3605ad96a594 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListExtensionSync { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 index 86a74a58a459..d18b23b13473 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 @@ -15,7 +15,7 @@ Function Invoke-AddScheduledItem { $hidden = $true } $Result = Add-CIPPScheduledTask -Task $Request.body -hidden $hidden -DisallowDuplicateName $Request.query.DisallowDuplicateName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message $Result -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message $Result -Sev 'Info' Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 index 9dfb2932b4a3..0419cf6d2cb5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecBackendURLs { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Subscription = ($ENV:WEBSITE_OWNER_NAME).split('+') | Select-Object -First 1 $SWAName = $ENV:WEBSITE_SITE_NAME -replace 'cipp', 'CIPP-SWA-' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 index 11fbdb4022bd..fc38201782bb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecCPVPermissions { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 index b4614cd96b40..8206c0d0b0d3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCustomRole.ps1 @@ -11,7 +11,7 @@ function Invoke-ExecCustomRole { $Table = Get-CippTable -tablename 'CustomRoles' switch ($Request.Query.Action) { 'AddUpdate' { - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecCustomRole' -message "Saved custom role $($Request.Body.RoleName)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API 'ExecCustomRole' -message "Saved custom role $($Request.Body.RoleName)" -Sev 'Info' $Role = @{ 'PartitionKey' = 'CustomRoles' 'RowKey' = "$($Request.Body.RoleName.ToLower())" @@ -23,7 +23,7 @@ function Invoke-ExecCustomRole { $Body = @{Results = 'Custom role saved' } } 'Delete' { - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecCustomRole' -message "Deleted custom role $($Request.Body.RoleName)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API 'ExecCustomRole' -message "Deleted custom role $($Request.Body.RoleName)" -Sev 'Info' $Role = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Request.Body.RoleName)'" -Property RowKey, PartitionKey Remove-AzDataTableEntity -Force @Table -Entity $Role $Body = @{Results = 'Custom role deleted' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 index aaf16a8c8b10..c690857ba469 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecDnsConfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # List of supported resolvers $ValidResolvers = @( @@ -59,7 +59,7 @@ Function Invoke-ExecDnsConfig { } if ($updated) { Add-CIPPAzDataTableEntity @ConfigTable -Entity $Config -Force - Write-LogMessage -API $APINAME -tenant 'Global' -user $request.headers.'x-ms-client-principal' -message 'DNS configuration updated' -Sev 'Info' + Write-LogMessage -API $APINAME -tenant 'Global' -headers $Request.Headers -message 'DNS configuration updated' -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Success: DNS configuration updated.' } } else { $StatusCode = [HttpStatusCode]::BadRequest @@ -90,18 +90,18 @@ Function Invoke-ExecDnsConfig { } 'GetConfig' { $body = [pscustomobject]$Config - Write-LogMessage -API $APINAME -tenant 'Global' -user $request.headers.'x-ms-client-principal' -message 'Retrieved DNS configuration' -Sev 'Debug' + Write-LogMessage -API $APINAME -tenant 'Global' -headers $Request.Headers -message 'Retrieved DNS configuration' -Sev 'Debug' } 'RemoveDomain' { $Filter = "RowKey eq '{0}'" -f $Request.Query.Domain $DomainRow = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @DomainTable -Entity $DomainRow - Write-LogMessage -API $APINAME -tenant 'Global' -user $request.headers.'x-ms-client-principal' -message "Removed Domain - $($Request.Query.Domain) " -Sev 'Info' + Write-LogMessage -API $APINAME -tenant 'Global' -headers $Request.Headers -message "Removed Domain - $($Request.Query.Domain) " -Sev 'Info' $body = [pscustomobject]@{ 'Results' = "Domain removed - $($Request.Query.Domain)" } } } } catch { - Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "DNS Config API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -API $APINAME -tenant $($name) -headers $Request.Headers -message "DNS Config API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } $StatusCode = [HttpStatusCode]::BadRequest } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 index 1d554d031aef..61b8323b2b32 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecExcludeLicenses { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -32,7 +32,7 @@ Function Invoke-ExecExcludeLicenses { $Rows = Get-CIPPAzDataTableEntity @Table - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded licenses list' -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message 'got excluded licenses list' -Sev 'Info' } $body = @($Rows) } @@ -48,7 +48,7 @@ Function Invoke-ExecExcludeLicenses { } Add-CIPPAzDataTableEntity @Table -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added exclusion $($request.body.SKUName)" -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added exclusion $($request.body.SKUName)" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Success. We've added $($request.body.SKUName) to the excluded list." } } @@ -56,11 +56,11 @@ Function Invoke-ExecExcludeLicenses { $Filter = "RowKey eq '{0}' and PartitionKey eq 'License'" -f $Request.Body.GUID $Entity = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $Entity - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Removed exclusion $($Request.Query.GUID)" -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Removed exclusion $($Request.Query.GUID)" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Success. We've removed $($Request.query.guid) from the excluded list." } } } catch { - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Exclusion API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Exclusion API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 index ccb04d2bceb6..28feb2af77ae 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecExcludeTenant { [CmdletBinding()] param($Request, $TriggerMetadata) - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $user = $request.headers.'x-ms-client-principal' $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails @@ -20,11 +20,11 @@ Function Invoke-ExecExcludeTenant { if ($Request.Query.List) { $ExcludedFilter = "PartitionKey eq 'Tenants' and Excluded eq true" $ExcludedTenants = Get-CIPPAzDataTableEntity @TenantsTable -Filter $ExcludedFilter - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded tenants list' -Sev 'Debug' + Write-LogMessage -API $APINAME -headers $Request.Headers -message 'got excluded tenants list' -Sev 'Debug' $body = @($ExcludedTenants) } elseif ($Request.query.ListAll) { $ExcludedTenants = Get-CIPPAzDataTableEntity @TenantsTable -filter "PartitionKey eq 'Tenants'" | Sort-Object -Property displayName - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded tenants list' -Sev 'Debug' + Write-LogMessage -API $APINAME -headers $Request.Headers -message 'got excluded tenants list' -Sev 'Debug' $body = @($ExcludedTenants) } try { @@ -40,7 +40,7 @@ Function Invoke-ExecExcludeTenant { $Tenant } Update-AzDataTableEntity -Force @TenantsTable -Entity ([pscustomobject]$Excluded) - Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "Added exclusion for customer(s): $($Excluded.defaultDomainName -join ',')" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $($name) -headers $Request.Headers -message "Added exclusion for customer(s): $($Excluded.defaultDomainName -join ',')" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Success. Added exclusions for customer(s): $($Excluded.defaultDomainName -join ',')" } } @@ -52,11 +52,11 @@ Function Invoke-ExecExcludeTenant { $Tenant.ExcludeDate = '' Update-AzDataTableEntity -Force @TenantsTable -Entity $Tenant } - Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "Removed exclusion for customer $($name)" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $($name) -headers $Request.Headers -message "Removed exclusion for customer $($name)" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Success. We've removed $name from the excluded tenants." } } } catch { - Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "Exclusion API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -API $APINAME -tenant $($name) -headers $Request.Headers -message "Exclusion API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } if (!$body) { $body = @() } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 index fe01aed3123e..b325c5709203 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecMaintenanceScripts { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $GraphToken = Get-GraphToken -returnRefresh $true $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token @@ -67,7 +67,7 @@ Function Invoke-ExecMaintenanceScripts { } } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Failed to retrieve maintenance scripts. Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Failed to retrieve maintenance scripts. Error: $($_.Exception.Message)" -Sev 'Error' $Body = @{Status = "Failed to retrieve maintenance scripts $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 index 411400303392..0c322dbcc60f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecNotificationConfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 index 25e72a914e82..caabfb883294 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecPasswordConfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName Settings $PasswordType = (Get-CIPPAzDataTableEntity @Table) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPermissionRepair.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPermissionRepair.ps1 index 8f629db28e81..499d31a60a22 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPermissionRepair.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPermissionRepair.ps1 @@ -70,7 +70,7 @@ function Invoke-ExecPermissionRepair { $Body = @{ 'Results' = 'Permissions Updated' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'ExecPermissionRepair' -message 'CIPP-SAM Permissions Updated' -Sev 'Info' -LogData $Permissions + Write-LogMessage -headers $Request.Headers -API 'ExecPermissionRepair' -message 'CIPP-SAM Permissions Updated' -Sev 'Info' -LogData $Permissions } else { $Body = @{ 'Results' = 'No permissions to update' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 index e07e8e139dca..6ed98bddbdfc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecRestoreBackup { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { if ($Request.Body.BackupName -like 'CippBackup_*') { @@ -26,7 +26,7 @@ Function Invoke-ExecRestoreBackup { $Table.Entity = $ht2 Add-CIPPAzDataTableEntity @Table -Force } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Created backup' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Created backup' -Sev 'Debug' $body = [pscustomobject]@{ 'Results' = 'Successfully restored backup.' } @@ -43,14 +43,14 @@ Function Invoke-ExecRestoreBackup { $Table.Entity = $ht2 Add-AzDataTableEntity @Table -Force } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Created backup' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Created backup' -Sev 'Debug' $body = [pscustomobject]@{ 'Results' = 'Successfully restored backup.' } } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to restore backup: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to restore backup: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Backup restore failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecSAMAppPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecSAMAppPermissions.ps1 index 8aeeafdb6222..9b9ac162784a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecSAMAppPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecSAMAppPermissions.ps1 @@ -25,7 +25,7 @@ function Invoke-ExecSAMAppPermissions { $Body = @{ 'Results' = 'Permissions Updated' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'ExecSAMAppPermissions' -message 'CIPP-SAM Permissions Updated' -Sev 'Info' -LogData $Permissions + Write-LogMessage -headers $Request.Headers -API 'ExecSAMAppPermissions' -message 'CIPP-SAM Permissions Updated' -Sev 'Info' -LogData $Permissions } catch { $Body = @{ 'Results' = $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 index dbae65ac6247..f9cadc1bba58 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 @@ -31,7 +31,7 @@ Function Invoke-ExecSAMSetup { } $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 index e36aaea55402..84d0bfc756f1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 @@ -12,10 +12,10 @@ Function Invoke-AddConnectionFilter { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $RequestParams = $Request.Body.PowerShellCommand | - ConvertFrom-Json | + $RequestParams = $Request.Body.PowerShellCommand | + ConvertFrom-Json | Select-Object -Property *, @{Name='identity'; Expression={$_.name}} -ExcludeProperty GUID, comments, name $Tenants = ($Request.body.selectedTenants).value @@ -23,10 +23,10 @@ Function Invoke-AddConnectionFilter { try { $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Set-HostedConnectionFilterPolicy' -cmdParams $RequestParams "Successfully created Connectionfilter for $tenantfilter." - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Updated Connection filter rule for $($tenantfilter)" -sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenantfilter -message "Updated Connection filter rule for $($tenantfilter)" -sev Info } catch { "Could not create create Connection Filter rule for $($tenantfilter): $($_.Exception.message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Could not create create connection filter rule for $($tenantfilter): $($_.Exception.message)" -sev Error + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenantfilter -message "Could not create create connection filter rule for $($tenantfilter): $($_.Exception.message)" -sev Error } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 index 17b1fd994f4b..45654b000b3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddConnectionFilterTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host ($request | ConvertTo-Json -Compress) try { @@ -35,12 +35,12 @@ Function Invoke-AddConnectionFilterTemplate { RowKey = "$GUID" PartitionKey = 'ConnectionfilterTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Connection Filter Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Connection Filter Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Connection Filter Template: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to create Connection Filter Template: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "ConnectionFilter Template Deployment failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 index c52e2e60ffbd..d4690750af84 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddContact { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $contactobj = $Request.body @@ -31,10 +31,10 @@ Function Invoke-AddContact { Write-Host ( $NewContact | ConvertTo-Json) New-ExoRequest -tenantid $Request.body.tenantid -cmdlet 'Set-MailContact' -cmdparams @{identity = $NewContact.id; HiddenFromAddressListsEnabled = [boolean]$contactobj.hidefromGAL } -UseSystemMailbox $true $body = [pscustomobject]@{'Results' = 'Successfully added a contact.' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($contactobj.tenantid) -message "Created contact $($contactobj.displayname) with id $($GraphRequest.id) for " -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($contactobj.tenantid) -message "Created contact $($contactobj.displayname) with id $($GraphRequest.id) for " -Sev 'Info' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($contactobj.tenantid) -message "Contact creation API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($contactobj.tenantid) -message "Contact creation API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to create contact. $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 index 6f54028ddeb6..a0b760ac92b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddExConnector { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ConnectorType = ($Request.body.PowerShellCommand | ConvertFrom-Json).cippConnectorType $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, cippConnectorType, comments @@ -21,10 +21,10 @@ Function Invoke-AddExConnector { try { $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet "New-$($ConnectorType)connector" -cmdParams $RequestParams "Successfully created Connector for $Tenantfilter." - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Created Connector for $($Tenantfilter)" -sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $Tenantfilter -message "Created Connector for $($Tenantfilter)" -sev 'Info' } catch { "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)" -sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $Tenantfilter -message "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)" -sev 'Error' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 index 222c01f420ff..464bda068ccd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddExConnectorTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host ($request | ConvertTo-Json -Compress) @@ -41,11 +41,11 @@ Function Invoke-AddExConnectorTemplate { direction = $request.body.cippconnectortype PartitionKey = 'ExConnectorTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Connector Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Connector Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Connector Template: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to create Connector Template: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Connector Template creation failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 index 7d267b3c8ac1..55a9d9ca73ce 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 @@ -12,7 +12,7 @@ Function Invoke-AddSpamFilter { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, comments $RequestPriority = $Request.Body.Priority @@ -31,10 +31,10 @@ Function Invoke-AddSpamFilter { } $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'New-HostedContentFilterRule' -cmdParams $ruleparams "Successfully created spamfilter for $tenantfilter." - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Created spamfilter rule for $($tenantfilter)" -sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenantfilter -message "Created spamfilter rule for $($tenantfilter)" -sev Info } catch { "Could not create create spamfilter rule for $($tenantfilter): $($_.Exception.message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Could not create create spamfilter rule for $($tenantfilter): $($_.Exception.message)" -sev Error + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenantfilter -message "Could not create create spamfilter rule for $($tenantfilter): $($_.Exception.message)" -sev Error } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 index 37cf34b88916..b3beb3368964 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddSpamFilterTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host ($request | ConvertTo-Json -Compress) try { @@ -34,12 +34,12 @@ Function Invoke-AddSpamFilterTemplate { RowKey = "$GUID" PartitionKey = 'SpamfilterTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Spam Filter Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Spam Filter Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create Spam Filter Template: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to create Spam Filter Template: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Spamfilter Template Deployment failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 index 979da9a1c9b6..bae3c006f267 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 @@ -9,7 +9,7 @@ function Invoke-EditAntiPhishingFilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -40,11 +40,11 @@ function Invoke-EditAntiPhishingFilter { New-ExoRequest @ExoRequestParam $Result = "Sucessfully set Anti-Phishing rule $($Request.query.RuleName) to $($Request.query.State)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Result = "Failed setting Anti-Phishing rule $($Request.query.RuleName) to $($request.query.State). Error: $ErrorMessage" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 index 550cd11dce80..6b9450bd1842 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 @@ -9,7 +9,7 @@ function Invoke-EditMalwareFilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -40,11 +40,11 @@ function Invoke-EditMalwareFilter { New-ExoRequest @ExoRequestParam $Result = "Sucessfully set Malware Filter rule $($Request.query.RuleName) to $($Request.query.State)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Result = "Failed setting Malware Filter rule $($Request.query.RuleName) to $($request.query.State). Error: $ErrorMessage" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 index 15b3e4a489e4..70ef3fcf7a52 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 @@ -9,7 +9,7 @@ function Invoke-EditSafeAttachmentsFilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -40,11 +40,11 @@ function Invoke-EditSafeAttachmentsFilter { New-ExoRequest @ExoRequestParam $Result = "Sucessfully set SafeAttachment rule $($Request.query.RuleName) to $($Request.query.State)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Result = "Failed setting SafeAttachment rule $($Request.query.RuleName) to $($request.query.State). Error: $ErrorMessage" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 index d6263d9103cf..1adca2d99819 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 @@ -9,7 +9,7 @@ function Invoke-EditSafeLinksFilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -40,11 +40,11 @@ function Invoke-EditSafeLinksFilter { New-ExoRequest @ExoRequestParam $Result = "Sucessfully set SafeLinks rule $($Request.query.RuleName) to $($Request.query.State)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Result = "Failed setting SafeLinks rule $($Request.query.RuleName) to $($request.query.State). Error: $ErrorMessage" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message $Result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 index 931299cb6102..e09a95ae0972 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 @@ -11,7 +11,7 @@ Function Invoke-EditSpamFilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter $Params = @{ @@ -22,10 +22,10 @@ Function Invoke-EditSpamFilter { $cmdlet = if ($request.query.state -eq 'enable') { 'Enable-HostedContentFilterRule' } else { 'Disable-HostedContentFilterRule' } $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet $cmdlet -cmdParams $params -useSystemmailbox $true $Result = "Set Spamfilter rule to $($request.query.State)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Set Spamfilter rule $($Request.query.name) to $($request.query.State)" -sev Info + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenantfilter -message "Set Spamfilter rule $($Request.query.name) to $($request.query.State)" -sev Info } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenantfilter -message "Failed setting Spamfilter rule $($Request.query.guid) to $($request.query.State). Error:$ErrorMessage" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenantfilter -message "Failed setting Spamfilter rule $($Request.query.guid) to $($request.query.State). Error:$ErrorMessage" -Sev 'Error' $Result = $ErrorMessage } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 index 4aadbd74c563..3b002585d96e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecCopyForSent { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 index fbc9b085a552..d137714e0b70 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecEditCalendarPermissions { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Extract parameters from query or body $TenantFilter = if ($Request.query.TenantFilter) { $Request.query.TenantFilter } else { $Request.Body.TenantFilter } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 index d017f8ae65a4..ddec499c65f6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecEditMailboxPermissions { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME-message 'Accessed this API' -Sev 'Debug' $Username = $request.body.userID $Tenantfilter = $request.body.tenantfilter if ($username -eq $null) { exit } @@ -23,9 +23,9 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Remove-mailboxpermission' -cmdParams @{Identity = $userid; user = $RemoveUser; accessRights = @('FullAccess'); } $results.add("Removed $($removeuser) from $($username) Shared Mailbox permissions") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Removed $($RemoveUser) from $($username) Shared Mailbox permission" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Removed $($RemoveUser) from $($username) Shared Mailbox permission" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not remove mailbox permissions for $($removeuser) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not remove mailbox permissions for $($removeuser) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add("Could not remove $($removeuser) shared mailbox permissions for $($username). Error: $($_.Exception.Message)") } } @@ -35,10 +35,10 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Add-MailboxPermission' -cmdParams @{Identity = $userid; user = $UserAutomap; accessRights = @('FullAccess'); automapping = $true } $results.add( "Granted $($UserAutomap) access to $($username) Mailbox with automapping") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Granted $($UserAutomap) access to $($username) Mailbox with automapping" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Granted $($UserAutomap) access to $($username) Mailbox with automapping" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not add mailbox permissions for $($UserAutomap) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not add mailbox permissions for $($UserAutomap) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add( "Could not add $($UserAutomap) shared mailbox permissions for $($username). Error: $($_.Exception.Message)") } } @@ -48,9 +48,9 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Add-MailboxPermission' -cmdParams @{Identity = $userid; user = $UserNoAutomap; accessRights = @('FullAccess'); automapping = $false } $results.add( "Granted $UserNoAutomap access to $($username) Mailbox without automapping") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Granted $UserNoAutomap access to $($username) Mailbox without automapping" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Granted $UserNoAutomap access to $($username) Mailbox without automapping" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not add mailbox permissions for $($UserNoAutomap) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not add mailbox permissions for $($UserNoAutomap) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add("Could not add $($UserNoAutomap) shared mailbox permissions for $($username). Error: $($_.Exception.Message)") } } @@ -61,9 +61,9 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Add-RecipientPermission' -cmdParams @{Identity = $userid; Trustee = $UserSendAs; accessRights = @('SendAs') } $results.add( "Granted $UserSendAs access to $($username) with Send As permissions") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Granted $UserSendAs access to $($username) with Send As permissions" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Granted $UserSendAs access to $($username) with Send As permissions" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not add mailbox permissions for $($UserSendAs) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not add mailbox permissions for $($UserSendAs) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add("Could not add $($UserSendAs) send-as permissions for $($username). Error: $($_.Exception.Message)") } } @@ -74,9 +74,9 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Remove-RecipientPermission' -cmdParams @{Identity = $userid; Trustee = $UserSendAs; accessRights = @('SendAs') } $results.add( "Removed $UserSendAs from $($username) with Send As permissions") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Removed $UserSendAs from $($username) with Send As permissions" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Removed $UserSendAs from $($username) with Send As permissions" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not remove mailbox permissions for $($UserSendAs) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not remove mailbox permissions for $($UserSendAs) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add("Could not remove $($UserSendAs) send-as permissions for $($username). Error: $($_.Exception.Message)") } } @@ -87,9 +87,9 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $userid; GrantSendonBehalfTo = @{'@odata.type' = '#Exchange.GenericHashTable'; add = $UserSendOnBehalf }; } $results.add( "Granted $UserSendOnBehalf access to $($username) with Send On Behalf Permissions") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Granted $UserSendOnBehalf access to $($username) with Send On Behalf Permissions" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Granted $UserSendOnBehalf access to $($username) with Send On Behalf Permissions" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not add send on behalf permissions for $($UserSendOnBehalf) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not add send on behalf permissions for $($UserSendOnBehalf) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add("Could not add $($UserSendOnBehalf) send on behalf permissions for $($username). Error: $($_.Exception.Message)") } } @@ -100,9 +100,9 @@ Function Invoke-ExecEditMailboxPermissions { try { $MailboxPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $userid; GrantSendonBehalfTo = @{'@odata.type' = '#Exchange.GenericHashTable'; remove = $UserSendOnBehalf }; } $results.add( "Removed $UserSendOnBehalf from $($username) Send on Behalf Permissions") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Removed $UserSendOnBehalf from $($username) Send on Behalf Permissions" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Removed $UserSendOnBehalf from $($username) Send on Behalf Permissions" -Sev 'Info' -tenant $TenantFilter } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME-message "Could not Remove send on behalf permissions for $($UserSendOnBehalf) on $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not Remove send on behalf permissions for $($UserSendOnBehalf) on $($username)" -Sev 'Error' -tenant $TenantFilter $results.add("Could not remove $($UserSendOnBehalf) send on behalf permissions for $($username). Error: $($_.Exception.Message)") } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 index 1886cb55375b..e86d74345e28 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 @@ -27,7 +27,7 @@ Function Invoke-ExecEmailForward { $results = "Forwarding all email for $($username) to $($ForwardingAddress) and keeping a copy" } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not add forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Could not add forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter $results = "Could not add forwarding for $($username). Error: $($_.Exception.Message)" } @@ -42,7 +42,7 @@ Function Invoke-ExecEmailForward { $results = "Forwarding all email for $($username) to $($ForwardingSMTPAddress) and keeping a copy" } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not add forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Could not add forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter $results = "Could not add forwarding for $($username). Error: $($_.Exception.Message)" } @@ -54,7 +54,7 @@ Function Invoke-ExecEmailForward { Set-CIPPForwarding -userid $username -username $username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -Disable $true $results = "Disabled Email Forwarding for $($username)" } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not disable Email forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Could not disable Email forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter $results = "Could not disable Email forwarding for $($username). Error: $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 index f1dfb475b1cd..0e05be42558e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecEnableArchive { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 index d66af4964171..26fafac292dc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecGroupsDelete { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 index 1f096507bd61..8d007000d4d6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecGroupsDeliveryManagement { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -24,7 +24,7 @@ Function Invoke-ExecGroupsDeliveryManagement { $Results = [pscustomobject]@{'Results' = $SetResults } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Delivery Management failed: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Delivery Management failed: $($_.Exception.Message)" -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 index caf559918240..6eade0a0db90 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecGroupsHideFromGAL { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. Try { @@ -19,7 +19,7 @@ Function Invoke-ExecGroupsHideFromGAL { $Results = [pscustomobject]@{'Results' = $GroupStatus } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Hide/UnHide from GAL failed: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Hide/UnHide from GAL failed: $($_.Exception.Message)" -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 index a80a812b45d6..064d550020df 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecMailTest { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 index b633755f759b..67bdbb40d8ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecMailboxMobileDevices { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 index fe94e74424a1..dfe33f7268fc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 @@ -8,7 +8,7 @@ function Invoke-ExecMailboxRestore { Param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { switch ($Request.Query.Action) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 index 893302ffb327..c2fb07f15c71 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecQuarantineManagement { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -30,9 +30,9 @@ Function Invoke-ExecQuarantineManagement { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Release-QuarantineMessage' -cmdParams $Params $Results = [pscustomobject]@{'Results' = "Successfully processed $($Request.Body.Identity)" } - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message "Successfully processed Quarantine ID $($Request.Body.Identity)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message "Successfully processed Quarantine ID $($Request.Body.Identity)" -Sev 'Info' } catch { - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantFilter -message "Quarantine Management failed: $($_.Exception.Message)" -Sev 'Error' -LogData $_ + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message "Quarantine Management failed: $($_.Exception.Message)" -Sev 'Error' -LogData $_ $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 index f63df3442613..1deb1e696a8d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecSetMailboxQuota { param($Request, $TriggerMetadata) try { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = $request.body.user $Tenantfilter = $request.body.tenantfilter $quota = $Request.body.quota @@ -19,20 +19,20 @@ Function Invoke-ExecSetMailboxQuota { if ($Request.Body.ProhibitSendQuota) { $quota = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $Username; ProhibitSendQuota = $quota } "Changed ProhibitSendQuota for $username - $($message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Changed ProhibitSendQuota for $username - $($message)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Changed ProhibitSendQuota for $username - $($message)" -Sev 'Info' -tenant $TenantFilter } if ($Request.Body.ProhibitSendReceiveQuota) { $quota = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $Username; ProhibitSendReceiveQuota = $quota } "Changed ProhibitSendReceiveQuota for $username - $($message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Changed ProhibitSendReceiveQuota for $username - $($message)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Changed ProhibitSendReceiveQuota for $username - $($message)" -Sev 'Info' -tenant $TenantFilter } if ($Request.Body.IssueWarningQuota) { $quota = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $Username; IssueWarningQuota = $quota } "Changed IssueWarningQuota for $username - $($message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Changed IssueWarningQuota for $username - $($message)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Changed IssueWarningQuota for $username - $($message)" -Sev 'Info' -tenant $TenantFilter } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not adjust mailbox quota for $($username)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Could not adjust mailbox quota for $($username)" -Sev 'Error' -tenant $TenantFilter "Could not adjust mailbox quota for $($username). Error: $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 index 612be4253734..7bb4899bb463 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 @@ -9,7 +9,7 @@ Function Invoke-ExecSetOoO { param($Request, $TriggerMetadata) try { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'X-MS-CLIENT-PRINCIPAL' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = $request.body.userId $Tenantfilter = $request.body.tenantfilter if ($Request.body.input) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 index 45b9ee2b18ab..c4c85e2534fa 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 @@ -9,7 +9,7 @@ function Invoke-ListAntiPhishingFilters { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 index 61c62cef6d78..e226f78e0261 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListConnectionFilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 index b11f7c512fa8..318aee914177 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListConnectionFilterTemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' #List new policies diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 index 409b7652ccec..bb2f9cdf3a06 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 @@ -9,7 +9,7 @@ function Invoke-ListMailQuarantine { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 index 45127f00be8d..4099919dad3d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 @@ -9,7 +9,7 @@ function Invoke-ListMailQuarantineMessage { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $Request.Query.Tenantfilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 index 03836df0bc9e..0b7d74ed02b7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 @@ -9,7 +9,7 @@ function Invoke-ListMalwareFilters { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMessageTrace.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMessageTrace.ps1 index 9c7c3bc1482e..c2f51fd1d89e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMessageTrace.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMessageTrace.ps1 @@ -66,11 +66,11 @@ Function Invoke-ListMessageTrace { Write-Information ($SearchParams | ConvertTo-Json) New-ExoRequest -TenantId $TenantFilter -Cmdlet 'Get-MessageTrace' -CmdParams $SearchParams | Select-Object MessageTraceId, Status, Subject, RecipientAddress, SenderAddress, @{ Name = 'Received'; Expression = { $_.Received.ToString('u') } }, FromIP, ToIP - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($TenantFilter) -message 'Executed message trace' -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $($TenantFilter) -message 'Executed message trace' -Sev 'Info' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Failed executing messagetrace. Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Failed executing messagetrace. Error: $($_.Exception.Message)" -Sev 'Error' $trace = @{Status = "Failed to retrieve message trace $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 index e995daa9231c..6c9c900e57f3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListRecipients { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 index 511b1e3a2556..5528a6032faa 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 @@ -9,7 +9,7 @@ function Invoke-ListSafeAttachmentsFilters { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 index f5fa0d5932a9..c34a55eb6d86 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 @@ -9,7 +9,7 @@ function Invoke-ListSafeLinksFilters { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 index e38c63bbedbf..79008c20db8d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListSpamFilterTemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' #List new policies diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 index cb58d1a378f2..2c061a63c3d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListSpamfilter { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 index 283afe12e1ee..9d03f5fa93dd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListTransportRules { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 index 31fe9e6b04a9..1e33bbc6a198 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListTransportRulesTemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' $Templates = Get-ChildItem 'Config\*.TransportRuleTemplate.json' | ForEach-Object { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 index a2320397fa3f..6898bbdbccf2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddChocoApp { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' $ChocoApp = $request.body @@ -47,10 +47,10 @@ Function Invoke-AddChocoApp { PartitionKey = 'apps' } "Successfully added Choco App for $($Tenant) to queue." - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Successfully added Choco App $($intunebody.Displayname) to queue" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Successfully added Choco App $($intunebody.Displayname) to queue" -Sev 'Info' } catch { "Failed adding Choco App for $($Tenant) to queue" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Failed to add Chocolatey Application $($intunebody.Displayname) to queue" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Failed to add Chocolatey Application $($intunebody.Displayname) to queue" -Sev 'Error' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 index d0e3c340a7b5..2513df7a5658 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddMSPApp { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' $RMMApp = $request.body @@ -81,9 +81,9 @@ Function Invoke-AddMSPApp { status = 'Not Deployed yet' } "Successfully added MSP App for $($Tenant.defaultDomainName) to queue. " - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant.defaultDomainName -message "MSP Application $($intunebody.Displayname) added to queue" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant.defaultDomainName -message "MSP Application $($intunebody.Displayname) added to queue" -Sev 'Info' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant.defaultDomainName -message "Failed to add MSP Application $($intunebody.Displayname) to queue" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant.defaultDomainName -message "Failed to add MSP Application $($intunebody.Displayname) to queue" -Sev 'Error' "Failed to add MSP app for $($Tenant.defaultDomainName) to queue" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 index 907410fbe500..1347005f8a3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddOfficeApp { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Input bindings are passed in via param block. @@ -71,16 +71,16 @@ Function Invoke-AddOfficeApp { "Office deployment already exists for $($Tenant)" Continue } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($tenant) -message "Added Office profile to $($tenant)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $($tenant) -message "Added Office profile to $($tenant)" -Sev 'Info' if ($AssignTo) { $AssignO365 = if ($AssignTo -ne 'AllDevicesAndUsers') { '{"mobileAppAssignments":[{"@odata.type":"#microsoft.graph.mobileAppAssignment","target":{"@odata.type":"#microsoft.graph.' + $($AssignTo) + 'AssignmentTarget"},"intent":"Required"}]}' } else { '{"mobileAppAssignments":[{"@odata.type":"#microsoft.graph.mobileAppAssignment","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"},"intent":"Required"},{"@odata.type":"#microsoft.graph.mobileAppAssignment","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"},"intent":"Required"}]}' } Write-Host ($AssignO365) New-graphPostRequest -Uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($OfficeAppID.id)/assign" -tenantid $tenant -Body $AssignO365 -type POST - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($tenant) -message "Assigned Office to $AssignTo" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $($tenant) -message "Assigned Office to $AssignTo" -Sev 'Info' } "Successfully added Office App for $($Tenant)" } catch { "Failed to add Office App for $($Tenant): $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($tenant) -message "Failed to add Office App. Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $($tenant) -message "Failed to add Office App. Error: $($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 index ef098ff7b0d8..a14c13fb5e1c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddStoreApp { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' $WinGetApp = $request.body @@ -48,9 +48,9 @@ Function Invoke-AddStoreApp { status = 'Not Deployed yet' } "Successfully added Store App for $($Tenant) to queue." - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Successfully added Store App $($intunebody.Displayname) to queue" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Successfully added Store App $($intunebody.Displayname) to queue" -Sev 'Info' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Failed to add Store App $($intunebody.Displayname) to queue" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Failed to add Store App $($intunebody.Displayname) to queue" -Sev 'Error' "Failed added Store App for $($Tenant) to queue" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 index 74a83ce92927..988b2bf626e7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAssignApp { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -45,10 +45,10 @@ Function Invoke-ExecAssignApp { $body = [pscustomobject]@{'Results' = "$($TenantFilter): Assigned app to $assignTo" } try { $GraphRequest = New-Graphpostrequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$appFilter/assign" -tenantid $TenantFilter -body $Assignbody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Assigned $($appFilter) to $assignTo" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Assigned $($appFilter) to $assignTo" -Sev 'Info' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Failed to assign app $($appFilter): $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Failed to assign app $($appFilter): $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to assign. $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 index 0aa432beff14..b91d000b0837 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListApplicationQueue { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 index d5c13112058f..418f2965cb17 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListApps { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 index 4f9d60aa52df..5f7fbad84b24 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListAppsRepository { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Search = $Request.Body.Search $Repository = $Request.Body.Repository diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 index 1e1c57118f14..1ed85ff4d620 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddAPDevice { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -51,7 +51,7 @@ Function Invoke-AddAPDevice { $NewStatus = New-GraphgetRequest -uri "https://api.partnercenter.microsoft.com/v1/$($GraphRequest.Location)" -scope 'https://api.partnercenter.microsoft.com/user_impersonation' } until ($Newstatus.status -eq 'finished' -or $amount -eq 4) if ($NewStatus.status -ne 'finished') { throw 'Could not retrieve status of import - This job might still be running. Check the autopilot device list in 10 minutes for the latest status.' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($Request.body.TenantFilter.value) -message "Created Autopilot devices group. Group ID is $GroupName" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $($Request.body.TenantFilter.value) -message "Created Autopilot devices group. Group ID is $GroupName" -Sev 'Info' [PSCustomObject]@{ Status = 'Import Job Completed' @@ -62,7 +62,7 @@ Function Invoke-AddAPDevice { Status = "$($Request.body.TenantFilter.value): Failed to create autopilot devices. $($_.Exception.Message)" Devices = @() } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $($Request.body.TenantFilter.value) -message "Failed to create autopilot devices. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $($Request.body.TenantFilter.value) -message "Failed to create autopilot devices. $($_.Exception.Message)" -Sev 'Error' } $body = [pscustomobject]@{'Results' = $Result } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 index 1c737749e18a..b50837194750 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddAutopilotConfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 index 22179704004a..522f366ef2ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddEnrollment { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 index ab840b320596..a7c66e574c47 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListAPDevices { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 index f89edf45c78d..29803ba86c84 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddDefenderDeployment { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = ($Request.body.selectedTenants).value if ('AllTenants' -in $Tenants) { $Tenants = (Get-Tenants).defaultDomainName } @@ -99,7 +99,7 @@ Function Invoke-AddDefenderDeployment { if ($PolicySettings.AssignTo -ne 'None') { $AssignBody = if ($PolicySettings.AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($PolicySettings.AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' } $assign = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($PolicyRequest.id)')/assign" -tenantid $tenant -type POST -body $AssignBody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $($PolicySettings.AssignTo)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $($PolicySettings.AssignTo)" -Sev 'Info' } "$($Tenant): Successfully set Default AV Policy settings" } @@ -152,7 +152,7 @@ Function Invoke-AddDefenderDeployment { if ($ASR.AssignTo -ne 'none') { $AssignBody = if ($ASR.AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($asr.AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' } $assign = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($ASRRequest.id)')/assign" -tenantid $tenant -type POST -body $AssignBody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $($ASR.AssignTo)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $($ASR.AssignTo)" -Sev 'Info' } "$($Tenant): Successfully added ASR Settings" } @@ -227,14 +227,14 @@ Function Invoke-AddDefenderDeployment { if ($ASR.AssignTo -ne 'none') { $AssignBody = if ($ASR.AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($asr.AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' } $assign = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($EDRRequest.id)')/assign" -tenantid $tenant -type POST -body $AssignBody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned EDR policy $($Displayname) to $($ASR.AssignTo)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Assigned EDR policy $($Displayname) to $($ASR.AssignTo)" -Sev 'Info' } "$($Tenant): Successfully added EDR Settings" } } } catch { "Failed to add policy for $($Tenant): $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 index 884688b42915..5a2a59a2c0d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddIntuneTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $GUID = (New-Guid).GUID try { @@ -34,7 +34,7 @@ Function Invoke-AddIntuneTemplate { RowKey = "$GUID" PartitionKey = 'IntuneTemplate' } - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message "Created intune policy template named $($Request.Body.displayName) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created intune policy template named $($Request.Body.displayName) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } else { @@ -57,12 +57,12 @@ Function Invoke-AddIntuneTemplate { RowKey = "$GUID" PartitionKey = 'IntuneTemplate' } - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message "Created intune policy template $($Request.Body.displayName) with GUID $GUID using an original policy from a tenant" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created intune policy template $($Request.Body.displayName) with GUID $GUID using an original policy from a tenant" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } } catch { - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message "Intune Template Deployment failed: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Intune Template Deployment failed: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 index 0408fb793275..18f92c07cceb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddPolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = ($Request.Body.tenantFilter.value) if ('AllTenants' -in $Tenants) { $Tenants = (Get-Tenants).defaultDomainName } @@ -28,10 +28,10 @@ Function Invoke-AddPolicy { try { Write-Host 'Calling Adding policy' Set-CIPPIntunePolicy -TemplateType $Request.body.TemplateType -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $AssignTo -tenantFilter $Tenant - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Added policy $($Displayname)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Added policy $($Displayname)" -Sev 'Info' } catch { "$($_.Exception.Message)" - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 index 066e83cf11df..4cbf3192ddb7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 @@ -11,7 +11,7 @@ Function Invoke-EditPolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.body.tenantid $ID = $request.body.groupid @@ -22,17 +22,17 @@ Function Invoke-EditPolicy { $results = try { $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}' $Request = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('$ID')" -tenantid $tenant -type PATCH -body $CreateBody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Edited policy $($Displayname)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Edited policy $($Displayname)" -Sev 'Info' if ($AssignTo) { $AssignBody = if ($AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' } $assign = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('$($ID)')/assign" -tenantid $tenant -type POST -body $AssignBody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info' } "Successfully edited policy for $($Tenant)" } catch { "Failed to add policy for $($Tenant): $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed editing policy $($Displayname). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed editing policy $($Displayname). Error:$($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 index 4af8ca501a15..62367e940102 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAssignPolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.body.tenantfilter $ID = $request.body.id @@ -21,12 +21,12 @@ Function Invoke-ExecAssignPolicy { $results = try { if ($AssignTo) { $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.body.Type - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info' } "Successfully edited policy for $($Tenant)" } catch { "Failed to add policy for $($Tenant): $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed editing policy $($Displayname). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed editing policy $($Displayname). Error:$($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 index 7d5dfc2b29bc..c3ad979b19d1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecDeviceAction { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with Body parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 index 46df4d780496..0283ee5031b6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecGetRecoveryKey { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 index d4ed67595239..901490a6268e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListDevices { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 index b4e419b986cd..576795084ef5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddGroup { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $groupobj = $Request.body $SelectedTenants = $request.body.tenantfilter.value ? $request.body.tenantfilter.value : $request.body.tenantfilter @@ -72,10 +72,10 @@ Function Invoke-AddGroup { # At some point add logic to use AddOwner/AddMember for New-DistributionGroup, but idk how we're going to brr that - rvdwegen } "Successfully created group $($groupobj.displayname) for $($tenant)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id)" -Sev 'Info' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Group creation API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Group creation API failed. $($_.Exception.Message)" -Sev 'Error' "Failed to create group. $($groupobj.displayname) for $($tenant) $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 index ba41d2e6ed0d..f8de4aed6d1c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddGroupTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $GUID = (New-Guid).GUID try { @@ -32,11 +32,11 @@ Function Invoke-AddGroupTemplate { RowKey = "$GUID" PartitionKey = 'GroupTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Group template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Group template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Group Template Creation failed: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Group Template Creation failed: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Group Template Creation failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 index 2a56ba875dca..8e21640e45f4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 @@ -11,7 +11,7 @@ Function Invoke-EditGroup { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.ArrayList]@() $userobj = $Request.body @@ -38,10 +38,10 @@ Function Invoke-EditGroup { } else { New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)" -tenantid $TenantId -type patch -body $addmemberbody -Verbose } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Added $member to $($GroupName) group" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Added $member to $($GroupName) group" -Sev 'Info' $null = $results.add("Success. $member has been added to $($GroupName)") } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to add member $member to $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Failed to add member $member to $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' $null = $results.add("Failed to add member $member to $($GroupName): $($_.Exception.Message)") } } @@ -56,10 +56,10 @@ Function Invoke-EditGroup { if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') { $Params = @{ Identity = $userobj.groupid; Member = $member; BypassSecurityGroupManagerCheck = $true } New-ExoRequest -tenantid $TenantId -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true - Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Added $member to $($GroupName) group" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $TenantId -headers $Request.Headers -message "Added $member to $($GroupName) group" -Sev 'Info' $null = $results.add("Success. $member has been added to $($GroupName)") } else { - Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message 'You cannot add a contact to a security group' -Sev 'Error' + Write-LogMessage -API $APINAME -tenant $TenantId -headers $Request.Headers -message 'You cannot add a contact to a security group' -Sev 'Error' $null = $results.add('You cannot add a contact to a security group') } } catch { @@ -82,12 +82,12 @@ Function Invoke-EditGroup { $MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId) New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/members/$($MemberInfo.id)/`$ref" -tenantid $TenantId -type DELETE } - Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Removed $member from $($GroupName) group" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $TenantId -headers $Request.Headers -message "Removed $member from $($GroupName) group" -Sev 'Info' $null = $results.add("Success. Member $member has been removed from $($GroupName)") } } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveContact from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveContact from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' $null = $results.add("Could not remove $RemoveContact from $($GroupName). $($_.Exception.Message)") } @@ -105,12 +105,12 @@ Function Invoke-EditGroup { $MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId) New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/members/$($MemberInfo.id)/`$ref" -tenantid $TenantId -type DELETE } - Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Removed $member from $($GroupName) group" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $TenantId -headers $Request.Headers -message "Removed $member from $($GroupName) group" -Sev 'Info' $null = $results.add("Success. Member $member has been removed from $($GroupName)") } } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' $null = $results.add("Could not remove $RemoveMembers from $($GroupName). $($_.Exception.Message)") } @@ -122,7 +122,7 @@ Function Invoke-EditGroup { $ID = 'https://graph.microsoft.com/beta/users/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId).id Write-Host $ID $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/owners/`$ref" -tenantid $TenantId -type POST -body ('{"@odata.id": "' + $ID + '"}') - Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Added owner $_ to $($GroupName) group" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $TenantId -headers $Request.Headers -message "Added owner $_ to $($GroupName) group" -Sev 'Info' $null = $results.add("Success. $_ has been added $($GroupName)") } catch { $null = $results.add("Failed to add owner $_ to $($GroupName): Error:$($_.Exception.Message)") @@ -132,7 +132,7 @@ Function Invoke-EditGroup { } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $TenantId -API $APINAME -message "Add member API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -tenant $TenantId -API $APINAME -message "Add member API failed. $($_.Exception.Message)" -Sev 'Error' } $RemoveOwners = ($userobj.RemoveOwner).value @@ -142,7 +142,7 @@ Function Invoke-EditGroup { try { $MemberInfo = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantId) New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($userobj.groupid)/owners/$($MemberInfo.id)/`$ref" -tenantid $TenantId -type DELETE - Write-LogMessage -API $APINAME -tenant $TenantId -user $request.headers.'x-ms-client-principal' -message "Removed $($MemberInfo.UserPrincipalname) from $($userobj.displayname) group" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $TenantId -headers $Request.Headers -message "Removed $($MemberInfo.UserPrincipalname) from $($userobj.displayname) group" -Sev 'Info' $null = $results.add("Success. Member $_ has been removed from $($GroupName)") } catch { $null = $results.add("Failed to remove $_ from $($GroupName): $($_.Exception.Message)") @@ -150,7 +150,7 @@ Function Invoke-EditGroup { } } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Failed to remove $RemoveMembers from $($GroupName). Error:$($_.Exception.Message)" -Sev 'Error' $body = $results.add("Could not remove $RemoveMembers from $($GroupName). $($_.Exception.Message)") } @@ -160,7 +160,7 @@ Function Invoke-EditGroup { $body = $results.add("Allowed external senders to send to $($userobj.mail).") } catch { $body = $results.add("Failed to allow external senders to send to $($userobj.mail).") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to allow external senders for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Failed to allow external senders for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error' } } @@ -180,10 +180,10 @@ Function Invoke-EditGroup { $body = $results.add("Send Copies of team emails and events to team members inboxes for $($userobj.mail) enabled.") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Send Copies of team emails and events to team members inboxes for $($userobj.mail) enabled." -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Send Copies of team emails and events to team members inboxes for $($userobj.mail) enabled." -Sev 'Info' } catch { $body = $results.add("Failed to Send Copies of team emails and events to team members inboxes for $($userobj.mail).") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $TenantId -message "Failed to Send Copies of team emails and events to team members inboxes for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantId -message "Failed to Send Copies of team emails and events to team members inboxes for $($userobj.mail). Error:$($_.Exception.Message)" -Sev 'Error' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 index 97ca6fe52147..4788aeb17f95 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 @@ -5,7 +5,7 @@ Function Invoke-ListGroupSenderAuthentication { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -19,17 +19,17 @@ Function Invoke-ListGroupSenderAuthentication { Identity = $groupid } - + try { switch ($GroupType) { 'Distribution List' { Write-Host 'Checking DL' - $State = (New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-DistributionGroup' -cmdParams $params -UseSystemMailbox $true).RequireSenderAuthenticationEnabled + $State = (New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-DistributionGroup' -cmdParams $params -UseSystemMailbox $true).RequireSenderAuthenticationEnabled } 'Microsoft 365' { Write-Host 'Checking M365 Group' - $State = (New-ExoRequest -tenantid $TenantFilter -cmdlet 'get-unifiedgroup' -cmdParams $params -UseSystemMailbox $true).RequireSenderAuthenticationEnabled - + $State = (New-ExoRequest -tenantid $TenantFilter -cmdlet 'get-unifiedgroup' -cmdParams $params -UseSystemMailbox $true).RequireSenderAuthenticationEnabled + } default { $state = $true } } @@ -40,7 +40,7 @@ Function Invoke-ListGroupSenderAuthentication { # We flip the value because the API is asking if the group is allowed to receive external mail Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = [HttpStatusCode]::OK Body = @{ allowedToReceiveExternal = !$state } }) } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 index 440d8c3d2865..ec56980d6794 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddGuest { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.ArrayList]@() $userobj = $Request.body @@ -37,13 +37,13 @@ Function Invoke-AddGuest { $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/invitations' -tenantid $Userobj.tenantFilter -type POST -body $BodyToship -verbose if ($Userobj.sendInvite -eq 'true') { $results.add('Invited Guest. Invite Email sent') - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantFilter) -message "Invited Guest $($userobj.displayname) with Email Invite " -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantFilter) -message "Invited Guest $($userobj.displayname) with Email Invite " -Sev 'Info' } else { $results.add('Invited Guest. No Invite Email was sent') - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantFilter) -message "Invited Guest $($userobj.displayname) with no Email Invite " -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantFilter) -message "Invited Guest $($userobj.displayname) with no Email Invite " -Sev 'Info' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantFilter) -message "Guest Invite API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantFilter) -message "Guest Invite API failed. $($_.Exception.Message)" -Sev 'Error' $body = $results.add("Failed to Invite Guest. $($_.Exception.Message)" ) } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 index 0d4f7f24a488..ad799229bdfa 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddUser { param($Request, $TriggerMetadata) $APIName = 'AddUser' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $UserObj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserBulk.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserBulk.ps1 index 25150677f7cd..834f3ea75238 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserBulk.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserBulk.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddUserBulk { param($Request, $TriggerMetadata) $APIName = 'AddUserBulk' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.TenantFilter $Body = foreach ($userobj in $request.body.BulkUser) { if ($userobj.usageLocation.value) { @@ -32,7 +32,7 @@ Function Invoke-AddUserBulk { Write-Host "Our body to ship is $bodyToShip" $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter -type POST -body $BodyToship Write-Host "Graph request is $GraphRequest" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Created user $($userobj.displayname) with id $($GraphRequest.id) " -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($TenantFilter) -message "Created user $($userobj.displayname) with id $($GraphRequest.id) " -Sev 'Info' #PWPush $PasswordLink = New-PwPushLink -Payload $password @@ -42,7 +42,7 @@ Function Invoke-AddUserBulk { $results = "Created user $($UserprincipalName). Password is $password" } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($TenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' $results = "Failed to create user $($UserprincipalName). $($_.Exception.Message)" } [PSCustomObject]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 index 6ebf2e66750b..5220d4b86f31 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecClrImmId { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 index 5aa1ac84f245..239018057093 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecCreateTAP { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 index 9d4a9e2e55e4..29f971c8a98c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 @@ -9,7 +9,7 @@ function Invoke-ExecDismissRiskyUser { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' $TenantFilter = $Request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 index c692f729818d..c4634144497a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 @@ -14,7 +14,7 @@ Function Invoke-ExecOffboardUser { $Results = foreach ($username in $AllUsers) { try { $APIName = 'ExecOffboardUser' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.body.Scheduled.enabled) { $taskObject = [PSCustomObject]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 index d34101aa3923..bd0a2052a3b7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecOneDriveShortCut { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Try { $MessageResult = New-CIPPOneDriveShortCut -username $Request.Body.username -userid $Request.Body.userid -TenantFilter $Request.Body.tenantFilter -URL $Request.Body.siteUrl.value -ExecutingUser $request.headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 index ee9e9b65487c..63f5c5c21001 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecResetMFA { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter @@ -23,7 +23,7 @@ Function Invoke-ExecResetMFA { } } catch { $Body = [pscustomobject]@{'Results' = "Failed to reset MFA methods for $($Request.Query.ID): $(Get-NormalizedError -message $_.Exception.Message)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to reset MFA for user $($Request.Query.ID): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to reset MFA for user $($Request.Query.ID): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 index 98be3b461aa4..7c373fd46362 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecResetPass { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -26,7 +26,7 @@ Function Invoke-ExecResetPass { $Results = [pscustomobject]@{'Results' = $Reset } } catch { $Results = [pscustomobject]@{'Results' = "Failed to reset password for $($Request.query.displayName): $($_.Exception.Message)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to reset password for $($Request.query.displayName): $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to reset password for $($Request.query.displayName): $($_.Exception.Message)" -Sev 'Error' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 index a17b40139b05..d956ce15973c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecRevokeSessions { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 index 38ca6d3d876e..cdac48833a53 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecSendPush { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.TenantFilter $UserEmail = $Request.body.UserEmail @@ -114,7 +114,7 @@ Function Invoke-ExecSendPush { } $Results = [pscustomobject]@{'Results' = $Body; severity = $colour } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Sent push request to $UserEmail - Result: $($obj.BeginTwoWayAuthenticationResponse.result.value | Out-String)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Sent push request to $UserEmail - Result: $($obj.BeginTwoWayAuthenticationResponse.result.value | Out-String)" -Sev 'Info' Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 index c717f77589f1..0976bd5d9fd0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListUserConditionalAccessPolicies { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 index d67251b461e0..6e17a7c5e36e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListUserCounts { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 index 0c36e75712fd..961da48a1053 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListUserDevices { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 index 26676aec5623..6fe9a598038d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListUserGroups { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 index f6581a8abaf6..231b9395b5b7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListUserMailboxDetails { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 index 85b59ec479fd..d58064d9a984 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 @@ -10,7 +10,7 @@ function Invoke-ListUserSettings { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails try { @@ -30,4 +30,4 @@ function Invoke-ListUserSettings { Body = $Results }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 index d92d6e241df5..1013dbcd4728 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListUserSigninLogs { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $top = $Request.Query.top ? $Request.Query.top : 50 # Write to the Azure Functions log stream. @@ -31,7 +31,7 @@ Function Invoke-ListUserSigninLogs { Body = @($GraphRequest) }) } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to retrieve Sign In report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to retrieve Sign In report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = '500' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUsers.ps1 index e138cc02e470..0f6ff909234f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUsers.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUsers { [CmdletBinding()] param($Request, $TriggerMetadata) - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuth.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuth.ps1 index aacc1676381a..59771940285b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuth.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuth.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListBasicAuth { # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter $currentTime = Get-Date -Format 'yyyy-MM-ddTHH:MM:ss' @@ -26,7 +26,7 @@ Function Invoke-ListBasicAuth { try { $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/auditLogs/signIns?api-version=beta&filter=$($filters)" -tenantid $TenantFilter -erroraction stop | Select-Object userPrincipalName, clientAppUsed, Status | Sort-Object -Unique -Property userPrincipalName $response = $GraphRequest - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Retrieved basic authentication report' -Sev 'Debug' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Retrieved basic authentication report' -Sev 'Debug' -tenant $TenantFilter # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ @@ -34,7 +34,7 @@ Function Invoke-ListBasicAuth { Body = @($response) }) } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to retrieve basic authentication report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to retrieve basic authentication report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = '500' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 index 2fad771b8707..16c30253cb83 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAlertsList { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 index bf31040b83a8..63f5f05232ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecIncidentsList { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 index da3bc31ab858..88a5ce66e560 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecSetSecurityAlert { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $tenantfilter = $Request.Query.TenantFilter @@ -20,11 +20,11 @@ Function Invoke-ExecSetSecurityAlert { $AssignBody = '{"status":"' + $Status + '","vendorInformation":{"provider":"' + $Request.query.provider + '","vendor":"' + $Request.query.vendor + '"}}' try { $GraphRequest = New-Graphpostrequest -uri "https://graph.microsoft.com/beta/security/alerts/$AlertFilter" -type PATCH -tenantid $TenantFilter -body $Assignbody - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Set alert $AlertFilter to status $Status" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Set alert $AlertFilter to status $Status" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Set status for alert to $Status" } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Failed to update alert $($AlertFilter): $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Failed to update alert $($AlertFilter): $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to change status: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 index b1065f721a29..de928814591d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecSetSecurityIncident { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $first = '' # Interact with query parameters or the body of the request. @@ -60,15 +60,15 @@ Function Invoke-ExecSetSecurityIncident { $ResponseBody = [pscustomobject]@{'Results' = $BodyBuild } New-Graphpostrequest -uri "https://graph.microsoft.com/beta/security/incidents/$IncidentFilter" -type PATCH -tenantid $TenantFilter -body $Assignbody -asApp $true - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Update incident $IncidentFilter with values $Assignbody" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Update incident $IncidentFilter with values $Assignbody" -Sev 'Info' } else { $ResponseBody = [pscustomobject]@{'Results' = 'Cannot update redirected incident' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Refuse to pdate incident $IncidentFilter with values $Assignbody because it is redirected to another incident" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Refuse to pdate incident $IncidentFilter with values $Assignbody because it is redirected to another incident" -Sev 'Info' } $body = $ResponseBody } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "Failed to update alert $($AlertFilter): $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantfilter) -message "Failed to update alert $($AlertFilter): $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to update incident: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 index ab7474163cdc..211ad69a3e80 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddSite { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $SharePointObj = $Request.body @@ -19,7 +19,7 @@ Function Invoke-AddSite { $SharePointSite = New-CIPPSharepointSite -SiteName $SharePointObj.siteName -SiteDescription $SharePointObj.siteDescription -SiteOwner $SharePointObj.siteOwner.value -TemplateName $SharePointObj.templateName.value -SiteDesign $SharePointObj.siteDesign.value -SensitivityLabel $SharePointObj.sensitivityLabel -TenantFilter $SharePointObj.tenantFilter $body = [pscustomobject]@{'Results' = $SharePointSite } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Adding SharePoint Site failed. Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantid) -message "Adding SharePoint Site failed. Error: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. Error message: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 index ff9eb3cfce9e..b782437d012a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddSiteBulk { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.ArrayList]@() @@ -21,7 +21,7 @@ Function Invoke-AddSiteBulk { $SharePointSite = New-CIPPSharepointSite -SiteName $SharePointObj.siteName -SiteDescription $SharePointObj.siteDescription -SiteOwner $SharePointObj.siteOwner -TemplateName $SharePointObj.templateName -SiteDesign $SharePointObj.siteDesign -SensitivityLabel $SharePointObj.sensitivityLabel -TenantFilter $Request.body.TenantFilter $Results.add($SharePointSite) } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Adding SharePoint Site failed. Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantid) -message "Adding SharePoint Site failed. Error: $($_.Exception.Message)" -Sev 'Error' $Results.add("Failed to create $($sharepointObj.siteName) Error message: $($_.Exception.Message)") } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 index ffeb0da53459..9cfe8a52d836 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddTeam { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $userobj = $Request.body @@ -43,11 +43,11 @@ Function Invoke-AddTeam { Write-Host $TeamsSettings New-GraphPostRequest -AsApp $true -uri 'https://graph.microsoft.com/beta/teams' -tenantid $Userobj.tenantid -type POST -body $TeamsSettings -verbose - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Added Team $($userobj.displayname)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantid) -message "Added Team $($userobj.displayname)" -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Success. Team has been added' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Adding Team failed. Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($userobj.tenantid) -message "Adding Team failed. Error: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. Error message: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 index 55619f07deb5..3ee1e2250544 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 @@ -11,17 +11,17 @@ Function Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $tenantFilter = $Request.Body.TenantFilter try { $null = New-TeamsRequest -TenantFilter $TenantFilter -Cmdlet 'Remove-CsPhoneNumberAssignment' -CmdParams @{Identity = $Request.Body.AssignedTo; PhoneNumber = $Request.Body.PhoneNumber; PhoneNumberType = $Request.Body.PhoneNumberType; ErrorAction = 'stop'} $Results = [pscustomobject]@{'Results' = "Successfully unassigned $($Request.Body.PhoneNumber) from $($Request.Body.AssignedTo)"} - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev 'Info' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Results = [pscustomobject]@{'Results' = $ErrorMessage} - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 index 2b04807cd4e1..86eb8235784b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListSharepointSettings { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 index 743568fe8bed..f0700efa9beb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListTeams { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 index 198f83c4680a..8026286f547c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListTeamsLisLocation { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.TenantFilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index 8d2b692325fb..cff8ca2c0c07 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListTeamsVoice { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 index abbb442d17fa..f98a76224444 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddAlert { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = $request.body.tenantFilter $Conditions = $request.body.conditions | ConvertTo-Json -Compress -Depth 10 | Out-String $TenantsJson = $Tenants | ConvertTo-Json -Compress -Depth 10 | Out-String diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 index fe7aaa7ebc88..3e25c875d0dc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListAlertsQueue { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogs.ps1 index c70fdcb98bdb..9915eef063b7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogs.ps1 @@ -9,7 +9,7 @@ function Invoke-ListAuditLogs { param($Request, $TriggerMetadata) $APIName = 'ListAuditLogs' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.TenantFilter $FilterConditions = [System.Collections.Generic.List[string]]::new() diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 index 1741ed98fcaf..41377a472604 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListWebhookAlert { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = get-cipptable -TableName 'SchedulerConfig' $WebhookRow = foreach ($Webhook in Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKey -EQ 'WebhookAlert') { $Webhook.If = $Webhook.If | ConvertFrom-Json diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 index f916f4436a04..ed7e10846f5f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemoveQueuedAlert { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.query.EventType -eq 'Audit log Alert') { $Table = 'WebhookRules' @@ -25,11 +25,11 @@ Function Invoke-RemoveQueuedAlert { $Filter = "RowKey eq '{0}'" -f $ID $Alert = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $Alert - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Removed application queue for $ID." -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Removed application queue for $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed from queue.' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to remove from queue $ID. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to remove from queue $ID. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to remove alert from queue $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 index f614bee7290e..e11d8e0ccc6b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 @@ -10,7 +10,7 @@ function Invoke-ExecAddMultiTenantApp { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $DelegateResources = $request.body.permissions | Where-Object -Property origin -EQ 'Delegated' | ForEach-Object { @{ id = $_.id; type = 'Scope' } } $DelegateResourceAccess = @{ ResourceAppId = '00000003-0000-0000-c000-000000000000'; resourceAccess = $DelegateResources } $ApplicationResources = $request.body.permissions | Where-Object -Property origin -EQ 'Application' | ForEach-Object { @{ id = $_.id; type = 'Role' } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 index b79ef41afb72..408516df3601 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAppApproval { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppPermissionTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppPermissionTemplate.ps1 index a095252512f4..1549381f3f50 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppPermissionTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppPermissionTemplate.ps1 @@ -28,7 +28,7 @@ function Invoke-ExecAppPermissionTemplate { 'Results' = 'Template Saved' 'TemplateId' = $Entity.RowKey } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'ExecAppPermissionTemplate' -message "Permissions Saved for template: $($Request.Body.TemplateName)" -Sev 'Info' -LogData $Permissions + Write-LogMessage -headers $Request.Headers -API 'ExecAppPermissionTemplate' -message "Permissions Saved for template: $($Request.Body.TemplateName)" -Sev 'Info' -LogData $Permissions } catch { $Body = @{ 'Results' = $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 index b52867e7f0da..442a4116e3a5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAddSPN { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $Body = if ($Request.Query.Enable) { '{"accountEnabled":"true"}' } else { '{"accountEnabled":"false"}' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 index cef9df318e34..6cd6c9a6bbdc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecUpdateSecureScore { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $Body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 index 7e8a8603896d..cb1ee3a01536 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 @@ -11,7 +11,7 @@ function Invoke-ListAppConsentRequests { $APIName = $TriggerMetadata.FunctionName $TenantFilter = $Request.Query.TenantFilter - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { if ($Request.Query.TenantFilter -eq 'AllTenants') { @@ -58,4 +58,4 @@ function Invoke-ListAppConsentRequests { StatusCode = $StatusCode Body = @($Results) }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 index 2b63da2523bd..f92ec63a8dfe 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListTenantDetails { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $tenantfilter = $Request.Query.TenantFilter @@ -29,7 +29,7 @@ Function Invoke-ListTenantDetails { }) } catch { # Log the exception message - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Error: $($_.Exception.Message)" -Sev 'Error' # Respond with a 500 error and include the exception message in the response body Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 index 4227a6f78be8..c17fbd6734ea 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListTenants { $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantAccess = Test-CIPPAccess -Request $Request -TenantList Write-Host "Tenant Access: $TenantAccess" @@ -92,9 +92,9 @@ Function Invoke-ListTenants { $body = $Tenants | Where-Object -Property defaultDomainName -EQ $Tenantfilter } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Tenantfilter -API $APINAME -message 'Listed Tenant Details' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -tenant $Tenantfilter -API $APINAME -message 'Listed Tenant Details' -Sev 'Debug' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Tenantfilter -API $APINAME -message "List Tenant failed. The error is: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -tenant $Tenantfilter -API $APINAME -message "List Tenant failed. The error is: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{ 'Results' = "Failed to retrieve tenants: $($_.Exception.Message)" defaultDomainName = '' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 index e1f21ae1e974..0b812a5c99f3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddCAPolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = $Request.body.tenantFilter.value if ('AllTenants' -in $Tenants) { $Tenants = (Get-Tenants).defaultDomainName } @@ -19,11 +19,11 @@ Function Invoke-AddCAPolicy { $results = foreach ($Tenant in $tenants) { try { $CAPolicy = New-CIPPCAPolicy -replacePattern $Request.body.replacename -Overwrite $request.body.overwrite -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($Displayname)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($Displayname)" -Sev 'Info' "Successfully added Conditional Access Policy for $($Tenant)" } catch { "Failed to add policy for $($Tenant): $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed to add Conditional Access Policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed to add Conditional Access Policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 index ade9db4a3232..34272cbcaab9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddCATemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Body.TenantFilter try { @@ -25,11 +25,11 @@ Function Invoke-AddCATemplate { PartitionKey = 'CATemplate' GUID = "$GUID" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create CA Template: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to create CA Template: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 index bdf30b746d29..4aa7f9e97f65 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddNamedLocation { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -43,11 +43,11 @@ Function Invoke-AddNamedLocation { $Body = ConvertTo-Json -InputObject $ObjBody $GraphRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -body $body -Type POST -tenantid $tenant "Successfully added Named Location for $($Tenant)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Added Named Location $($Displayname)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Added Named Location $($Displayname)" -Sev 'Info' } catch { "Failed to add Named Location $($Tenant): $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Failed adding Named Location$($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Failed adding Named Location$($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' continue } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 index 56bdb6a64bea..df98b3137691 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 @@ -11,18 +11,18 @@ Function Invoke-EditCAPolicy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.query.tenantFilter $ID = $request.query.guid $results = try { $EditBody = "{`"state`": `"$($request.query.state)`"}" $Request = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta//identity/conditionalAccess/policies/$($id)" -tenantid $tenant -type PATCH -body $EditBody -asapp $true - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Edited CA policy: $($ID)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Edited CA policy: $($ID)" -Sev 'Info' "Successfully edited CA policy: $($ID)" } catch { "Failed to add CA policy: $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed editing CA policy $($ID). Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed editing CA policy $($ID). Error: $($_.Exception.Message)" -Sev 'Error' } $body = [pscustomobject]@{'Results' = $results } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 index 9bdd61686269..7c586d60145d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecCaCheck { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.body.tenantFilter $UserID = $request.body.userId.value diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 index 0ee8ffc437db..7df4146daa40 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecCAExclusion { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' #If UserId is a guid, get the user's UPN if ($Request.body.UserId -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') { $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.body.UserId)" -tenantid $Request.body.TenantFilter).userPrincipalName diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 index 833586fb2298..5c68389dd9c9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecNamedLocation { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -26,7 +26,7 @@ Function Invoke-ExecNamedLocation { $results = Set-CIPPNamedLocation -NamedLocationId $NamedLocationId -TenantFilter $TenantFilter -change $change -content $content -ExecutingUser $request.headers.'x-ms-client-principal' } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message "Failed to edit named location: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Request.Headers -API $APIName -message "Failed to edit named location: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage $results = "Failed to edit named location. Error: $($ErrorMessage.NormalizedError)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 index 41cbaaa0b1ca..dbe4825a050f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListCAtemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 index 63d372e6c1c7..e5543136b6e7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListConditionalAccessPolicies { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' function Get-LocationNameFromId { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 index 22f708cfb080..a9a158be35de 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListConditionalAccessPolicyChanges { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -38,7 +38,7 @@ Function Invoke-ListConditionalAccessPolicyChanges { } catch { $StatusCode = [HttpStatusCode]::BadRequest Write-Host $($_.Exception.message) - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message "Failed to request audit logs for policy $($policyDisplayName): $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message "Failed to request audit logs for policy $($policyDisplayName): $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter } # Associate values to output bindings by calling 'Push-OutputBinding'. @@ -46,4 +46,4 @@ Function Invoke-ListConditionalAccessPolicyChanges { StatusCode = $StatusCode Body = $changes }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 index 922357511af4..1522f79e2917 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAddGDAPRole { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $CippDefaults = @( @{ label = 'Application Administrator'; value = '9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3' }, diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 index 2d0c88112d0b..3aeb95403d6e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 @@ -11,14 +11,14 @@ Function Invoke-ExecDeleteGDAPRelationship { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $GDAPID = $Request.Query.GDAPId ?? $Request.Body.GDAPId try { $DELETE = New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($GDAPID)/requests" -type POST -body '{"action":"terminate"}' -tenantid $env:TenantID $Results = [pscustomobject]@{'Results' = "Success. GDAP relationship for $($GDAPID) been revoked" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Success. GDAP relationship for $($GDAPID) been revoked" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Success. GDAP relationship for $($GDAPID) been revoked" -Sev 'Info' } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 index a2758b8e8341..ee811cfc720e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecDeleteGDAPRoleMapping { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName 'GDAPRoles' $GroupId = $Request.Query.GroupId ?? $Request.Body.GroupId @@ -20,7 +20,7 @@ Function Invoke-ExecDeleteGDAPRoleMapping { $Entity = Get-CIPPAzDataTableEntity @Table -Filter $Filter Remove-AzDataTableEntity -Force @Table -Entity $Entity $Results = [pscustomobject]@{'Results' = 'Success. GDAP relationship mapping deleted' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($GroupId)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "GDAP relationship mapping deleted for $($GroupId)" -Sev 'Info' } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 index e46e64443e1e..04e76f5997d0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGDAPInvite { param($Request, $TriggerMetadata) $APIName = 'ExecGDAPInvite' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RoleMappings = $Request.Body.roleMappings @@ -77,12 +77,12 @@ Function Invoke-ExecGDAPInvite { $Message = 'Error creating GDAP relationship request' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info' } } catch { $Message = 'Error creating GDAP relationship, failed at step: ' + $Step Write-Host "GDAP ERROR: $($_.InvocationInfo.PositionMessage)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $env:TenantID -message "$($Message): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $env:TenantID -message "$($Message): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) } $body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInviteApproved.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInviteApproved.ps1 index 7430ff9e1ce5..9472e030f0ff 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInviteApproved.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInviteApproved.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGDAPInviteApproved { [CmdletBinding()] param($Request, $TriggerMetadata) - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Set-CIPPGDAPInviteGroups diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPRemoveGArole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPRemoveGArole.ps1 index 6a41ac39fb5f..37ad9b2022ae 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPRemoveGArole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPRemoveGArole.ps1 @@ -27,7 +27,7 @@ Function Invoke-ExecGDAPRemoveGArole { New-GraphPOSTRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($GDAPID)" -tenantid $env:TenantID -type PATCH -body $RawJSON -AddedHeaders $AddedHeader $Message = "Removed Global Administrator from $($GDAPID)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message $Message -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APINAME -message $Message -Sev 'Info' } else { if ($CheckActive.status -ne 'active') { $Message = "Relationship status is currently $($CheckActive.status), it is not possible to remove the Global Administrator role in this state." @@ -39,7 +39,7 @@ Function Invoke-ExecGDAPRemoveGArole { } catch { $Message = "Unexpected error patching GDAP relationship: $($_.Exception.Message)" Write-Host "GDAP ERROR: $($_.Exception.Message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $env:TenantID -message "$($Message): $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $env:TenantID -message "$($Message): $($_.Exception.Message)" -Sev 'Error' } $body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 index 9242f8da2588..8dcb83a0bafd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGDAPInvite { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 index d3110cadd8ad..75327648bf59 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGDAPQueue { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 index f39e16ebd1fc..e2e2976b88c8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGDAPRoles { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 index 091d903054b7..10207e9e2928 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddStandardsDeploy { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $user = $request.headers.'x-ms-client-principal' $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails @@ -48,11 +48,11 @@ Function Invoke-AddStandardsDeploy { RowKey = "$Tenant" PartitionKey = 'standards' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $tenant -API 'Standards' -message 'Successfully added standards deployment' -Sev 'Info' + Write-LogMessage -headers $Request.Headers -tenant $tenant -API 'Standards' -message 'Successfully added standards deployment' -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully added standards deployment' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Standards' -message "Standards API failed. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API 'Standards' -message "Standards API failed. Error:$($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to add standard: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 index 8764326fef85..d46d1508dab0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddStandardsTemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $GUID = $Request.body.GUID ? $request.body.GUID : (New-Guid).GUID #updatedBy = $request.headers.'x-ms-client-principal' @@ -30,7 +30,7 @@ Function Invoke-AddStandardsTemplate { GUID = "$GUID" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template'; id = $GUID } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 index 5bf7c40a6741..b710abec0e7e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 @@ -11,7 +11,7 @@ Function Invoke-BestPracticeAnalyser_List { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = Get-Tenants $Table = get-cipptable 'cachebpa' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 index e48a6cca61e5..2f1980fbbdd5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecStandardsRun { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $tenantfilter = if ($Request.Query.TenantFilter) { $Request.Query.TenantFilter } else { 'allTenants' } $TemplateId = if ($Request.Query.TemplateId) { $Request.Query.TemplateId } else { '*' } $Table = Get-CippTable -tablename 'templates' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 index 0df80f7d9f7a..215983d04a15 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListBPA { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - # Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Accessed this API" -Sev "Debug" + # Write-LogMessage -headers $Request.Headers -API $APINAME -message "Accessed this API" -Sev "Debug" $Table = get-cipptable 'cachebpav2' $name = $Request.query.Report diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 index 376a1f4e592b..5cf29106c488 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 @@ -11,10 +11,10 @@ Function Invoke-ListBPATemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' - + $Table = Get-CippTable -tablename 'templates' $Templates = Get-ChildItem 'Config\*.BPATemplate.json' | ForEach-Object { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 index fb04e3d547ca..88d652fa9af0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 @@ -38,7 +38,7 @@ Function Invoke-ListDomainHealth { $UserCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -143,7 +143,7 @@ Function Invoke-ListDomainHealth { } } } catch { - Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "DNS Helper API failed. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -API $APINAME -tenant $($name) -headers $Request.Headers -message "DNS Helper API failed. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } $StatusCode = [HttpStatusCode]::InternalServerError } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 index 15c2d49afc0d..c2ce841dce30 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddBPATemplate { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { @@ -23,11 +23,11 @@ Function Invoke-AddBPATemplate { PartitionKey = 'BPATemplate' GUID = $Request.body.name } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created BPA named $($Request.body.name)" -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created BPA named $($Request.body.name)" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "BPA Template Creation failed: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "BPA Template Creation failed: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "BPA Template Creation failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 index 5019a66c9725..62004c458087 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecGraphExplorerPreset { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 3f7304be1b8f..615de22f3e9d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -30,7 +30,7 @@ function Invoke-ExecGitHubAction { } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $Body - }) + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 index ff1464ea8e3b..6fedc0eac9da 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddTenantAllowBlockList { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' $blocklistobj = $Request.body if ($Request.body.tenantId -eq 'AllTenants') { $Tenants = (Get-Tenants).defaultDomainName } else { $Tenants = @($Request.body.tenantId) } @@ -38,11 +38,11 @@ Function Invoke-AddTenantAllowBlockList { New-ExoRequest @ExoRequest $results.add("Successfully added $($blocklistobj.Entries) as type $($blocklistobj.ListType) to the $($blocklistobj.listMethod) list for $tenant") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Tenant -message $result -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Tenant -message $result -Sev 'Info' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $results.add("Failed to create blocklist. Error: $ErrorMessage") - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Tenant -message $result -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Tenant -message $result -Sev 'Error' } } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 index 5babb8345a72..6b137ad0b712 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecBreachSearch { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.query.TenantFilter #Move to background job New-BreachTenantSearch -TenantFilter $TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 index 3b2a14e1e100..ae18174f5f67 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecCSPLicense { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 index c8fc8085e27e..0bde258f8dfa 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecListAppId { param($Request, $TriggerMetadata) Get-CIPPAuthentication $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ResponseURL = "$(($Request.headers.'x-ms-original-url').replace('/api/ExecListAppId','/api/ExecSAMSetup'))" $Results = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 index 403e4e3dcdfa..d3ed41041945 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecRestoreDeleted { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 index e5293d373605..c70dc7d70633 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecSendOrgMessage { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 index e5d18b453a87..718eccde53d1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecUniversalSearch { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 index ec1381e24e45..20e83a755e19 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 @@ -10,7 +10,7 @@ function Invoke-ExecUserSettings { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $object = $request.body.currentSettings | Select-Object * -ExcludeProperty CurrentTenant, pageSizes, sidebarShow, sidebarUnfoldable, _persist | ConvertTo-Json -Compress -Depth 10 @@ -34,4 +34,4 @@ function Invoke-ExecUserSettings { Body = @($Results) }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 index 31c3e5dd4675..0e20e865de4c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListAllTenantDeviceCompliance { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 index 93a95f880983..ce73c42ac733 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListAppStatus { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 index 1b4c8f4a1440..4b5adccad03c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListAutopilotconfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 index 827a151ded72..777c2b6100c0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListBreachesAccount { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($request.query.account -like '*@*') { $Results = Get-HIBPRequest "breachedaccount/$($Request.query.account)?truncateResponse=false" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 index c2c82f157e81..7335d92b7720 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListCSPLicenses { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $GraphRequest = Get-SherwebCurrentSubscription -TenantFilter $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 index 07f4ca8897eb..ee6dc051952f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListCSPsku { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.Query.currentSkuOnly) { $GraphRequest = Get-SherwebCurrentSubscription -TenantFilter $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 index fbbe6c93bdd2..15ea61dd734b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListCalendarPermissions { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $UserID = $request.Query.UserID $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 index fdd9388d3d79..f135b27d0b1d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListDefenderState { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $StatusCode = [HttpStatusCode]::OK # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 index 1d561c958f65..fa2e20cd7e51 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListDeviceDetails { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 index ccc23f75aad7..5ca88af8c2df 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListDomains { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 index 7fbe2e3ab83c..7510a2fe494d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListExConnectorTemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' #List new policies diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 index ffd21e3b3e2c..9861aabbdc2f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListExtensionsConfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName Extensionsconfig try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 index f5c773792ce2..d88e132fc704 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListExternalTenantInfo { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 index 4f70f3c53929..6d2070ea0d2d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 @@ -10,7 +10,7 @@ function Invoke-ListFunctionParameters { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Information 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 index 037801e25962..3ae0f427a32c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListFunctionStats { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 index 8cfed503e5cb..b0e169c1192c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGenericTestFunction { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $graphRequest = ($request.headers.'x-ms-original-url').split('/api') | Select-Object -First 1 Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 index e023ee91f0be..e68a1d67bf3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGraphExplorerPresets { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 index 6a6bc6b12248..2bb0b22e539e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGroupTemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 index 00d3d8eb9606..502f9c6fba2f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListGroups { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.TenantFilter $selectstring = "id,createdDateTime,displayName,description,mail,mailEnabled,mailNickname,resourceProvisioningOptions,securityEnabled,visibility,organizationId,onPremisesSamAccountName,membershipRule,grouptypes,onPremisesSyncEnabled,resourceProvisioningOptions,userPrincipalName&`$expand=members(`$select=userPrincipalName)" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 index e00ba611aa67..2175e88609db 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListHaloClients { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 index b7043311731c..f134ce0e6681 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListIntuneIntents { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index 24eeef65ae3d..8e42cd9f7036 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListIntuneTemplates { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' $Imported = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'settings'" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 index 09f488be2304..07eaf41cbc24 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListKnownIPDb { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 index d6580cab36d2..25bc8b79ca23 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListLicenses { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 index cb777d173a9c..a7351904465c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListLogs { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 index 0cdf963febe6..a6c488e7e055 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListMFAUsers { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 index 4386157564d4..5ae61508fbb1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListMailboxCAS { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 index d1bab545e7a8..b8bbe11b2ea6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListMailboxMobileDevices { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 index 35d44175e0a5..b64ddc5ff75c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 @@ -8,7 +8,7 @@ function Invoke-ListMailboxRestores { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 index 44dafe01e001..6a2fdaae887c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListMailboxes { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 index c1fb2e5c731a..6adaf0d77903 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListNamedLocations { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 index a375c65deb04..3fcec6b7bac5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListNotificationConfig { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName SchedulerConfig $Filter = "RowKey eq 'CippNotifications' and PartitionKey eq 'CippNotifications'" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 index 2183317e991d..de1f08c61879 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListOAuthApps { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 index feb6de0d2f74..feb84475d748 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListOrg { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 index 6ca16cfe8fd9..523a73776305 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListPartnerRelationships { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $GraphRequestList = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 index 96c4a6eeb13a..6c4f102bdd63 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListPendingWebhooks { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 index 0dfbeaa01642..0e15c7eba824 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListPotentialApps { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($request.body.type -eq 'WinGet') { $body = @" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 index b56c40828a63..8630511ac6a5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListRoles { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 index 6f586800d8d0..3e1afa107f03 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListRoomLists { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 index b99a00ae4c83..13b697641a54 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListRooms { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListServiceHealth.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListServiceHealth.ps1 index d9242a3e29a3..a7213fbf18b9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListServiceHealth.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListServiceHealth.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListServiceHealth { [CmdletBinding()] param($Request, $TriggerMetadata) - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 index 4467289996ab..0debb29d7758 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListSharedMailboxAccountEnabled { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 index 4b16ac630c80..ef64c1bc6ac1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListSharedMailboxStatistics { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 index 3452764c04d0..60a11af97396 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListSharepointQuota { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 index c540e1803567..ddf582b995d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSignIns.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListSignIns { # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter $Days = $Request.Query.Days ?? 7 @@ -31,7 +31,7 @@ Function Invoke-ListSignIns { "createdDateTime ge $($endTime) and userDisplayName ne 'On-Premises Directory Synchronization Service Account' $FailedLogons" } Write-Host $Filters - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Retrieved sign in report' -Sev 'Debug' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Retrieved sign in report' -Sev 'Debug' -tenant $TenantFilter $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/auditLogs/signIns?api-version=beta&`$filter=$($filters)" -tenantid $TenantFilter -erroraction stop $response = $GraphRequest | Select-Object *, @@ -49,7 +49,7 @@ Function Invoke-ListSignIns { Body = @($response) }) } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to retrieve Sign In report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to retrieve Sign In report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = '500' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 index 7cea2d2bc1d1..946b94c2df83 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListStandards { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.Query.ShowConsolidated -eq $true) { $StandardQuery = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 index d67651c0bc3f..aa66c7e7bf27 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListTenantAllowBlockList { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 index ae08abddcd8a..f3cfccb11e57 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListmailboxPermissions { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 index 1ad9b7f8ca75..c51ed91970da 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemoveTenantAllowBlockList { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -36,11 +36,11 @@ Function Invoke-RemoveTenantAllowBlockList { Write-Host $Results $result = "Successfully removed $($Request.body.entries) from Block/Allow list" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Info' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $result = "Failed to remove $($Request.body.entries). Error: $ErrorMessage" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 b/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 index 5e26756fb04d..70586c0f7912 100644 --- a/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemoveWebhookAlert { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $WebhookTable = Get-CIPPTable -TableName 'SchedulerConfig' @@ -33,7 +33,7 @@ Function Invoke-RemoveWebhookAlert { } Remove-AzDataTableEntity -Force @Table -Entity $CompleteObject -ErrorAction SilentlyContinue | Out-Null } catch { - Write-LogMessage -user $Request.headers.'x-ms-client-principal' -API $APIName -message "Failed to remove webhook for AllTenants. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APIName -message "Failed to remove webhook for AllTenants. $($_.Exception.Message)" -Sev 'Error' } } else { $Tenants = $Request.query.TenantFilter @@ -48,7 +48,7 @@ Function Invoke-RemoveWebhookAlert { } $body = [pscustomobject]@{'Results' = $Results } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to remove webhook alert. $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to remove webhook alert. $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to remove webhook alert: $($_.Exception.Message)" } } From 59a73284f620436560311551cfd1c1883e7ccd41 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 15:44:13 -0500 Subject: [PATCH 057/138] hudu / extension tweaks improve more logging update hudu to accept entire integration config to check for ZTNA --- .../Public/Authentication/New-CIPPAPIConfig.ps1 | 8 ++++---- .../CIPP/Extensions/Invoke-ExecExtensionTest.ps1 | 4 ++-- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 14 ++++++++------ .../Extension Functions/Push-CippExtensionData.ps1 | 2 +- .../CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 | 11 +++++------ .../Public/Hudu/Get-HuduFieldMapping.ps1 | 2 +- .../CippExtensions/Public/Hudu/Get-HuduMapping.ps1 | 2 +- 7 files changed, 22 insertions(+), 21 deletions(-) diff --git a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 index ff93af7791a0..50a36af97418 100644 --- a/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 +++ b/Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1 @@ -3,7 +3,7 @@ function New-CIPPAPIConfig { [CmdletBinding(SupportsShouldProcess)] param ( $APIName = 'CIPP API Config', - $ExecutingUser, + $Headers, [switch]$ResetSecret, [string]$AppName, [string]$AppId @@ -60,7 +60,7 @@ function New-CIPPAPIConfig { $APIIdUrl = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)" -NoAuthCheck $true -type PATCH -body "{`"identifierUris`":[`"api://$($APIApp.appId)`"]}" Write-Information 'Adding serviceprincipal' $ServicePrincipal = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/v1.0/serviceprincipals' -NoAuthCheck $true -type POST -body "{`"accountEnabled`":true,`"appId`":`"$($APIApp.appId)`",`"displayName`":`"$AppName`",`"tags`":[`"WindowsAzureActiveDirectoryIntegratedApp`",`"AppServiceIntegratedApp`"]}" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Created CIPP-API App with name '$($APIApp.displayName)'." -Sev 'info' + Write-LogMessage -headers $Headers -API $APINAME -tenant 'None '-message "Created CIPP-API App with name '$($APIApp.displayName)'." -Sev 'info' } } if ($ResetSecret.IsPresent -and $APIApp) { @@ -95,7 +95,7 @@ function New-CIPPAPIConfig { ) $BatchResponse = New-GraphBulkRequest -tenantid $env:TenantID -NoAuthCheck $true -asapp $true -Requests $Requests $APIPassword = $BatchResponse | Where-Object { $_.id -eq 'addNewPassword' } | Select-Object -ExpandProperty body - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None '-message "Reset CIPP-API Password for '$($APIApp.displayName)'." -Sev 'info' + Write-LogMessage -headers $Headers -API $APINAME -tenant 'None '-message "Reset CIPP-API Password for '$($APIApp.displayName)'." -Sev 'info' } } @@ -109,7 +109,7 @@ function New-CIPPAPIConfig { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-Information ($ErrorMessage | ConvertTo-Json -Depth 10) - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -tenant 'None' -message "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError) Linenumber: $($_.InvocationInfo.ScriptLineNumber)" -Sev 'Error' -LogData $ErrorMessage return @{ Results = "Failed to setup CIPP-API Access: $($ErrorMessage.NormalizedError)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 index b7494fbe60a0..764e5cd43136 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecExtensionTest { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json) # Interact with query parameters or the body of the request. @@ -62,7 +62,7 @@ Function Invoke-ExecExtensionTest { } } 'Hudu' { - Connect-HuduAPI -configuration $Configuration.Hudu + Connect-HuduAPI -configuration $Configuration $Version = Get-HuduAppInfo if ($Version.version) { $Results = [pscustomobject]@{'Results' = ('Successfully Connected to Hudu, version: {0}' -f $Version.version) } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 36aee82752a2..0a29df5d2852 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -33,7 +33,7 @@ function Invoke-ExecApiClient { $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId try { $ApiConfig = @{ - ExecutingUser = $Request.Headers.'x-ms-client-principal' + Headers = $Request.Headers } if ($ClientId) { $ApiConfig.ClientId = $ClientId @@ -43,7 +43,7 @@ function Invoke-ExecApiClient { $ApiConfig.AppName = $Request.Body.AppName } $APIConfig = New-CIPPAPIConfig @ApiConfig - Write-Host ($APIConfig | ConvertTo-Json) + $ClientId = $APIConfig.ApplicationID $AddedText = $APIConfig.Results } catch { @@ -64,7 +64,7 @@ function Invoke-ExecApiClient { $Client.Role = [string]$Request.Body.Role.value $Client.IPRange = "$(@($IpRange) | ConvertTo-Json -Compress)" $Client.Enabled = $Request.Body.Enabled ?? $false - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info' $Results = 'API client updated' } else { $Client = @{ @@ -109,8 +109,10 @@ function Invoke-ExecApiClient { try { Set-CippApiAuth -RGName $RGName -FunctionAppName $FunctionAppName -TenantId $TenantId -ClientIds $ClientIds $Body = @{ Results = 'API clients saved to Azure' } + Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message 'Saved API clients to Azure' -Sev 'Info' } catch { $Body = @{ Results = 'Failed to save allowed API clients to Azure, ensure your function app has the appropriate rights to make changes to the Authentication settings.' } + Write-Information (Get-CippException -Exception $_ | ConvertTo-Json) } } 'ResetSecret' { @@ -121,7 +123,7 @@ function Invoke-ExecApiClient { severity = 'error' } } else { - $ApiConfig = New-CIPPAPIConfig -ResetSecret -AppId $Request.Body.ClientId + $ApiConfig = New-CIPPAPIConfig -ResetSecret -AppId $Request.Body.ClientId -Headers $Request.Headers if ($ApiConfig.ApplicationSecret) { $Results = @{ @@ -152,13 +154,13 @@ function Invoke-ExecApiClient { $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag Remove-AzDataTableEntity @Table -Entity $Client - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' $Body = @{ Results = "API client $ClientId deleted" } } else { $Body = @{ Results = "API client $ClientId not found or not a valid CIPP-API application" } } } catch { - Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -Sev 'Warning' + Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -Sev 'Warning' } } default { diff --git a/Modules/CippExtensions/Public/Extension Functions/Push-CippExtensionData.ps1 b/Modules/CippExtensions/Public/Extension Functions/Push-CippExtensionData.ps1 index 95e74b54838b..7ef43a9bc4bb 100644 --- a/Modules/CippExtensions/Public/Extension Functions/Push-CippExtensionData.ps1 +++ b/Modules/CippExtensions/Public/Extension Functions/Push-CippExtensionData.ps1 @@ -11,7 +11,7 @@ function Push-CippExtensionData { 'Hudu' { if ($Config.Hudu.Enabled) { Write-Host 'Perfoming Hudu Extension Sync...' - Invoke-HuduExtensionSync -Configuration $Config.Hudu -TenantFilter $TenantFilter + Invoke-HuduExtensionSync -Configuration $Config -TenantFilter $TenantFilter } } } diff --git a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 index cf4e4056c2b1..c704c3e7c559 100644 --- a/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Connect-HuduAPI.ps1 @@ -6,12 +6,11 @@ function Connect-HuduAPI { $APIKey = Get-ExtensionAPIKey -Extension 'Hudu' - # Add logic to check if we're using CloudFlare Tunnel (if Hudu.CFEnabled checkbox is checked from Extensions.json). If the checkbox is checked, pull CloudFlare ClientID and API Key and add as a header - if ($Configuration.CFEnabled) { - $CFClientID = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareClientID' -AsPlainText) - $CFAPIKey = (Get-AzKeyVaultSecret -VaultName $keyvaultname -Name 'CloudFlareAPIKey' -AsPlainText) - New-HuduCustomHeaders -Headers @{'CF-Access-Client-Id' = "$CFClientID"; 'CF-Access-Client-Secret' = "$CFAPIKey" } + if ($Configuration.Hudu.CFEnabled -eq $true -and $Configuration.CFZTNA.Enabled -eq $true) { + $CFAPIKey = Get-ExtensionAPIKey -Extension 'CFZTNA' + New-HuduCustomHeaders -Headers @{'CF-Access-Client-Id' = $Configuration.CFZTNA.ClientId; 'CF-Access-Client-Secret' = "$CFAPIKey" } + Write-Information 'CF-Access-Client-Id and CF-Access-Client-Secret headers added to Hudu API request' } - New-HuduBaseURL -BaseURL $Configuration.BaseURL + New-HuduBaseURL -BaseURL $Configuration.Hudu.BaseURL New-HuduAPIKey -ApiKey $APIKey } diff --git a/Modules/CippExtensions/Public/Hudu/Get-HuduFieldMapping.ps1 b/Modules/CippExtensions/Public/Hudu/Get-HuduFieldMapping.ps1 index 7004401fd33d..ea86c61980bb 100644 --- a/Modules/CippExtensions/Public/Hudu/Get-HuduFieldMapping.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Get-HuduFieldMapping.ps1 @@ -28,7 +28,7 @@ function Get-HuduFieldMapping { $Table = Get-CIPPTable -TableName Extensionsconfig try { - $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).Hudu + $Configuration = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop Connect-HuduAPI -configuration $Configuration $AssetLayouts = Get-HuduAssetLayouts | Select-Object @{Name = 'FieldType' ; Expression = { 'Layouts' } }, @{Name = 'value'; Expression = { $_.id } }, name, fields diff --git a/Modules/CippExtensions/Public/Hudu/Get-HuduMapping.ps1 b/Modules/CippExtensions/Public/Hudu/Get-HuduMapping.ps1 index 622dfa10765f..a56b84d2a06d 100644 --- a/Modules/CippExtensions/Public/Hudu/Get-HuduMapping.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Get-HuduMapping.ps1 @@ -23,7 +23,7 @@ function Get-HuduMapping { $Tenants = Get-Tenants -IncludeErrors $Table = Get-CIPPTable -TableName Extensionsconfig try { - $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).Hudu + $Configuration = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop Connect-HuduAPI -configuration $Configuration $HuduCompanies = Get-HuduCompanies From 32e1fb4d4e7c9c4e6e3b9f997aec9eb0a4fa41c7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 15:45:19 -0500 Subject: [PATCH 058/138] add more extension configs --- .../Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 index d62dcb8fd8ed..f7c53265b9d9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1 @@ -40,6 +40,8 @@ function Start-CIPPStatsTimer { haloPSA = $RawExt.haloPSA.Enabled HIBP = $RawExt.HIBP.Enabled PWPush = $RawExt.PWPush.Enabled + CFZTNA = $RawExt.CFZTNA.Enabled + GitHub = $RawExt.GitHub.Enabled } | ConvertTo-Json Invoke-RestMethod -Uri 'https://management.cipp.app/api/stats' -Method POST -Body $SendingObject -ContentType 'application/json' From 5797dfd71537f94c34705d49300904e4bc5b4c11 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 16:04:56 -0500 Subject: [PATCH 059/138] fix edit user logging --- .../Administration/Users/Invoke-EditUser.ps1 | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index a9f23fca2d28..48a02104d574 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -12,7 +12,7 @@ Function Invoke-EditUser { $ApiName = $TriggerMetadata.FunctionName $User = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $ApiName -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.headers -API $ApiName -message 'Accessed this API' -Sev 'Debug' $UserObj = $Request.body if ($UserObj.id -eq '') { @@ -71,16 +71,16 @@ Function Invoke-EditUser { $bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type PATCH -body $BodyToship -verbose $null = $results.Add( 'Success. The user has been edited.' ) - Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -user $User -message "Edited user $($UserObj.DisplayName) with id $($UserObj.id)" -Sev Info + Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Edited user $($UserObj.DisplayName) with id $($UserObj.id)" -Sev Info if ($UserObj.password) { $passwordProfile = [pscustomobject]@{'passwordProfile' = @{ 'password' = $UserObj.password; 'forceChangePasswordNextSignIn' = [boolean]$UserObj.MustChangePass } } | ConvertTo-Json $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type PATCH -body $PasswordProfile -verbose $null = $results.Add("Success. The password has been set to $($UserObj.password)") - Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -user $User -message "Reset $($UserObj.DisplayName)'s Password" -Sev Info + Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Reset $($UserObj.DisplayName)'s Password" -Sev Info } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -user $User -message "User edit API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "User edit API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $null = $results.Add( "Failed to edit user. $($ErrorMessage.NormalizedError)") } @@ -110,7 +110,7 @@ Function Invoke-EditUser { } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -user $User -message "License assign API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "License assign API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $null = $results.Add( "We've failed to assign the license. $($ErrorMessage.NormalizedError)") } @@ -122,13 +122,13 @@ Function Invoke-EditUser { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -Verbose } $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)" -tenantid $UserObj.tenantFilter -type 'patch' -body "{`"mail`": `"$UserPrincipalName`"}" -Verbose - Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -user $User -message "Added Aliases to $($UserObj.DisplayName)" -Sev Info + Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Added Aliases to $($UserObj.DisplayName)" -Sev Info $null = $results.Add( 'Success. added aliases to user.') } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -user $User -message "Alias API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -API $ApiName -tenant ($UserObj.tenantFilter) -headers $Request.Headers -message "Alias API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $null = $results.Add( "Successfully edited user. The password is $password. We've failed to create the Aliases: $($ErrorMessage.NormalizedError)") } @@ -164,11 +164,11 @@ Function Invoke-EditUser { } - Write-LogMessage -user $User -API $ApiName -tenant $UserObj.tenantFilter -message "Added $($UserObj.DisplayName) to $GroupName group" -Sev Info + Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Added $($UserObj.DisplayName) to $GroupName group" -Sev Info $null = $results.Add("Success. $($UserObj.DisplayName) has been added to $GroupName") } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $ApiName -tenant $UserObj.tenantFilter -message "Failed to add member $($UserObj.DisplayName) to $GroupName. Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Failed to add member $($UserObj.DisplayName) to $GroupName. Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $null = $results.Add("Failed to add member $($UserObj.DisplayName) to $GroupName : $($ErrorMessage.NormalizedError)") } @@ -178,7 +178,7 @@ Function Invoke-EditUser { $ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" } $ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($UserObj.id)/manager/`$ref" -tenantid $UserObj.tenantFilter -type PUT -body $ManagerBodyJSON -Verbose - Write-LogMessage -user $User -API $ApiName -tenant $UserObj.tenantFilter -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev Info + Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev Info $null = $results.Add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)") } @@ -205,11 +205,11 @@ Function Invoke-EditUser { } - Write-LogMessage -user $User -API $ApiName -tenant $UserObj.tenantFilter -message "Removed $($UserObj.DisplayName) from $GroupName group" -Sev Info + Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Removed $($UserObj.DisplayName) from $GroupName group" -Sev Info $null = $results.Add("Success. $($UserObj.DisplayName) has been removed from $GroupName") } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $ApiName -tenant $UserObj.tenantFilter -message "Failed to remove member $($UserObj.DisplayName) from $GroupName. Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Request.Headers -API $ApiName -tenant $UserObj.tenantFilter -message "Failed to remove member $($UserObj.DisplayName) from $GroupName. Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $null = $results.Add("Failed to remove member $($UserObj.DisplayName) from $GroupName : $($ErrorMessage.NormalizedError)") } From 620f340aaaec09f71cf87212d528a1aa77306f3a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 17:48:17 -0500 Subject: [PATCH 060/138] more logging fixes update api name to use $Request.Params.CIPPEndpoint --- .../Public/CippQueue/Invoke-ListCippQueue.ps1 | 2 +- .../Public/CippQueue/Invoke-RemoveCippQueue.ps1 | 2 +- .../CIPP/Core/Invoke-ExecEditTemplate.ps1 | 2 +- .../CIPP/Core/Invoke-ExecGeoIPLookup.ps1 | 2 +- .../CIPP/Core/Invoke-ExecGraphRequest.ps1 | 2 +- .../CIPP/Core/Invoke-GetCippAlerts.ps1 | 2 +- .../CIPP/Core/Invoke-GetVersion.ps1 | 2 +- .../CIPP/Core/Invoke-ListGraphRequest.ps1 | 2 +- .../Extensions/Invoke-ExecExtensionMapping.ps1 | 2 +- .../CIPP/Extensions/Invoke-ExecExtensionSync.ps1 | 2 +- .../CIPP/Extensions/Invoke-ExecExtensionTest.ps1 | 2 +- .../CIPP/Extensions/Invoke-ListExtensionSync.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecAccessChecks.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecBackendURLs.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecCPVPermissions.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecDnsConfig.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 | 2 +- .../Settings/Invoke-ExecMaintenanceScripts.ps1 | 2 +- .../Settings/Invoke-ExecNotificationConfig.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecPasswordConfig.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecRestoreBackup.ps1 | 2 +- .../CIPP/Setup/Invoke-ExecSAMSetup.ps1 | 2 +- .../Invoke-AddConnectionFilter.ps1 | 2 +- .../Invoke-AddConnectionFilterTemplate.ps1 | 2 +- .../Email-Exchange/Invoke-AddContact.ps1 | 2 +- .../Email-Exchange/Invoke-AddExConnector.ps1 | 2 +- .../Invoke-AddExConnectorTemplate.ps1 | 2 +- .../Email-Exchange/Invoke-AddRoomMailbox.ps1 | 2 +- .../Email-Exchange/Invoke-AddSharedMailbox.ps1 | 2 +- .../Email-Exchange/Invoke-AddSpamFilter.ps1 | 2 +- .../Invoke-AddSpamFilterTemplate.ps1 | 2 +- .../Email-Exchange/Invoke-AddTransportRule.ps1 | 2 +- .../Invoke-AddTransportTemplate.ps1 | 2 +- .../Invoke-EditAntiPhishingFilter.ps1 | 2 +- .../Email-Exchange/Invoke-EditContact.ps1 | 2 +- .../Email-Exchange/Invoke-EditExConnector.ps1 | 2 +- .../Email-Exchange/Invoke-EditMalwareFilter.ps1 | 2 +- .../Invoke-EditSafeAttachmentsFilter.ps1 | 2 +- .../Invoke-EditSafeLinksFilter.ps1 | 2 +- .../Email-Exchange/Invoke-EditSpamFilter.ps1 | 2 +- .../Email-Exchange/Invoke-EditTransportRule.ps1 | 2 +- .../Invoke-ExecConverttoRoomMailbox.ps1 | 2 +- .../Invoke-ExecConverttoSharedMailbox.ps1 | 2 +- .../Email-Exchange/Invoke-ExecCopyForSent.ps1 | 2 +- .../Invoke-ExecEditCalendarPermissions.ps1 | 2 +- .../Invoke-ExecEditMailboxPermissions.ps1 | 2 +- .../Email-Exchange/Invoke-ExecEmailForward.ps1 | 2 +- .../Email-Exchange/Invoke-ExecEnableArchive.ps1 | 2 +- .../Email-Exchange/Invoke-ExecGroupsDelete.ps1 | 2 +- .../Invoke-ExecGroupsDeliveryManagement.ps1 | 2 +- .../Invoke-ExecGroupsHideFromGAL.ps1 | 2 +- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 3 +-- .../Email-Exchange/Invoke-ExecMailTest.ps1 | 2 +- .../Invoke-ExecMailboxMobileDevices.ps1 | 2 +- .../Email-Exchange/Invoke-ExecMailboxRestore.ps1 | 2 +- .../Invoke-ExecQuarantineManagement.ps1 | 2 +- .../Invoke-ExecSetMailboxLocale.ps1 | 2 +- .../Invoke-ExecSetMailboxQuota.ps1 | 2 +- .../Email-Exchange/Invoke-ExecSetOoO.ps1 | 2 +- .../Invoke-ExecStartManagedFolderAssistant.ps1 | 2 +- .../Invoke-ListAntiPhishingFilters.ps1 | 2 +- .../Invoke-ListConnectionFilter.ps1 | 2 +- .../Invoke-ListConnectionFilterTemplates.ps1 | 2 +- .../Invoke-ListGlobalAddressList.ps1 | 2 +- .../Email-Exchange/Invoke-ListMailQuarantine.ps1 | 2 +- .../Invoke-ListMailQuarantineMessage.ps1 | 2 +- .../Email-Exchange/Invoke-ListMalwareFilters.ps1 | 2 +- .../Email-Exchange/Invoke-ListOoO.ps1 | 2 +- .../Email-Exchange/Invoke-ListRecipients.ps1 | 2 +- .../Invoke-ListSafeAttachmentsFilters.ps1 | 2 +- .../Invoke-ListSafeLinksFilters.ps1 | 2 +- .../Invoke-ListSpamFilterTemplates.ps1 | 2 +- .../Email-Exchange/Invoke-ListSpamfilter.ps1 | 2 +- .../Email-Exchange/Invoke-ListTransportRules.ps1 | 2 +- .../Invoke-ListTransportRulesTemplates.ps1 | 2 +- .../Endpoint/Applications/Invoke-AddChocoApp.ps1 | 2 +- .../Endpoint/Applications/Invoke-AddMSPApp.ps1 | 2 +- .../Applications/Invoke-AddOfficeApp.ps1 | 2 +- .../Endpoint/Applications/Invoke-AddStoreApp.ps1 | 2 +- .../Applications/Invoke-ExecAssignApp.ps1 | 2 +- .../Applications/Invoke-ListApplicationQueue.ps1 | 2 +- .../Endpoint/Applications/Invoke-ListApps.ps1 | 2 +- .../Applications/Invoke-ListAppsRepository.ps1 | 2 +- .../Endpoint/Autopilot/Invoke-AddAPDevice.ps1 | 2 +- .../Autopilot/Invoke-AddAutopilotConfig.ps1 | 2 +- .../Endpoint/Autopilot/Invoke-AddEnrollment.ps1 | 2 +- .../Autopilot/Invoke-ExecAssignAPDevice.ps1 | 2 +- .../Endpoint/Autopilot/Invoke-ListAPDevices.ps1 | 2 +- .../MEM/Invoke-AddDefenderDeployment.ps1 | 2 +- .../Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 | 2 +- .../Endpoint/MEM/Invoke-AddPolicy.ps1 | 2 +- .../Endpoint/MEM/Invoke-EditIntuneScript.ps1 | 2 +- .../Endpoint/MEM/Invoke-EditPolicy.ps1 | 2 +- .../Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 | 2 +- .../Endpoint/MEM/Invoke-ExecDeviceAction.ps1 | 2 +- .../MEM/Invoke-ExecGetLocalAdminPassword.ps1 | 2 +- .../Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 | 2 +- .../Endpoint/MEM/Invoke-ListIntuneScript.ps1 | 2 +- .../Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 | 2 +- .../Endpoint/Reports/Invoke-ListDevices.ps1 | 2 +- .../Devices/Invoke-ExecDeviceDelete.ps1 | 2 +- .../Administration/Groups/Invoke-AddGroup.ps1 | 2 +- .../Groups/Invoke-AddGroupTemplate.ps1 | 2 +- .../Administration/Groups/Invoke-EditGroup.ps1 | 2 +- .../Invoke-ListGroupSenderAuthentication.ps1 | 4 ++-- .../Administration/Users/Invoke-AddGuest.ps1 | 2 +- .../Administration/Users/Invoke-EditUser.ps1 | 2 +- .../Users/Invoke-ExecBECRemediate.ps1 | 2 +- .../Administration/Users/Invoke-ExecClrImmId.ps1 | 2 +- .../Users/Invoke-ExecCreateTAP.ps1 | 2 +- .../Users/Invoke-ExecDisableUser.ps1 | 2 +- .../Users/Invoke-ExecDismissRiskyUser.ps1 | 2 +- .../Users/Invoke-ExecOneDriveShortCut.ps1 | 2 +- .../Users/Invoke-ExecOnedriveProvision.ps1 | 2 +- .../Administration/Users/Invoke-ExecResetMFA.ps1 | 2 +- .../Users/Invoke-ExecResetPass.ps1 | 2 +- .../Users/Invoke-ExecRevokeSessions.ps1 | 2 +- .../Administration/Users/Invoke-ExecSendPush.ps1 | 2 +- .../Users/Invoke-ListPerUserMFA.ps1 | 2 +- .../Invoke-ListUserConditionalAccessPolicies.ps1 | 2 +- .../Users/Invoke-ListUserCounts.ps1 | 2 +- .../Users/Invoke-ListUserDevices.ps1 | 2 +- .../Users/Invoke-ListUserGroups.ps1 | 2 +- .../Users/Invoke-ListUserMailboxDetails.ps1 | 2 +- .../Users/Invoke-ListUserMailboxRules.ps1 | 2 +- .../Users/Invoke-ListUserSettings.ps1 | 2 +- .../Users/Invoke-ListUserSigninLogs.ps1 | 2 +- .../Security/Invoke-ExecAlertsList.ps1 | 2 +- .../Security/Invoke-ExecIncidentsList.ps1 | 2 +- .../Security/Invoke-ExecSetSecurityAlert.ps1 | 2 +- .../Security/Invoke-ExecSetSecurityIncident.ps1 | 2 +- .../Teams-Sharepoint/Invoke-AddSite.ps1 | 2 +- .../Teams-Sharepoint/Invoke-AddSiteBulk.ps1 | 2 +- .../Teams-Sharepoint/Invoke-AddTeam.ps1 | 2 +- ...ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 | 2 +- .../Invoke-ExecSetSharePointMember.ps1 | 2 +- .../Invoke-ExecSharePointPerms.ps1 | 2 +- ...nvoke-ExecTeamsVoicePhoneNumberAssignment.ps1 | 2 +- .../Invoke-ListSharepointSettings.ps1 | 2 +- .../Teams-Sharepoint/Invoke-ListTeams.ps1 | 2 +- .../Invoke-ListTeamsLisLocation.ps1 | 2 +- .../Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 | 2 +- .../Administration/Alerts/Invoke-AddAlert.ps1 | 2 +- .../Alerts/Invoke-ListAlertsQueue.ps1 | 2 +- .../Alerts/Invoke-ListWebhookAlert.ps1 | 2 +- .../Alerts/Invoke-RemoveQueuedAlert.ps1 | 2 +- .../Invoke-ExecAddMultiTenantApp.ps1 | 2 +- .../Invoke-ExecAppApproval.ps1 | 2 +- .../Tenant/Administration/Invoke-ExecAddSPN.ps1 | 2 +- .../Administration/Invoke-ExecOffboardTenant.ps1 | 16 +++++++++------- .../Administration/Invoke-ExecOnboardTenant.ps1 | 3 ++- .../Invoke-ExecUpdateSecureScore.ps1 | 2 +- .../Invoke-ListAppConsentRequests.ps1 | 2 +- .../Tenant/Invoke-ListTenantDetails.ps1 | 2 +- .../Administration/Tenant/Invoke-ListTenants.ps1 | 2 +- .../Tenant/Conditional/Invoke-AddCAPolicy.ps1 | 2 +- .../Tenant/Conditional/Invoke-AddCATemplate.ps1 | 2 +- .../Conditional/Invoke-AddNamedLocation.ps1 | 2 +- .../Tenant/Conditional/Invoke-EditCAPolicy.ps1 | 2 +- .../Tenant/Conditional/Invoke-ExecCACheck.ps1 | 2 +- .../Conditional/Invoke-ExecCAExclusion.ps1 | 2 +- .../Conditional/Invoke-ExecNamedLocation.ps1 | 2 +- .../Conditional/Invoke-ListCAtemplates.ps1 | 2 +- .../Invoke-ListConditionalAccessPolicies.ps1 | 2 +- ...Invoke-ListConditionalAccessPolicyChanges.ps1 | 2 +- .../Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 | 2 +- .../GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 | 2 +- .../GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 | 2 +- .../Tenant/GDAP/Invoke-ListGDAPInvite.ps1 | 2 +- .../Tenant/GDAP/Invoke-ListGDAPQueue.ps1 | 2 +- .../Tenant/GDAP/Invoke-ListGDAPRoles.ps1 | 2 +- .../Standards/Invoke-AddStandardsDeploy.ps1 | 2 +- .../Standards/Invoke-AddStandardsTemplate.ps1 | 2 +- .../Invoke-BestPracticeAnalyser_List.ps1 | 2 +- .../Tenant/Standards/Invoke-ExecStandardsRun.ps1 | 2 +- .../Tenant/Standards/Invoke-ListBPA.ps1 | 2 +- .../Tenant/Standards/Invoke-ListBPATemplates.ps1 | 2 +- .../Tenant/Standards/Invoke-ListDomainHealth.ps1 | 2 +- .../Tenant/Tools/Invoke-AddBPATemplate.ps1 | 2 +- .../Tools/Invoke-ExecGraphExplorerPreset.ps1 | 2 +- .../Invoke-AddTenantAllowBlockList.ps1 | 2 +- .../Entrypoints/Invoke-ExecBreachSearch.ps1 | 2 +- .../Public/Entrypoints/Invoke-ExecCSPLicense.ps1 | 2 +- .../Public/Entrypoints/Invoke-ExecListAppId.ps1 | 2 +- .../Entrypoints/Invoke-ExecRestoreDeleted.ps1 | 2 +- .../Entrypoints/Invoke-ExecSendOrgMessage.ps1 | 2 +- .../Entrypoints/Invoke-ExecSyncAPDevices.ps1 | 2 +- .../Entrypoints/Invoke-ExecUniversalSearch.ps1 | 2 +- .../Entrypoints/Invoke-ExecUserSettings.ps1 | 2 +- .../Invoke-ListAllTenantDeviceCompliance.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListAppStatus.ps1 | 2 +- .../Entrypoints/Invoke-ListAutopilotconfig.ps1 | 2 +- .../Invoke-ListAzureADConnectStatus.ps1 | 2 +- .../Entrypoints/Invoke-ListBreachesAccount.ps1 | 2 +- .../Entrypoints/Invoke-ListCSPLicenses.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListCSPsku.ps1 | 2 +- .../Invoke-ListCalendarPermissions.ps1 | 2 +- .../Entrypoints/Invoke-ListDefenderState.ps1 | 2 +- .../Entrypoints/Invoke-ListDefenderTVM.ps1 | 2 +- .../Entrypoints/Invoke-ListDeletedItems.ps1 | 2 +- .../Entrypoints/Invoke-ListDeviceDetails.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListDomains.ps1 | 2 +- .../Invoke-ListExConnectorTemplates.ps1 | 2 +- .../Invoke-ListExchangeConnectors.ps1 | 2 +- .../Entrypoints/Invoke-ListExtensionsConfig.ps1 | 2 +- .../Invoke-ListExternalTenantInfo.ps1 | 2 +- .../Invoke-ListFunctionParameters.ps1 | 2 +- .../Entrypoints/Invoke-ListFunctionStats.ps1 | 2 +- .../Invoke-ListGenericTestFunction.ps1 | 2 +- .../Invoke-ListGraphExplorerPresets.ps1 | 2 +- .../Entrypoints/Invoke-ListGroupTemplates.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListGroups.ps1 | 2 +- .../Entrypoints/Invoke-ListHaloClients.ps1 | 2 +- .../Entrypoints/Invoke-ListInactiveAccounts.ps1 | 2 +- .../Entrypoints/Invoke-ListIntuneIntents.ps1 | 2 +- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 2 +- .../Entrypoints/Invoke-ListIntuneTemplates.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListKnownIPDb.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListLicenses.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListLogs.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListMFAUsers.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListMailboxCAS.ps1 | 2 +- .../Invoke-ListMailboxMobileDevices.ps1 | 2 +- .../Entrypoints/Invoke-ListMailboxRestores.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListMailboxes.ps1 | 2 +- .../Entrypoints/Invoke-ListNamedLocations.ps1 | 2 +- .../Invoke-ListNotificationConfig.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListOAuthApps.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListOrg.ps1 | 2 +- .../Invoke-ListPartnerRelationships.ps1 | 2 +- .../Entrypoints/Invoke-ListPendingWebhooks.ps1 | 2 +- .../Entrypoints/Invoke-ListPotentialApps.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListRoles.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListRoomLists.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListRooms.ps1 | 2 +- .../Invoke-ListSharedMailboxAccountEnabled.ps1 | 2 +- .../Invoke-ListSharedMailboxStatistics.ps1 | 2 +- .../Entrypoints/Invoke-ListSharepointQuota.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListStandards.ps1 | 2 +- .../Invoke-ListTenantAllowBlockList.ps1 | 2 +- .../Invoke-ListmailboxPermissions.ps1 | 2 +- .../Invoke-RemoveTenantAllowBlockList.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveAPDevice.ps1 | 8 ++++---- Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveCATemplate.ps1 | 2 +- .../Invoke-RemoveConnectionfilterTemplate.ps1 | 2 +- Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveExConnector.ps1 | 2 +- .../Public/Invoke-RemoveExConnectorTemplate.ps1 | 2 +- .../Public/Invoke-RemoveGroupTemplate.ps1 | 2 +- .../Public/Invoke-RemoveIntuneTemplate.ps1 | 2 +- Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 | 2 +- .../Public/Invoke-RemoveSpamfilterTemplate.ps1 | 2 +- .../CIPPCore/Public/Invoke-RemoveStandard.ps1 | 2 +- .../Public/Invoke-RemoveStandardTemplate.ps1 | 2 +- .../Public/Invoke-RemoveTransportRule.ps1 | 2 +- .../Invoke-RemoveTransportRuleTemplate.ps1 | 2 +- Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 | 2 +- .../Webhooks/Invoke-RemoveWebhookAlert.ps1 | 2 +- 263 files changed, 276 insertions(+), 274 deletions(-) diff --git a/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 index dbb98151836b..7738d9babd37 100644 --- a/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 +++ b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 @@ -8,7 +8,7 @@ function Invoke-ListCippQueue { param($Request = $null, $TriggerMetadata = $null) if ($Request) { - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 index d1e23d071548..afd30af62654 100644 --- a/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 +++ b/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 @@ -7,7 +7,7 @@ function Invoke-RemoveCippQueue { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 index 2e15e8fb05e8..3299b5c922d0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecEditTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 index b5e7f33ab05b..0cf94d30d806 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGeoIPLookup { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $IP = $Request.Query.IP ?? $Request.Body.IP diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 index e0b22d65cdeb..dec61d0e5b25 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 @@ -8,7 +8,7 @@ Function Invoke-ExecGraphRequest { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Function ConvertTo-FlatObject { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 index 114c574efc03..f10665096d54 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 @@ -67,7 +67,7 @@ Function Invoke-GetCippAlerts { } if ($Rows) { $Rows | ForEach-Object { $Alerts.Add($_) } } $Alerts = @($Alerts) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 index 073477d7f3d3..6bc115e7e4f0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 @@ -10,7 +10,7 @@ Function Invoke-GetVersion { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $CIPPVersion = $request.query.localversion diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 index a2079706437f..85e3d92bafc7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 @@ -9,7 +9,7 @@ function Invoke-ListGraphRequest { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $Message = 'Accessed this API | Endpoint: {0}' -f $Request.Query.Endpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message $Message -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 index 2a4664d3fd05..3fbb1ac29ccf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecExtensionMapping { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 index 53e541598c8f..239976f082f5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionSync.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecExtensionSync { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' switch ($Request.Query.Extension) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 index 764e5cd43136..cd71c2024660 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecExtensionTest { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 index 3605ad96a594..0f8aa6c2bc77 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListExtensionSync { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 5e3726e5d73f..242343fd96c0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAccessChecks { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -tablename 'AccessChecks' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 index 0419cf6d2cb5..80c0de481eaa 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecBackendURLs { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Subscription = ($ENV:WEBSITE_OWNER_NAME).split('+') | Select-Object -First 1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 index fc38201782bb..663468180762 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecCPVPermissions { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 index c690857ba469..99d071ee8035 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecDnsConfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # List of supported resolvers diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 index 61b8323b2b32..1df4e0188d26 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecExcludeLicenses { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 index b325c5709203..c78ba5176232 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecMaintenanceScripts { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $GraphToken = Get-GraphToken -returnRefresh $true diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 index 0c322dbcc60f..77a1ac8ae164 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecNotificationConfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 index caabfb883294..b237e5fd15c7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecPasswordConfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName Settings diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 index 6ed98bddbdfc..e243f4ab2e0c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecRestoreBackup { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 index f9cadc1bba58..463b4b61fa60 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 @@ -30,7 +30,7 @@ Function Invoke-ExecSAMSetup { exit } - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 index 84d0bfc756f1..51ea0dcc4908 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilter.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddConnectionFilter { param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RequestParams = $Request.Body.PowerShellCommand | diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 index 45654b000b3b..a6d509c168cf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddConnectionFilterTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddConnectionFilterTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host ($request | ConvertTo-Json -Compress) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 index d4690750af84..454db172aab0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddContact { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $contactobj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 index a0b760ac92b5..b475be078c06 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddExConnector { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ConnectorType = ($Request.body.PowerShellCommand | ConvertFrom-Json).cippConnectorType diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 index 464bda068ccd..a91f35176339 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddExConnectorTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host ($request | ConvertTo-Json -Compress) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 index 11b662d34d47..d2f1ea21dbea 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddRoomMailbox { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 index acf3d26dc1bf..6366a90b6873 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddSharedMailbox { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 index 55a9d9ca73ce..88def6633399 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 @@ -11,7 +11,7 @@ Function Invoke-AddSpamFilter { param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, comments diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 index b3beb3368964..46e692cd809e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddSpamFilterTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host ($request | ConvertTo-Json -Compress) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 index fae7f8b60e5f..69d404be047e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddTransportRule { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExetutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExetutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index 9c176d7c8939..6a169dd7a68c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddTransportTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host ($request | ConvertTo-Json -Depth 10 -Compress) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 index bae3c006f267..feaa27471516 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditAntiPhishingFilter.ps1 @@ -8,7 +8,7 @@ function Invoke-EditAntiPhishingFilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 index 935461e8fb73..fc8687e5f3f1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditContact { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $TenantID = $Request.body.tenantID $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 index 26598494addc..11c0b8108689 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditExConnector { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 index 6b9450bd1842..315596cb252e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditMalwareFilter.ps1 @@ -8,7 +8,7 @@ function Invoke-EditMalwareFilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 index 70ef3fcf7a52..b552059cabf8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeAttachmentsFilter.ps1 @@ -8,7 +8,7 @@ function Invoke-EditSafeAttachmentsFilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 index 1adca2d99819..9d1663070e2e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSafeLinksFilter.ps1 @@ -8,7 +8,7 @@ function Invoke-EditSafeLinksFilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 index e09a95ae0972..f4bcef687f68 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditSpamFilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index eb8f57c38f10..e41e730759ea 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditTransportRule { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 index 8d64cb14e527..f06dd608e5eb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecConvertToRoomMailbox { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 index 30b5ab753120..d1023b50a11f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecConverttoSharedMailbox { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $Tenant = $Request.query.TenantFilter $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 index 3b002585d96e..f5891a4f8c0f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecCopyForSent { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 index d137714e0b70..eb644addef25 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecEditCalendarPermissions { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Extract parameters from query or body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 index ddec499c65f6..4743382dd6c9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecEditMailboxPermissions { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME-message 'Accessed this API' -Sev 'Debug' $Username = $request.body.userID $Tenantfilter = $request.body.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 index e86d74345e28..45b86338270e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 @@ -15,7 +15,7 @@ Function Invoke-ExecEmailForward { $ForwardingAddress = $request.body.ForwardInternal.value $ForwardingSMTPAddress = $request.body.ForwardExternal $ForwardOption = $request.body.forwardOption - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint [bool]$KeepCopy = if ($request.body.keepCopy -eq 'true') { $true } else { $false } if ($ForwardOption -eq 'internalAddress') { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 index 0e05be42558e..6bf2d138ed3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecEnableArchive { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 index 26fafac292dc..34a5aa77b9ad 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGroupsDelete { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 index 8d007000d4d6..755620ab02f0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGroupsDeliveryManagement { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 index 6eade0a0db90..0798b84ef5c7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGroupsHideFromGAL { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index 145a0ed7c46d..edbc72a7cc86 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -10,9 +10,8 @@ Function Invoke-ExecHideFromGAL { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName $ExecutingUser = $Request.headers.'x-ms-client-principal' - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 index 064d550020df..52281c5e24d4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 @@ -9,7 +9,7 @@ Function Invoke-ExecMailTest { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 index 67bdbb40d8ac..8d40c1f4e083 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecMailboxMobileDevices { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 index dfe33f7268fc..b80c2fc0c750 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 @@ -7,7 +7,7 @@ function Invoke-ExecMailboxRestore { #> Param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 index c2fb07f15c71..4421360709dc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecQuarantineManagement { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 index 02974ceb2c9a..1fe012795d7b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSetMailboxLocale { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $Tenant = $Request.body.TenantFilter $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 index 1deb1e696a8d..f5ced965516b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSetMailboxQuota { [CmdletBinding()] param($Request, $TriggerMetadata) try { - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = $request.body.user $Tenantfilter = $request.body.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 index 7bb4899bb463..f3540191de9a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 @@ -8,7 +8,7 @@ Function Invoke-ExecSetOoO { [CmdletBinding()] param($Request, $TriggerMetadata) try { - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = $request.body.userId $Tenantfilter = $request.body.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 index 4781bb09eb7b..9bc882da0b86 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecStartManagedFolderAssistant { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' $Tenant = $Request.query.TenantFilter Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 index c4c85e2534fa..d6075e578313 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListAntiPhishingFilters.ps1 @@ -8,7 +8,7 @@ function Invoke-ListAntiPhishingFilters { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 index e226f78e0261..fb80de05afbd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilter.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListConnectionFilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 index 318aee914177..08d32756da2f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListConnectionFilterTemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListConnectionFilterTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 index 993f894fed02..03d7df527ff1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGlobalAddressList { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 index bb2f9cdf3a06..8447c76786ed 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 @@ -8,7 +8,7 @@ function Invoke-ListMailQuarantine { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 index 4099919dad3d..0a5031712a26 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantineMessage.ps1 @@ -8,7 +8,7 @@ function Invoke-ListMailQuarantineMessage { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $Request.Query.Tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 index 0b7d74ed02b7..597472165fda 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMalwareFilters.ps1 @@ -8,7 +8,7 @@ function Invoke-ListMalwareFilters { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 index dc3a35d2201c..98fe0b2ebad8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListOoO { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $Tenantfilter = $request.query.tenantFilter try { $Body = Get-CIPPOutOfOffice -userid $Request.query.userid -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 index 6c9c900e57f3..69d049c13ae9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListRecipients { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 index 5528a6032faa..8b71d807876f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeAttachmentsFilters.ps1 @@ -8,7 +8,7 @@ function Invoke-ListSafeAttachmentsFilters { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 index c34a55eb6d86..bcf5e939e498 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSafeLinksFilters.ps1 @@ -8,7 +8,7 @@ function Invoke-ListSafeLinksFilters { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 index 79008c20db8d..a74c9491e4af 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListSpamFilterTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 index 2c061a63c3d5..efa8a228914c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListSpamfilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 index 9d03f5fa93dd..702247ac6b3e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTransportRules { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 index 1e33bbc6a198..93846a810e02 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTransportRulesTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 index 6898bbdbccf2..34cfeb198291 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddChocoApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 index 2513df7a5658..b5d055d24c1b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddMSPApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 index 1347005f8a3b..f2162cf98ff7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddOfficeApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 index a14c13fb5e1c..960560e29b5e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddStoreApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddStoreApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 index 988b2bf626e7..999161fe866b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAssignApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 index b91d000b0837..9fc4e3200ea5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListApplicationQueue { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 index 418f2965cb17..92c5e188f1aa 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListApps { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 index 5f7fbad84b24..685d06eacf37 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAppsRepository { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Search = $Request.Body.Search diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 index 1ed85ff4d620..b8fd6eb7aaf0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddAPDevice { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 index b50837194750..3834d45e071e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddAutopilotConfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 index 522f366ef2ac..1656c5a69c59 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddEnrollment { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 index f4d0e10d2526..e34032ddb2db 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 @@ -9,7 +9,7 @@ Function Invoke-ExecAssignAPDevice { #> [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 index a7c66e574c47..fed6abfc5b13 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAPDevices { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 index 29803ba86c84..95de673985c4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddDefenderDeployment { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = ($Request.body.selectedTenants).value diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 index 5a2a59a2c0d5..30dc61dd9c32 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddIntuneTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $GUID = (New-Guid).GUID diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 index 18f92c07cceb..e6a62da20f50 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddPolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = ($Request.Body.tenantFilter.value) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 index 557fcae46252..07391fcd6855 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 @@ -10,7 +10,7 @@ function Invoke-EditIntuneScript { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 index 4cbf3192ddb7..aa987198a3ee 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditPolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.body.tenantid diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 index 62367e940102..44bd7e8a7438 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAssignPolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.body.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 index c3ad979b19d1..04ac4554c36d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecDeviceAction { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with Body parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 index 46af5fc50f77..b3f923c1f5cc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGetLocalAdminPassword { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint try { $GraphRequest = Get-CIPPLapsPassword -device $($request.body.guid) -tenantFilter $Request.body.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 index 0283ee5031b6..17b9e9eed724 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGetRecoveryKey { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 index 927c69ad97ba..edc724887eda 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 @@ -10,7 +10,7 @@ function Invoke-ListIntuneScript { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 index 5d2abd051182..6bf528b855fe 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 @@ -10,7 +10,7 @@ function Invoke-RemoveIntuneScript { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 index 901490a6268e..79b0cd5cb55b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListDevices { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 7fd95cdeb8f4..ff3d221b1145 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecDeviceDelete { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 index 576795084ef5..5030d5be235c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddGroup { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $groupobj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 index f8de4aed6d1c..5b9344e720a7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 @@ -9,7 +9,7 @@ Function Invoke-AddGroupTemplate { #> [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $GUID = (New-Guid).GUID diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 index 8e21640e45f4..ed49d9139618 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditGroup { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.ArrayList]@() diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 index 4788aeb17f95..11d70a0f2f8a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupSenderAuthentication.ps1 @@ -4,7 +4,7 @@ Function Invoke-ListGroupSenderAuthentication { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -43,4 +43,4 @@ Function Invoke-ListGroupSenderAuthentication { StatusCode = [HttpStatusCode]::OK Body = @{ allowedToReceiveExternal = !$state } }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 index ec56980d6794..31cae1bd1f10 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddGuest { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.ArrayList]@() diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index 48a02104d574..6b37ced7e709 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditUser { [CmdletBinding()] param($Request, $TriggerMetadata) - $ApiName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $Request.headers.'x-ms-client-principal' Write-LogMessage -headers $Request.headers -API $ApiName -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 index f8bd672e0c43..8c3e3ef44871 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecBECRemediate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 index 5220d4b86f31..fd5e11bf8f07 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecClrImmId { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 index 239018057093..30650cd5c318 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecCreateTAP { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 index b5b80a86d7c8..fbe020546a1a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecDisableUser { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint try { $State = Set-CIPPSignInState -userid $Request.query.ID -TenantFilter $Request.Query.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -AccountEnabled ([System.Convert]::ToBoolean($Request.Query.Enable)) $Results = [pscustomobject]@{'Results' = "$State" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 index 29f971c8a98c..53cdc664fa6c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDismissRiskyUser.ps1 @@ -8,7 +8,7 @@ function Invoke-ExecDismissRiskyUser { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 index bd0a2052a3b7..4a62823799b8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecOneDriveShortCut { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 index bc84330fccef..49b2ab16d9c0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecOneDriveProvision { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $Params = $Request.Body ?? $Request.Query try { $State = Request-CIPPSPOPersonalSite -TenantFilter $Params.TenantFilter -UserEmails $Params.UserPrincipalName -ExecutingUser $Request.Headers.'x-ms-client-principal' -APIName $APINAME diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 index 63f5c5c21001..ddca99ba5193 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecResetMFA { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 index 7c373fd46362..42551f246aa5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecResetPass { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 index d956ce15973c..b16a12e0ab50 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecRevokeSessions { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 index cdac48833a53..d077f97949bb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSendPush { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 index 39bbcd9bc268..74aac56d2527 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 @@ -10,7 +10,7 @@ function Invoke-ListPerUserMFA { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 index 0976bd5d9fd0..e2399fabe5c0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserConditionalAccessPolicies { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 index 6e17a7c5e36e..fbbdde8aa359 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserCounts { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 index 961da48a1053..52e841377b01 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserDevices { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 index 6fe9a598038d..870d2a755d48 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserGroups { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 index 231b9395b5b7..512ca633f54f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserMailboxDetails { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 index 4ea9b6d8a35a..959abffe0ab7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserMailboxRules { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 index d58064d9a984..b8e3acf588d0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 @@ -9,7 +9,7 @@ function Invoke-ListUserSettings { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 index 1013dbcd4728..9df706720a68 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUserSigninLogs { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $top = $Request.Query.top ? $Request.Query.top : 50 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 index 16c30253cb83..dc7f3459a58c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAlertsList { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 index 63f5f05232ac..fbe9ed284818 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecIncidentsList { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 index 88a5ce66e560..3cefd1b913f7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSetSecurityAlert { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 index de928814591d..25892d30b508 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSetSecurityIncident { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $first = '' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 index 211ad69a3e80..be7dc4e714b3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSite.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddSite { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $SharePointObj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 index b782437d012a..049af0fbd648 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddSiteBulk.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddSiteBulk { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 index 9cfe8a52d836..6c00d43d4bb2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddTeam { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $userobj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 index 3ee1e2250544..4af90af25044 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecRemoveTeamsVoicePhoneNumberAssignment { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $tenantFilter = $Request.Body.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 index e5851ab0fd44..cec32662711d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecSetSharePointMember { param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 index 40934b0bb546..00a4ac5caf18 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSharePointPerms { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $tenantFilter = $Request.Body.tenantFilter $ExecutingUser = $Request.Headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 index 4714c300685a..95e6c4126116 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Identity = $Request.Body.input.value diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 index 86eb8235784b..5316c2cec66c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListSharepointSettings { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 index f0700efa9beb..82acc236796f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTeams { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 index 8026286f547c..d8b0f95656dd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsLisLocation.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTeamsLisLocation { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 index cff8ca2c0c07..6e996b99c4fd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTeamsVoice { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 index f98a76224444..c61665949c05 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 @@ -9,7 +9,7 @@ Function Invoke-AddAlert { #> [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = $request.body.tenantFilter $Conditions = $request.body.conditions | ConvertTo-Json -Compress -Depth 10 | Out-String diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 index 3e25c875d0dc..460a36ad70a5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAlertsQueue.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAlertsQueue { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 index 41377a472604..7511b8c4e408 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListWebhookAlert { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = get-cipptable -TableName 'SchedulerConfig' $WebhookRow = foreach ($Webhook in Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKey -EQ 'WebhookAlert') { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 index ed7e10846f5f..2442dbcf934a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-RemoveQueuedAlert.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveQueuedAlert { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.query.EventType -eq 'Audit log Alert') { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 index e11d8e0ccc6b..f7f661064f5c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 @@ -9,7 +9,7 @@ function Invoke-ExecAddMultiTenantApp { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $DelegateResources = $request.body.permissions | Where-Object -Property origin -EQ 'Delegated' | ForEach-Object { @{ id = $_.id; type = 'Scope' } } $DelegateResourceAccess = @{ ResourceAppId = '00000003-0000-0000-c000-000000000000'; resourceAccess = $DelegateResources } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 index 408516df3601..34ca07d3228a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAppApproval { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 index 442a4116e3a5..ce498176528c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAddSPN { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 index 71c8afcd86f1..dc69176e989e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 @@ -9,8 +9,9 @@ Function Invoke-ExecOffboardTenant { #> [CmdletBinding()] param($Request, $TriggerMetadata) + $APIName = $Request.Params.CIPPEndpoint try { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantQuery = $Request.Body.TenantFilter.value ?? $Request.Body.TenantFilter @@ -49,7 +50,7 @@ Function Invoke-ExecOffboardTenant { $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter $results.Add('Successfully removed guest users') - Write-LogMessage -user $ExecutingUser -API $APIName -message 'CSP Guest users were removed' -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message 'CSP Guest users were removed' -Sev 'Info' -tenant $TenantFilter } else { $results.Add('No guest users found to remove') } @@ -91,7 +92,7 @@ Function Invoke-ExecOffboardTenant { try { New-GraphPostRequest -type PATCH -body $patchContactBody -Uri "https://graph.microsoft.com/v1.0/organization/$($orgContacts.id)" -tenantid $Tenantfilter -ContentType 'application/json' $results.Add("Successfully removed notification contacts from $($property): $(($propertyContacts | Where-Object { $domains -contains $_.Split('@')[1] }))") - Write-LogMessage -user $ExecutingUser -API $APIName -message "Contacts were removed from $($property)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message "Contacts were removed from $($property)" -Sev 'Info' -tenant $TenantFilter } catch { $errors.Add("Failed to update property $($property): $($_.Exception.message)") } @@ -108,7 +109,7 @@ Function Invoke-ExecOffboardTenant { try { $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.value)" -tenantid $Tenantfilter) $results.Add("Successfully removed app $($_.label)") - Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.label) was removed" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message "App $($_.label) was removed" -Sev 'Info' -tenant $TenantFilter } catch { #$results.Add("Failed to removed app $($_.displayName)") $errors.Add("Failed to removed app $($_.label)") @@ -126,7 +127,7 @@ Function Invoke-ExecOffboardTenant { try { $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.id)" -tenantid $Tenantfilter) $results.Add("Successfully removed app $($_.displayName)") - Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.displayName) was removed" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message "App $($_.displayName) was removed" -Sev 'Info' -tenant $TenantFilter } catch { #$results.Add("Failed to removed app $($_.displayName)") $errors.Add("Failed to removed app $($_.displayName)") @@ -147,7 +148,7 @@ Function Invoke-ExecOffboardTenant { try { $terminate = (New-GraphPostRequest -type 'POST' -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/$($_.id)/requests" -body '{"action":"terminate"}' -ContentType 'application/json' -tenantid $env:TenantID) $results.Add("Successfully terminated GDAP relationship $($_.displayName) from tenant $TenantFilter") - Write-LogMessage -user $ExecutingUser -API $APIName -message "GDAP Relationship $($_.displayName) has been terminated" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message "GDAP Relationship $($_.displayName) has been terminated" -Sev 'Info' -tenant $TenantFilter } catch { $($_.Exception.message) @@ -167,7 +168,7 @@ Function Invoke-ExecOffboardTenant { try { $terminate = (New-GraphPostRequest -type 'PATCH' -body '{ "relationshipToPartner": "none" }' -Uri "https://api.partnercenter.microsoft.com/v1/customers/$TenantFilter" -ContentType 'application/json' -scope 'https://api.partnercenter.microsoft.com/user_impersonation' -tenantid $env:TenantID) $results.Add('Successfully terminated contract relationship') - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Contract relationship terminated' -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Contract relationship terminated' -Sev 'Info' -tenant $TenantFilter } catch { #$results.Add("Failed to terminate contract relationship: $($_.Exception.message)") $errors.Add("Failed to terminate contract relationship: $($_.Exception.message)") @@ -180,6 +181,7 @@ Function Invoke-ExecOffboardTenant { $Results.Add('Tenant cache has been cleared') } + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Offboarding completed' -Sev 'Info' -tenant $TenantFilter $StatusCode = [HttpStatusCode]::OK $body = [pscustomobject]@{ 'Results' = @($results) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOnboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOnboardTenant.ps1 index 70576362b561..ad61daf3ddd2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOnboardTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOnboardTenant.ps1 @@ -10,7 +10,7 @@ function Invoke-ExecOnboardTenant { param($Request, $TriggerMetadata) $APIName = 'ExecOnboardTenant' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Id = $Request.Body.id if ($Id) { try { @@ -84,6 +84,7 @@ function Invoke-ExecOnboardTenant { Batch = @($Item) } $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress) + Write-LogMessage -headers $Request.Headers -API $APINAME -message "Onboarding job $Id started" -Sev 'Info' -LogData @{ 'InstanceId' = $InstanceId } } $Steps = $TenantOnboarding.OnboardingSteps | ConvertFrom-Json diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 index 6cd6c9a6bbdc..ec89669aefcc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecUpdateSecureScore { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 index cb1ee3a01536..f3144ddb4c7e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 @@ -9,7 +9,7 @@ function Invoke-ListAppConsentRequests { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.TenantFilter Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 index f92ec63a8dfe..b02f0f48d4e2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTenantDetails { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 index c17fbd6734ea..1fd2fd8f97a8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTenants { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantAccess = Test-CIPPAccess -Request $Request -TenantList diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 index 0b812a5c99f3..81f9a888d85b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddCAPolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = $Request.body.tenantFilter.value diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 index 34272cbcaab9..02200e39dc04 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddCATemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Body.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 index 4aa7f9e97f65..538599a246ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddNamedLocation { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 index df98b3137691..1e8d5662663a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-EditCAPolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 index 7c586d60145d..04a138b3f97f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecCaCheck { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenant = $request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 index 7df4146daa40..98d1a88ec542 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecCAExclusion { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' #If UserId is a guid, get the user's UPN if ($Request.body.UserId -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 index 5c68389dd9c9..058cd00c7993 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecNamedLocation { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 index dbe4825a050f..b76cb67f4d8c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListCAtemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 index e5543136b6e7..25b28cc46a09 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListConditionalAccessPolicies { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 index a9a158be35de..b21fbe522b11 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListConditionalAccessPolicyChanges { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 index 1522f79e2917..2b574a6e3c71 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecAddGDAPRole { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $CippDefaults = @( diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 index 3aeb95403d6e..18c1c6efdef4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecDeleteGDAPRelationship { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 index ee811cfc720e..e9bfe1645f10 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecDeleteGDAPRoleMapping { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName 'GDAPRoles' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 index 8dcb83a0bafd..62fbb532c26c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGDAPInvite { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 index 75327648bf59..f99e814e04a8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGDAPQueue { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 index e2e2976b88c8..61fb65f4b084 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGDAPRoles { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 index 10207e9e2928..edf89698769d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddStandardsDeploy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $user = $request.headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 index d46d1508dab0..a5e67feddfad 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddStandardsTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $GUID = $Request.body.GUID ? $request.body.GUID : (New-Guid).GUID diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 index b710abec0e7e..fc5d25452c53 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 @@ -10,7 +10,7 @@ Function Invoke-BestPracticeAnalyser_List { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenants = Get-Tenants diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 index 2f1980fbbdd5..735a6f98d219 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 @@ -9,7 +9,7 @@ Function Invoke-ExecStandardsRun { #> [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $tenantfilter = if ($Request.Query.TenantFilter) { $Request.Query.TenantFilter } else { 'allTenants' } $TemplateId = if ($Request.Query.TemplateId) { $Request.Query.TemplateId } else { '*' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 index 215983d04a15..65e7bd78bcf6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListBPA { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint # Write-LogMessage -headers $Request.Headers -API $APINAME -message "Accessed this API" -Sev "Debug" $Table = get-cipptable 'cachebpav2' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 index 5cf29106c488..25ef55b55f8c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListBPATemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 index 88d652fa9af0..63685cb242d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 @@ -37,7 +37,7 @@ Function Invoke-ListDomainHealth { $UserCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 index c2ce841dce30..011839ad6364 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-AddBPATemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddBPATemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 index 62004c458087..0c94e882ea86 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecGraphExplorerPreset { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 index 6fedc0eac9da..9f19cacea091 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTenantAllowBlockList.ps1 @@ -10,7 +10,7 @@ Function Invoke-AddTenantAllowBlockList { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' $blocklistobj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 index 6b137ad0b712..efc70b91833f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBreachSearch.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecBreachSearch { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.query.TenantFilter #Move to background job diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 index ae18174f5f67..c701bd475f40 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCSPLicense.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecCSPLicense { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 index 0bde258f8dfa..9036b16620b4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecListAppId.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecListAppId { [CmdletBinding()] param($Request, $TriggerMetadata) Get-CIPPAuthentication - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ResponseURL = "$(($Request.headers.'x-ms-original-url').replace('/api/ExecListAppId','/api/ExecSAMSetup'))" diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 index d3ed41041945..3547e651798d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreDeleted.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecRestoreDeleted { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 index c70dc7d70633..ca89e41bd579 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendOrgMessage.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecSendOrgMessage { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 index 40b0a18263e2..79c34f584138 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 @@ -9,7 +9,7 @@ Function Invoke-ExecSyncAPDevices { #> [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 index 718eccde53d1..e07781beb7f2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 @@ -10,7 +10,7 @@ Function Invoke-ExecUniversalSearch { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 index 20e83a755e19..82d1cb25041a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 @@ -9,7 +9,7 @@ function Invoke-ExecUserSettings { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 index 0e20e865de4c..2db62cf8e0c3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAllTenantDeviceCompliance.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAllTenantDeviceCompliance { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 index ce73c42ac733..10e0590e24c1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppStatus.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAppStatus { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 index 4b5adccad03c..a4832e59e1c3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAutopilotconfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAutopilotconfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 index bd9a6bbd815b..5d5fb2b2b62b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListAzureADConnectStatus { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' $TenantFilter = $Request.Query.TenantFilter Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 index 777c2b6100c0..4c9f894b3c4e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListBreachesAccount { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($request.query.account -like '*@*') { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 index 7335d92b7720..ecbaecfc54df 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPLicenses.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListCSPLicenses { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 index ee6dc051952f..4782121321b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCSPsku.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListCSPsku { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.Query.currentSkuOnly) { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 index 15ea61dd734b..a4640809048f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCalendarPermissions.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListCalendarPermissions { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $UserID = $request.Query.UserID $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 index f135b27d0b1d..fb4efd4a5906 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderState.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListDefenderState { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 index e61191283062..eedf83e4f5b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListDefenderTVM { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 index cb763699e04c..90eb7f9b89ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListDeletedItems { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 index fa2e20cd7e51..2e1aa667bd40 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeviceDetails.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListDeviceDetails { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 index 5ca88af8c2df..14b225267ec7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListDomains { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 index 7510a2fe494d..d16a08c73c98 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListExConnectorTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 index fd07a79e0ea1..610d3660ffcb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListExchangeConnectors { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $request.Query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 index 9861aabbdc2f..008ae6398f9e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExtensionsConfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListExtensionsConfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName Extensionsconfig diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 index d88e132fc704..bb37f00360f8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListExternalTenantInfo { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 index 6d2070ea0d2d..3bfc376481c8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 @@ -9,7 +9,7 @@ function Invoke-ListFunctionParameters { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 index 3ae0f427a32c..26c014d0c8d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListFunctionStats { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 index b0e169c1192c..cea9da93182e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericTestFunction.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGenericTestFunction { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $graphRequest = ($request.headers.'x-ms-original-url').split('/api') | Select-Object -First 1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 index e68a1d67bf3b..00bde1a68df3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGraphExplorerPresets { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 index 2bb0b22e539e..7d5d7c38cdad 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroupTemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGroupTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 index 502f9c6fba2f..da1c6c362f6c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGroups.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListGroups { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 index 2175e88609db..3d9397b985e4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListHaloClients.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListHaloClients { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 index 5a36bb089ff0..2bd26015ed03 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListInactiveAccounts { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 index f134ce0e6681..6e9d14f81319 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneIntents.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListIntuneIntents { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index fc763c50f716..5edc8623ad9b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -9,7 +9,7 @@ Function Invoke-ListIntunePolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index 8e42cd9f7036..7ffcbf6cdd43 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListIntuneTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CippTable -tablename 'templates' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 index 07eaf41cbc24..e336eddbc938 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListKnownIPDb.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListKnownIPDb { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 index 25bc8b79ca23..59b8b8817d71 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListLicenses { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 index a7351904465c..c6fc0c2a88ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListLogs { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 index a6c488e7e055..8225f0b603da 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListMFAUsers { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 index 5ae61508fbb1..c088305a95c1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxCAS.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListMailboxCAS { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 index b8bbe11b2ea6..b09540ed117f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxMobileDevices.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListMailboxMobileDevices { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 index b64ddc5ff75c..1ffe8b543310 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRestores.ps1 @@ -7,7 +7,7 @@ function Invoke-ListMailboxRestores { #> param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 index 6a2fdaae887c..bcbc251c921b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxes.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListMailboxes { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 index 6adaf0d77903..a683b78a8347 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNamedLocations.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListNamedLocations { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 index 3fcec6b7bac5..4d991c9d466a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListNotificationConfig.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListNotificationConfig { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName SchedulerConfig diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 index de1f08c61879..4d720cdf9122 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOAuthApps.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListOAuthApps { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 index feb84475d748..e94737a79274 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOrg.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListOrg { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 index 523a73776305..927d63b7067e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPartnerRelationships.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListPartnerRelationships { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 index 6c4f102bdd63..ddad3aa638a7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListPendingWebhooks { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 index 0e15c7eba824..0d95d6bffb71 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPotentialApps.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListPotentialApps { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($request.body.type -eq 'WinGet') { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 index 8630511ac6a5..6d57f2daa1f9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoles.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListRoles { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 index 3e1afa107f03..93ac7fb9041c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRoomLists.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListRoomLists { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 index 13b697641a54..1c946dda70a2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRooms.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListRooms { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 index 0debb29d7758..c7d6d401ab1f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxAccountEnabled.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListSharedMailboxAccountEnabled { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 index ef64c1bc6ac1..996e6f13dc53 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharedMailboxStatistics.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListSharedMailboxStatistics { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 index 60a11af97396..233e0ba32654 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointQuota.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListSharepointQuota { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 index 946b94c2df83..a7a2d8358236 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListStandards.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListStandards { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.Query.ShowConsolidated -eq $true) { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 index aa66c7e7bf27..01dcabaf6174 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantAllowBlockList.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListTenantAllowBlockList { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 index f3cfccb11e57..449fc929541d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListmailboxPermissions.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListmailboxPermissions { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 index c51ed91970da..84a81ea0f4cd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveTenantAllowBlockList { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Invoke-RemoveAPDevice.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveAPDevice.ps1 index db939b3ee098..c04a4c40b4ed 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveAPDevice.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveAPDevice.ps1 @@ -10,8 +10,8 @@ Function Invoke-RemoveAPDevice { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $APIName = $Request.Params.CIPPEndpoint + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -25,11 +25,11 @@ Function Invoke-RemoveAPDevice { } else { $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$Deviceid" -tenantid $TenantFilter -type DELETE } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $TenantFilter -API $APINAME -message "Deleted autopilot device $Deviceid" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -tenant $TenantFilter -API $APINAME -message "Deleted autopilot device $Deviceid" -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully deleted the autopilot device' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $TenantFilter -API $APINAME -message "Autopilot Delete API failed for $deviceid. The error is: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Request.Headers -tenant $TenantFilter -API $APINAME -message "Autopilot Delete API failed for $deviceid. The error is: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to delete device: $($ErrorMessage.NormalizedError)" } } #force a sync, this can give "too many requests" if deleleting a bunch of devices though. diff --git a/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 index 10430868b406..a79cefbba3d1 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 index 1f2046b4ed9e..11c2efabf670 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveBPATemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 index ba2931f410b9..53f74e9279fa 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveCAPolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 index 1d24c2095320..1c497724f77d 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveCATemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' $ID = $request.query.id Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 index 19526772e1e6..fd4cfe4276ad 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveConnectionfilterTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 index 3635459a6f1b..fd052cf83ca6 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveContact { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $Tenantfilter = $request.Query.tenantfilter $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 index 20b19adc86a1..f4da2e4a0f98 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveExConnector { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' $TenantFilter = $request.Query.tenantFilter ?? $Request.Body.tenantFilter Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 index 34100f0acb96..b6d19f39bd63 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveExConnectorTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 index d7a330d0bdd9..c2f344a26a7f 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveGroupTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 index 5880b04b7968..dbe14276a02e 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveIntuneTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 index 53dd68908fa6..1d7b4b4a0053 100644 --- a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemovePolicy { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 index 767f49448c3a..81a1f324bf94 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveQueuedApp { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 index 736b834d0d72..fa10a7470d9b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveSpamfilter { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter diff --git a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 index a6ed62eeabb3..d843eb67ed4b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveSpamfilterTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 index af93c7a4cc95..74ea2f7b9ebd 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveStandard { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 index 00223f17f7c2..d08cf139a390 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveStandardTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index fceb370fd81b..6ccfefe1825c 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveTransportRule { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $ExecutingUser = $Request.headers.'x-ms-client-principal' Write-LogMessage -user $ExecutingUser -API $APIName -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 index 1f32522ecddf..4daa15abae61 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveTransportRuleTemplate { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 index a018e2ffd710..2452a112216b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveUser { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint $User = $request.headers.'x-ms-client-principal' Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 b/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 index 70586c0f7912..9c56fd9dcbaf 100644 --- a/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Invoke-RemoveWebhookAlert.ps1 @@ -10,7 +10,7 @@ Function Invoke-RemoveWebhookAlert { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName + $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { From 7678a7f335015e6f7d900dfa7ec5f55ea071c7ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 9 Feb 2025 00:23:10 +0100 Subject: [PATCH 061/138] refactor logging in Invoke-EditRoomMailbox to use request headers instead of executing user --- .../Email-Exchange/Invoke-EditRoomMailbox.ps1 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 index 12e49c68494d..fda1275a1956 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditRoomMailbox.ps1 @@ -11,13 +11,12 @@ Function Invoke-EditRoomMailbox { param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Tenant = $Request.body.tenantid + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.Generic.List[Object]]::new() $MailboxObject = $Request.body - $Tenant = $MailboxObject.tenantid # First update the mailbox properties $UpdateMailboxParams = @{ @@ -62,12 +61,12 @@ Function Invoke-EditRoomMailbox { $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Place' -cmdParams $UpdatePlaceParams $Results.Add("Successfully updated room: $($MailboxObject.DisplayName)") - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant -message "Updated room $($MailboxObject.DisplayName)" -Sev 'Info' + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Tenant -message "Updated room $($MailboxObject.DisplayName)" -Sev 'Info' $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant -message "Failed to update room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $Tenant -message "Failed to update room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Results.Add("Failed to update Room mailbox $($MailboxObject.userPrincipalName). $($ErrorMessage.NormalizedError)") $StatusCode = [HttpStatusCode]::Forbidden From e9c0e229abfa7dab0857cb92057c25c300bfd613 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 19:23:22 -0500 Subject: [PATCH 062/138] scheduler improvements add headers parameter to functions automatically filter down to ones needed for logging hide headers from scheduler form remove invalid parameters to prevent execution failures check for invalid functions --- .../CIPPCore/Public/Add-CIPPScheduledTask.ps1 | 7 ++++- .../Push-ExecScheduledCommand.ps1 | 29 +++++++++++++++++++ .../Scheduler/Invoke-AddScheduledItem.ps1 | 2 +- .../Invoke-ListFunctionParameters.ps1 | 7 ++--- 4 files changed, 38 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 index 6154119e56a4..ed2bfd4da7c0 100644 --- a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 @@ -4,7 +4,8 @@ function Add-CIPPScheduledTask { [pscustomobject]$Task, [bool]$Hidden, $DisallowDuplicateName = $false, - [string]$SyncType = $null + [string]$SyncType = $null, + $Headers ) $Table = Get-CIPPTable -TableName 'ScheduledTasks' @@ -33,6 +34,10 @@ function Add-CIPPScheduledTask { } } + if ($Headers) { + $Parameters.Headers = $Headers | Select-Object -Property 'x-forwarded-for', 'x-ms-client-principal', 'x-ms-client-principal-idp', 'x-ms-client-principal-name' + } + $Parameters = ($Parameters | ConvertTo-Json -Depth 10 -Compress) $AdditionalProperties = [System.Collections.Hashtable]@{} foreach ($Prop in $task.AdditionalProperties) { diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1 index d7fdf61608be..015589f57b06 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1 @@ -11,9 +11,38 @@ function Push-ExecScheduledCommand { $task = $Item.TaskInfo $commandParameters = $Item.Parameters | ConvertTo-Json -Depth 10 | ConvertFrom-Json -AsHashtable + $Function = Get-Command -Name $Item.Command + if ($null -eq $Function) { + $Results = "Task Failed: The command $($Item.Command) does not exist." + $State = 'Failed' + Update-AzDataTableEntity -Force @Table -Entity @{ + PartitionKey = $task.PartitionKey + RowKey = $task.RowKey + Results = "$Results" + TaskState = $State + } + Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Failed to execute task $($task.Name): The command $($Item.Command) does not exist." -sev Error + return + } + + try { + $ParamsToRemove = [System.Collections.Generic.List[string]]::new() + foreach ($Parameter in $commandParameters.GetEnumerator()) { + if (!$Function.Parameters.ContainsKey($Parameter.Key)) { + $ParamsToRemove.Add($Parameter.Key) + } + } + foreach ($Param in $ParamsToRemove) { + $commandParameters.Remove($Param) + } + } catch { + Write-Host "Failed to remove parameters: $($_.Exception.Message)" + } + $tenant = $Item.Parameters.TenantFilter Write-Host "Started Task: $($Item.Command) for tenant: $tenant" try { + try { Write-Host "Starting task: $($Item.Command) with parameters: $($commandParameters | ConvertTo-Json)" $results = & $Item.Command @commandParameters diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 index d18b23b13473..ad4e195f12a4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 @@ -14,7 +14,7 @@ Function Invoke-AddScheduledItem { } else { $hidden = $true } - $Result = Add-CIPPScheduledTask -Task $Request.body -hidden $hidden -DisallowDuplicateName $Request.query.DisallowDuplicateName + $Result = Add-CIPPScheduledTask -Task $Request.body -Headers $Request.Headers -hidden $hidden -DisallowDuplicateName $Request.query.DisallowDuplicateName Write-LogMessage -headers $Request.Headers -API $APINAME -message $Result -Sev 'Info' Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 index 3bfc376481c8..d58444cc39f7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 @@ -12,9 +12,6 @@ function Invoke-ListFunctionParameters { $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - # Write to the Azure Functions log stream. - Write-Information 'PowerShell HTTP trigger function processed a request.' - # Interact with query parameters or the body of the request. $Module = $Request.Query.Module $Function = $Request.Query.Function @@ -27,7 +24,7 @@ function Invoke-ListFunctionParameters { $CommandQuery.Name = $Function } $IgnoreList = 'entryPoint', 'internal' - $CommonParameters = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'TenantFilter', 'APIName', 'ExecutingUser', 'ProgressAction', 'WhatIf', 'Confirm') + $CommonParameters = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'TenantFilter', 'APIName', 'ExecutingUser', 'ProgressAction', 'WhatIf', 'Confirm', 'Headers') $TemporaryBlacklist = 'Get-CIPPAuthentication', 'Invoke-CippWebhookProcessing', 'Invoke-ListFunctionParameters', 'New-CIPPAPIConfig', 'New-CIPPGraphSubscription' try { if ($Module -eq 'ExchangeOnlineManagement') { @@ -40,7 +37,7 @@ function Invoke-ListFunctionParameters { $ExoRequest.Compliance = $true } $Functions = New-ExoRequest @ExoRequest - Write-Host $Functions + #Write-Host $Functions } else { $Functions = Get-Command @CommandQuery | Where-Object { $_.Visibility -eq 'Public' } } From a62a83056ea59198940ef67f599d9007eb26ea2a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 19:23:43 -0500 Subject: [PATCH 063/138] fix app upload in processor queue --- .../Endpoint/Applications/Invoke-ExecAppUpload.ps1 | 2 +- .../Timer Functions/Start-CIPPProcessorQueue.ps1 | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 index d57088b5a4e2..49dd04da6a61 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAppUpload.ps1 @@ -16,7 +16,7 @@ function Invoke-ExecAppUpload { $ProcessorFunction = [PSCustomObject]@{ PartitionKey = 'Function' RowKey = 'Start-ApplicationOrchestrator' - + FunctionName = 'Start-ApplicationOrchestrator' } $ProcessorQueue = Get-CIPPTable -TableName 'ProcessorQueue' Add-AzDataTableEntity @ProcessorQueue -Entity $ProcessorFunction -Force diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 index 6f79bcf4a4bc..094cfe4875a5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPProcessorQueue.ps1 @@ -10,8 +10,9 @@ function Start-CIPPProcessorQueue { $QueueItems = Get-CIPPAzDataTableEntity @QueueTable -Filter "PartitionKey eq 'Function'" foreach ($QueueItem in $QueueItems) { - if ($PSCmdlet.ShouldProcess("Processing function $($QueueItem.FunctionName)")) { - Write-Information "Running queued function $($QueueItem.FunctionName)" + $FunctionName = $QueueItem.FunctionName ?? $QueueItem.RowKey + if ($PSCmdlet.ShouldProcess("Processing function $($FunctionName)")) { + Write-Information "Running queued function $($FunctionName)" if ($QueueItem.Parameters) { try { $Parameters = $QueueItem.Parameters | ConvertFrom-Json -AsHashtable @@ -21,14 +22,14 @@ function Start-CIPPProcessorQueue { } else { $Parameters = @{} } - if (Get-Command -Name $QueueItem.FunctionName -ErrorAction SilentlyContinue) { + if (Get-Command -Name $FunctionName -ErrorAction SilentlyContinue) { try { - Invoke-Command -ScriptBlock { & $QueueItem.FunctionName @Parameters } + Invoke-Command -ScriptBlock { & $FunctionName @Parameters } } catch { - Write-Warning "Failed to run function $($QueueItem.FunctionName). Error: $($_.Exception.Message)" + Write-Warning "Failed to run function $($FunctionName). Error: $($_.Exception.Message)" } } else { - Write-Warning "Function $($QueueItem.FunctionName) not found" + Write-Warning "Function $($FunctionName) not found" } Remove-AzDataTableEntity -Force @QueueTable -Entity $QueueItem } From 7e583ea82f61105ede6d0b1e5bddc81c19c61ae7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 19:51:44 -0500 Subject: [PATCH 064/138] Update Invoke-ListFunctionParameters.ps1 --- .../Public/Entrypoints/Invoke-ListFunctionParameters.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 index d58444cc39f7..9b1c35fb0b14 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 @@ -24,7 +24,7 @@ function Invoke-ListFunctionParameters { $CommandQuery.Name = $Function } $IgnoreList = 'entryPoint', 'internal' - $CommonParameters = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'TenantFilter', 'APIName', 'ExecutingUser', 'ProgressAction', 'WhatIf', 'Confirm', 'Headers') + $CommonParameters = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'TenantFilter', 'APIName', 'ExecutingUser', 'ProgressAction', 'WhatIf', 'Confirm', 'Headers', 'NoAuthCheck') $TemporaryBlacklist = 'Get-CIPPAuthentication', 'Invoke-CippWebhookProcessing', 'Invoke-ListFunctionParameters', 'New-CIPPAPIConfig', 'New-CIPPGraphSubscription' try { if ($Module -eq 'ExchangeOnlineManagement') { From b8c288fd1a7ffa6f87c9a3340cd79fe4568559e7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:07:51 -0500 Subject: [PATCH 065/138] fix api response --- .../HTTP Functions/CIPP/Settings/Invoke-ExecPartnerMode.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPartnerMode.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPartnerMode.ps1 index 75605662298d..614ac38e610c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPartnerMode.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPartnerMode.ps1 @@ -53,9 +53,8 @@ Function Invoke-ExecPartnerMode { Body = @{ results = @( @{ - result = "Set Tenant mode to $($Request.body.TenantMode)" - copyInfo = $null - state = 'info' + resultText = "Set Tenant mode to $($Request.body.TenantMode)" + state = 'success' } ) } From 5e5a16a6b2ae5c59d84d8cde957e6711ff01c8e1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:11:06 -0500 Subject: [PATCH 066/138] updated mapping function logging --- Modules/CippExtensions/Public/Halo/Set-HaloMapping.ps1 | 2 +- Modules/CippExtensions/Public/Hudu/Set-HuduMapping.ps1 | 2 +- .../CippExtensions/Public/NinjaOne/Set-NinjaOneFieldMapping.ps1 | 2 +- .../CippExtensions/Public/NinjaOne/Set-NinjaOneOrgMapping.ps1 | 2 +- Modules/CippExtensions/Public/Sherweb/Set-SherwebMapping.ps1 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/CippExtensions/Public/Halo/Set-HaloMapping.ps1 b/Modules/CippExtensions/Public/Halo/Set-HaloMapping.ps1 index fb8c0c51585e..30ae54a5e310 100644 --- a/Modules/CippExtensions/Public/Halo/Set-HaloMapping.ps1 +++ b/Modules/CippExtensions/Public/Halo/Set-HaloMapping.ps1 @@ -18,7 +18,7 @@ function Set-HaloMapping { Add-CIPPAzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added mapping for $($mapping.name)." -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added mapping for $($mapping.name)." -Sev 'Info' } $Result = [pscustomobject]@{'Results' = 'Successfully edited mapping table.' } diff --git a/Modules/CippExtensions/Public/Hudu/Set-HuduMapping.ps1 b/Modules/CippExtensions/Public/Hudu/Set-HuduMapping.ps1 index 1f8ba6c37d88..667ce95ad869 100644 --- a/Modules/CippExtensions/Public/Hudu/Set-HuduMapping.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Set-HuduMapping.ps1 @@ -17,7 +17,7 @@ function Set-HuduMapping { } Add-CIPPAzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added mapping for $($mapping.name)." -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added mapping for $($mapping.name)." -Sev 'Info' } $Result = [pscustomobject]@{'Results' = 'Successfully edited mapping table.' } diff --git a/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneFieldMapping.ps1 b/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneFieldMapping.ps1 index abba4fc1a022..eedca3f891fe 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneFieldMapping.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneFieldMapping.ps1 @@ -17,7 +17,7 @@ function Set-NinjaOneFieldMapping { } Add-AzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added mapping for $($mapping.name)." -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added mapping for $($mapping.name)." -Sev 'Info' } $Result = [pscustomobject]@{'Results' = 'Successfully edited mapping table.' } diff --git a/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneOrgMapping.ps1 b/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneOrgMapping.ps1 index d501714d1a6d..b0798eca8230 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneOrgMapping.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Set-NinjaOneOrgMapping.ps1 @@ -19,7 +19,7 @@ function Set-NinjaOneOrgMapping { Add-CIPPAzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added mapping for $($mapping.name)." -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added mapping for $($mapping.name)." -Sev 'Info' } $Result = [pscustomobject]@{'Results' = 'Successfully edited mapping table.' } diff --git a/Modules/CippExtensions/Public/Sherweb/Set-SherwebMapping.ps1 b/Modules/CippExtensions/Public/Sherweb/Set-SherwebMapping.ps1 index f9f7b25e07b7..0fe51015c4b4 100644 --- a/Modules/CippExtensions/Public/Sherweb/Set-SherwebMapping.ps1 +++ b/Modules/CippExtensions/Public/Sherweb/Set-SherwebMapping.ps1 @@ -18,7 +18,7 @@ function Set-SherwebMapping { } Add-CIPPAzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added mapping for $($mapping.name)." -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added mapping for $($mapping.name)." -Sev 'Info' } $Result = [pscustomobject]@{'Results' = 'Successfully edited mapping table.' } From 0ea1018d8b74d8efdeb31df418c8998a66f8004a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:12:46 -0500 Subject: [PATCH 067/138] remove header logging from standards function --- .../Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 index 69d4f18fdb99..cee0f39dc6e3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 @@ -76,7 +76,7 @@ function Invoke-CIPPStandardGroupTemplate { $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params } } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Standards' -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id) " -Sev 'Info' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id) " -Sev 'Info' } else { if ($groupobj.groupType -in 'Generic', 'azurerole', 'dynamic') { $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($CheckExististing.id)" -tenantid $tenant -type PATCH -body (ConvertTo-Json -InputObject $BodyToship -Depth 10) -verbose @@ -100,7 +100,7 @@ function Invoke-CIPPStandardGroupTemplate { $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'Set-DistributionGroup' -cmdParams $params } } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Standards' -tenant $tenant -message "Group exists $($groupobj.displayname). Updated to latest settings." -Sev 'Info' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Group exists $($groupobj.displayname). Updated to latest settings." -Sev 'Info' } } catch { From dddae60a7c907e6902b53eacc595d9388afe16cb Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:13:30 -0500 Subject: [PATCH 068/138] fix logging for extension field mapping --- .../Public/Extension Functions/Set-ExtensionFieldMapping.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionFieldMapping.ps1 b/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionFieldMapping.ps1 index 4228bfd77e1f..9716e968fb81 100644 --- a/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionFieldMapping.ps1 +++ b/Modules/CippExtensions/Public/Extension Functions/Set-ExtensionFieldMapping.ps1 @@ -16,7 +16,7 @@ function Set-ExtensionFieldMapping { IntegrationName = "$($mapping.value.label)" } Add-AzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "Added mapping for $($mapping.name)." -Sev 'Info' + Write-LogMessage -API $APINAME -headers $Request.Headers -message "Added mapping for $($mapping.name)." -Sev 'Info' } $Result = [pscustomobject]@{'Results' = 'Successfully edited mapping table.' } From 0bcab79012b59838a5b728e41d03efa554b83399 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:15:51 -0500 Subject: [PATCH 069/138] fix gradient alert logging --- .../Public/Gradient/New-GradientAlert.ps1 | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/Modules/CippExtensions/Public/Gradient/New-GradientAlert.ps1 b/Modules/CippExtensions/Public/Gradient/New-GradientAlert.ps1 index 497052367edf..13bb0a3fdc04 100644 --- a/Modules/CippExtensions/Public/Gradient/New-GradientAlert.ps1 +++ b/Modules/CippExtensions/Public/Gradient/New-GradientAlert.ps1 @@ -6,6 +6,7 @@ function New-GradientAlert { $client ) + $APINAME = 'GradientAlert' $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).Gradient #creating accounts in Gradient @@ -27,15 +28,13 @@ function New-GradientAlert { $AlertId = Invoke-RestMethod -Uri "https://app.usegradient.com/api/vendor-api/alerting/$($client)" -Method POST -Headers $GradientToken -Body $body -ContentType 'application/json' #check if the message is actually sent, if not, abort and log. check url: https://app.usegradient.com/api/vendor-api/alerting/debug/{messageId} $AlertStatus = Invoke-RestMethod -Uri "https://app.usegradient.com/api/vendor-api/alerting/debug/$($AlertId.messageId)" -Method GET -Headers $GradientToken - if ($AlertStatus.status -eq "failed") { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create ticket in Gradient API. Error: $($AlertStatus.errors)" -Sev "Error" -tenant $client - + if ($AlertStatus.status -eq 'failed') { + Write-LogMessage -API $APINAME -message "Failed to create ticket in Gradient API. Error: $($AlertStatus.errors)" -Sev 'Error' -tenant $client } - - } - catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create ticket in Gradient API. Error: $($_.Exception.Message)" -Sev "Error" -tenant "GradientAPI" + + } catch { + Write-LogMessage -API $APINAME -message "Failed to create ticket in Gradient API. Error: $($_.Exception.Message)" -Sev 'Error' -tenant 'GradientAPI' } -} \ No newline at end of file +} From df0a313b8d6863126fec066078ca0466944860ed Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:17:44 -0500 Subject: [PATCH 070/138] fix list backup --- .../HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 index 268f91caac18..013317b805b6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 @@ -25,11 +25,11 @@ Function Invoke-ExecListBackup { } $Result = Get-CIPPBackup @CippBackupParams - Write-Host ($Result | ConvertTo-Json) + if ($request.Query.NameOnly) { $Result = $Result | Select-Object @{Name = 'BackupName'; exp = { $_.RowKey } }, Timestamp | Sort-Object Timestamp -Descending } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Alerts' -message $request.body.text -Sev $request.body.Severity + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK From a279892598d4560b1a61058f5beb9e69e37d1971 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:23:12 -0500 Subject: [PATCH 071/138] fix run backup logging update action results output --- .../CIPP/Settings/Invoke-ExecRunBackup.ps1 | 32 +++++++++++++++---- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 index 561a655c2b19..17c3e668a2c4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 @@ -10,13 +10,31 @@ Function Invoke-ExecRunBackup { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $CSVfile = New-CIPPBackup -BackupType 'CIPP' - $body = [pscustomobject]@{ - 'Results' = 'Created backup' - backup = $CSVfile.BackupData - } | ConvertTo-Json -Depth 5 -Compress + $APIName = $Request.Params.CIPPEndpoint + + try { + $CSVfile = New-CIPPBackup -BackupType 'CIPP' + $body = [pscustomobject]@{ + 'Results' = @{ + resultText = 'Created backup' + state = 'success' + } + backup = $CSVfile.BackupData + } | ConvertTo-Json -Depth 5 -Compress + + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Created CIPP backup' -Sev 'Info' + + } catch { + $body = [pscustomobject]@{ + 'Results' = @( + @{ + resultText = 'Failed to create backup' + state = 'error' + } + ) + } | ConvertTo-Json -Depth 5 -Compress + Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Failed to create CIPP backup' -Sev 'Error' -LogData (Get-CippException -Exception $_) + } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK From 4fca18f611e7291c4b4a7e1c17013792ff246f11 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 22:30:50 -0500 Subject: [PATCH 072/138] fix logging on cipp backup --- .../CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecRunBackup.ps1 | 2 +- Modules/CIPPCore/Public/New-CIPPBackup.ps1 | 18 ++++++++++-------- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 index 4bd1c95f607c..67fab612224f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSetCIPPAutoBackup.ps1 @@ -33,7 +33,7 @@ Function Invoke-ExecSetCIPPAutoBackup { Add-CIPPScheduledTask -Task $TaskBody -hidden $false $Result = @{ 'Results' = 'Scheduled Task Successfully created' } } - Write-LogMessage -headers $Request.Headers -API 'Alerts' -message $request.body.text -Sev $request.body.Severity + Write-LogMessage -headers $Request.Headers -API $Request.Params.CIPPEndpoint -message 'Scheduled automatic CIPP backups' -Sev 'Info' # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 index 17c3e668a2c4..faee7cb04412 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 @@ -13,7 +13,7 @@ Function Invoke-ExecRunBackup { $APIName = $Request.Params.CIPPEndpoint try { - $CSVfile = New-CIPPBackup -BackupType 'CIPP' + $CSVfile = New-CIPPBackup -BackupType 'CIPP' -Request $Request $body = [pscustomobject]@{ 'Results' = @{ resultText = 'Created backup' diff --git a/Modules/CIPPCore/Public/New-CIPPBackup.ps1 b/Modules/CIPPCore/Public/New-CIPPBackup.ps1 index 09d441fcbde9..9e67a03f1ba0 100644 --- a/Modules/CIPPCore/Public/New-CIPPBackup.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPBackup.ps1 @@ -1,12 +1,12 @@ function New-CIPPBackup { - [CmdletBinding()] + [CmdletBinding(SupportsShouldProcess = $true)] param ( $backupType, $StorageOutput = 'default', $TenantFilter, $ScheduledBackupValues, $APIName = 'CIPP Backup', - $ExecutingUser + $Headers ) $BackupData = switch ($backupType) { @@ -39,17 +39,19 @@ function New-CIPPBackup { } $Table = Get-CippTable -tablename 'CIPPBackup' try { - $Result = Add-CIPPAzDataTableEntity @Table -Entity $entity -Force - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Created CIPP Backup' -Sev 'Debug' + if ($PSCmdlet.ShouldProcess('CIPP Backup', 'Create')) { + $Result = Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + Write-LogMessage -headers $Headers -API $APINAME -message 'Created CIPP Backup' -Sev 'Debug' + } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create backup for CIPP: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -message "Failed to create backup for CIPP: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage [pscustomobject]@{'Results' = "Backup Creation failed: $($ErrorMessage.NormalizedError)" } } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create backup: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -message "Failed to create backup: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage [pscustomobject]@{'Results' = "Backup Creation failed: $($ErrorMessage.NormalizedError)" } } } @@ -72,13 +74,13 @@ function New-CIPPBackup { $Table = Get-CippTable -tablename 'ScheduledBackup' try { $Result = Add-CIPPAzDataTableEntity @Table -entity $entity -Force - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Created backup' -Sev 'Debug' + Write-LogMessage -headers $Headers -API $APINAME -message 'Created backup' -Sev 'Debug' $State = 'Backup finished succesfully' $Result } catch { $State = 'Failed to write backup to table storage' $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create backup for Conditional Access Policies: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -message "Failed to create backup for Conditional Access Policies: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage [pscustomobject]@{'Results' = "Backup Creation failed: $($ErrorMessage.NormalizedError)" } } } From 0593552f7246018916c73e99860d85dc89efbb58 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 23:02:01 -0500 Subject: [PATCH 073/138] update user action logging --- Modules/CIPPCore/Public/Add-CIPPAlias.ps1 | 6 +++--- .../Administration/Users/Invoke-AddUser.ps1 | 4 ++-- .../Administration/Users/Invoke-EditUser.ps1 | 4 ++-- Modules/CIPPCore/Public/New-CIPPUserTask.ps1 | 18 +++++++++--------- Modules/CIPPCore/Public/New-CippUser.ps1 | 6 +++--- .../Public/Set-CIPPCopyGroupMembers.ps1 | 6 +++--- Modules/CIPPCore/Public/Set-CIPPManager.ps1 | 6 +++--- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPAlias.ps1 b/Modules/CIPPCore/Public/Add-CIPPAlias.ps1 index 68f297e4440b..f5579a06d493 100644 --- a/Modules/CIPPCore/Public/Add-CIPPAlias.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPAlias.ps1 @@ -6,7 +6,7 @@ function Add-CIPPAlias { $UserprincipalName, $TenantFilter, $APIName = 'Set Manager', - $ExecutingUser + $Headers ) try { @@ -16,10 +16,10 @@ function Add-CIPPAlias { } Write-Host "Resetting primary alias to $User" New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($user)" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$User`"}" -verbose - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserprincipalName)" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserprincipalName)" -Sev 'Info' return ("Added Aliases: $($Aliases -join ',')") } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Failed to set alias. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($TenantFilter) -message "Failed to set alias. Error:$($_.Exception.Message)" -Sev 'Error' throw "Failed to set alias: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 index ad799229bdfa..c3233b0bf8f6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 @@ -31,12 +31,12 @@ Function Invoke-AddUser { PSA = [bool]$Request.Body.PostExecution.PSA } } - Add-CIPPScheduledTask -Task $TaskBody -hidden $false -DisallowDuplicateName $true + Add-CIPPScheduledTask -Task $TaskBody -hidden $false -DisallowDuplicateName $true -Headers $Request.Headers $body = [pscustomobject] @{ 'Results' = @("Successfully created scheduled task to create user $($UserObj.DisplayName)") } } else { - $CreationResults = New-CIPPUserTask -userobj $UserObj -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $CreationResults = New-CIPPUserTask -userobj $UserObj -APIName $APINAME -Headers $Request.Headers $body = [pscustomobject] @{ 'Results' = $CreationResults.Results 'Username' = $CreationResults.username diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index 6b37ced7e709..6952afd7ffbc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -96,12 +96,12 @@ Function Invoke-EditUser { $null = $results.Add( 'Success. User license is already correct.' ) } else { if ($UserObj.removeLicenses) { - $licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $CurrentLicenses.assignedLicenses.skuId + $licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $CurrentLicenses.assignedLicenses.skuId -Headers $Request.Headers $null = $results.Add($licResults) } else { #Remove all objects from $CurrentLicenses.assignedLicenses.skuId that are in $licenses $RemoveLicenses = $CurrentLicenses.assignedLicenses.skuId | Where-Object { $_ -notin $licenses } - $licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $RemoveLicenses -AddLicenses $licenses + $licResults = Set-CIPPUserLicense -UserId $UserObj.id -TenantFilter $UserObj.tenantFilter -RemoveLicenses $RemoveLicenses -AddLicenses $licenses -Headers $Request.headers $null = $results.Add($licResults) } diff --git a/Modules/CIPPCore/Public/New-CIPPUserTask.ps1 b/Modules/CIPPCore/Public/New-CIPPUserTask.ps1 index f5db22fce712..d23a10deb209 100644 --- a/Modules/CIPPCore/Public/New-CIPPUserTask.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPUserTask.ps1 @@ -3,13 +3,13 @@ function New-CIPPUserTask { param ( $userobj, $APIName = 'New User Task', - $ExecutingUser, - $TenantFilter + $TenantFilter, + $Headers ) $Results = [System.Collections.Generic.List[string]]::new() try { - $CreationResults = New-CIPPUser -userobj $UserObj -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $CreationResults = New-CIPPUser -userobj $UserObj -APIName $APINAME -Headers $Headers $results.add('Created New User.') $results.add("Username: $($CreationResults.username)") $results.add("Password: $($CreationResults.password)") @@ -20,32 +20,32 @@ function New-CIPPUserTask { try { if ($userobj.licenses.value) { - $LicenseResults = Set-CIPPUserLicense -UserId $CreationResults.username -TenantFilter $UserObj.tenantFilter -AddLicenses $UserObj.licenses.value + $LicenseResults = Set-CIPPUserLicense -UserId $CreationResults.username -TenantFilter $UserObj.tenantFilter -AddLicenses $UserObj.licenses.value -Headers $Headers $Results.Add($LicenseResults) } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantFilter) -message "Failed to assign the license. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($userobj.tenantFilter) -message "Failed to assign the license. Error:$($_.Exception.Message)" -Sev 'Error' $body = $results.add("Failed to assign the license. $($_.Exception.Message)") } try { if ($Userobj.AddedAliases) { - $AliasResults = Add-CIPPAlias -user $CreationResults.username -Aliases ($UserObj.AddedAliases -split '\s') -UserprincipalName $CreationResults.Username -TenantFilter $UserObj.tenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $AliasResults = Add-CIPPAlias -user $CreationResults.username -Aliases ($UserObj.AddedAliases -split '\s') -UserprincipalName $CreationResults.Username -TenantFilter $UserObj.tenantFilter -APIName $APINAME -Headers $Headers $results.add($AliasResults) } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantFilter) -message "Failed to create the Aliases. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($userobj.tenantFilter) -message "Failed to create the Aliases. Error:$($_.Exception.Message)" -Sev 'Error' $body = $results.add("Failed to create the Aliases: $($_.Exception.Message)") } if ($userobj.copyFrom.value) { Write-Host "Copying from $($userObj.copyFrom.value)" - $CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $request.headers.'x-ms-client-principal' -CopyFromId $userObj.copyFrom.value -UserID $CreationResults.Username -TenantFilter $UserObj.tenantFilter + $CopyFrom = Set-CIPPCopyGroupMembers -Headers $Headers -CopyFromId $userObj.copyFrom.value -UserID $CreationResults.Username -TenantFilter $UserObj.tenantFilter $CopyFrom.Success | ForEach-Object { $results.Add($_) } $CopyFrom.Error | ForEach-Object { $results.Add($_) } } if ($userobj.setManager) { - $ManagerResult = Set-CIPPManager -user $CreationResults.username -Manager $userObj.setManager.value -TenantFilter $UserObj.tenantFilter -APIName 'Set Manager' -ExecutingUser $request.headers.'x-ms-client-principal' + $ManagerResult = Set-CIPPManager -user $CreationResults.username -Manager $userObj.setManager.value -TenantFilter $UserObj.tenantFilter -APIName 'Set Manager' -Headers $Headers $results.add($ManagerResult) } diff --git a/Modules/CIPPCore/Public/New-CippUser.ps1 b/Modules/CIPPCore/Public/New-CippUser.ps1 index aad9acdec919..234c9392ba03 100644 --- a/Modules/CIPPCore/Public/New-CippUser.ps1 +++ b/Modules/CIPPCore/Public/New-CippUser.ps1 @@ -5,7 +5,7 @@ function New-CIPPUser { $Aliases = 'Scheduled', $RestoreValues, $APIName = 'New User', - $ExecutingUser + $Headers ) try { @@ -50,7 +50,7 @@ function New-CIPPUser { $bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress Write-Host "Shipping: $bodyToShip" $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/users' -tenantId $UserObj.tenantFilter -type POST -body $BodyToship -verbose - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($UserObj.tenantFilter) -message "Created user $($UserObj.displayname) with id $($GraphRequest.id) " -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($UserObj.tenantFilter) -message "Created user $($UserObj.displayname) with id $($GraphRequest.id) " -Sev 'Info' try { $PasswordLink = New-PwPushLink -Payload $password @@ -66,7 +66,7 @@ function New-CIPPUser { Password = $password } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($UserObj.tenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($UserObj.tenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' $results = @{ Results = ("Failed to create user. $($_.Exception.Message)" ) } throw "Failed to create user $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 b/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 index bdc0c0cb1409..7225829106e8 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCopyGroupMembers.ps1 @@ -1,7 +1,7 @@ function Set-CIPPCopyGroupMembers { [CmdletBinding(SupportsShouldProcess = $true)] param( - [string]$ExecutingUser, + $Headers, [string]$UserId, [string]$CopyFromId, [string]$TenantFilter, @@ -88,13 +88,13 @@ function Set-CIPPCopyGroupMembers { Add-CIPPScheduledTask -Task $TaskBody -hidden $false $Errors.Add("We've scheduled a task to add $UserId to the Exchange group $($MailGroup.displayName)") | Out-Null } else { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Added $UserId to group $($MailGroup.displayName)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Added $UserId to group $($MailGroup.displayName)" -Sev 'Info' -tenant $TenantFilter $Success.Add("Added user to group: $($MailGroup.displayName)") | Out-Null } } catch { $ErrorMessage = Get-CippException -Exception $_ $Errors.Add("We've failed to add the group $($MailGroup.displayName): $($ErrorMessage.NormalizedError)") | Out-Null - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Group adding failed for group $($_.displayName): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Group adding failed for group $($_.displayName): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage } } diff --git a/Modules/CIPPCore/Public/Set-CIPPManager.ps1 b/Modules/CIPPCore/Public/Set-CIPPManager.ps1 index 0b7c68c710fc..e9d172853173 100644 --- a/Modules/CIPPCore/Public/Set-CIPPManager.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPManager.ps1 @@ -5,16 +5,16 @@ function Set-CIPPManager { $Manager, $TenantFilter, $APIName = 'Set Manager', - $ExecutingUser + $Headers ) try { $ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Manager)" } $ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($User)/manager/`$ref" -tenantid $TenantFilter -type PUT -body $ManagerBodyJSON -Verbose - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $UserObj.tenantID -message "Set $user's manager to $Manager" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $UserObj.tenantID -message "Set $user's manager to $Manager" -Sev 'Info' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($UserObj.tenantID) -message "Failed to Set Manager. Error:$($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($UserObj.tenantID) -message "Failed to Set Manager. Error:$($_.Exception.Message)" -Sev 'Error' throw "Failed to set manager: $($_.Exception.Message)" } return "Set $user's manager to $Manager" From a141abec68c5ca1ccd6cc31151d1c01c8eb4b660 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 23:22:10 -0500 Subject: [PATCH 074/138] update user offboarding logging --- ...Push-ExecOffboardingMailboxPermissions.ps1 | 2 +- .../Users/Invoke-ExecOffboardUser.ps1 | 4 +- .../Public/Invoke-CIPPOffboardingJob.ps1 | 60 ++++++++----------- .../Public/Remove-CIPPCalendarInvites.ps1 | 6 +- .../CIPPCore/Public/Remove-CIPPLicense.ps1 | 8 +-- .../Public/Remove-CIPPMailboxPermissions.ps1 | 10 ++-- .../Public/Remove-CIPPMailboxRule.ps1 | 12 ++-- .../Public/Remove-CIPPMobileDevice.ps1 | 6 +- Modules/CIPPCore/Public/Remove-CIPPUser.ps1 | 6 +- .../CIPPCore/Public/Remove-CIPPUserMFA.ps1 | 10 ++-- .../CIPPCore/Public/Revoke-CIPPSessions.ps1 | 6 +- .../CIPPCore/Public/Set-CIPPForwarding.ps1 | 10 ++-- .../CIPPCore/Public/Set-CIPPHideFromGAL.ps1 | 6 +- .../CIPPCore/Public/Set-CIPPMailboxAccess.ps1 | 8 +-- .../CIPPCore/Public/Set-CIPPMailboxType.ps1 | 6 +- .../CIPPCore/Public/Set-CIPPOutOfoffice.ps1 | 8 +-- .../CIPPCore/Public/Set-CIPPResetPassword.ps1 | 6 +- .../Public/Set-CIPPSharePointPerms.ps1 | 8 +-- .../CIPPCore/Public/Set-CIPPSignInState.ps1 | 6 +- 19 files changed, 90 insertions(+), 98 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOffboardingMailboxPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOffboardingMailboxPermissions.ps1 index e1497d902ce1..e3b9845d105b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOffboardingMailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOffboardingMailboxPermissions.ps1 @@ -7,5 +7,5 @@ function Push-ExecOffboardingMailboxPermissions { $Item ) - Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid 'AllUsers' -AccessUser $Item.User -TenantFilter $Item.TenantFilter -APIName $Item.APINAME -ExecutingUser $Item.ExecutingUser + Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid 'AllUsers' -AccessUser $Item.User -TenantFilter $Item.TenantFilter -APIName $Item.APINAME -Headers $Item.Headers } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 index c4634144497a..0a4b40bba8e8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 @@ -36,9 +36,9 @@ Function Invoke-ExecOffboardUser { PSA = [bool]$Request.Body.PostExecution.psa } } - Add-CIPPScheduledTask -Task $taskObject -hidden $false + Add-CIPPScheduledTask -Task $taskObject -hidden $false -Headers $Request.Headers } else { - Invoke-CIPPOffboardingJob -Username $Username -TenantFilter $Tenantfilter -Options $Request.body -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' + Invoke-CIPPOffboardingJob -Username $Username -TenantFilter $Tenantfilter -Options $Request.body -APIName $APIName -Headers $Request.Headers } $StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 index 961df76c6ac6..47a39a69ed30 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 @@ -7,7 +7,7 @@ function Invoke-CIPPOffboardingJob { [switch]$RunScheduled, $Options, $APIName = 'Offboard user', - $ExecutingUser + $Headers ) if ($Options -is [string]) { $Options = $Options | ConvertFrom-Json @@ -16,81 +16,74 @@ function Invoke-CIPPOffboardingJob { Write-Host "Running offboarding job for $username with options: $($Options | ConvertTo-Json -Depth 10)" $Return = switch ($Options) { { $_.'ConvertToShared' -eq $true } { - Set-CIPPMailboxType -ExecutingUser $ExecutingUser -tenantFilter $tenantFilter -userid $username -username $username -MailboxType 'Shared' -APIName $APIName + Set-CIPPMailboxType -Headers $Headers -tenantFilter $tenantFilter -userid $username -username $username -MailboxType 'Shared' -APIName $APIName } { $_.RevokeSessions -eq $true } { - Revoke-CIPPSessions -tenantFilter $tenantFilter -username $username -userid $userid -ExecutingUser $ExecutingUser -APIName $APIName + Revoke-CIPPSessions -tenantFilter $tenantFilter -username $username -userid $userid -Headers $Headers -APIName $APIName } { $_.ResetPass -eq $true } { - Set-CIPPResetPassword -tenantFilter $tenantFilter -userid $username -ExecutingUser $ExecutingUser -APIName $APIName + Set-CIPPResetPassword -tenantFilter $tenantFilter -userid $username -Headers $Headers -APIName $APIName } { $_.RemoveGroups -eq $true } { - Remove-CIPPGroups -userid $userid -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -Username "$Username" + Remove-CIPPGroups -userid $userid -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName -Username "$Username" } - { $_.'HideFromGAL' -eq $true } { - Set-CIPPHideFromGAL -tenantFilter $tenantFilter -userid $username -HideFromGAL $true -ExecutingUser $ExecutingUser -APIName $APIName + Set-CIPPHideFromGAL -tenantFilter $tenantFilter -userid $username -HideFromGAL $true -Headers $Headers -APIName $APIName } { $_.'DisableSignIn' -eq $true } { - Set-CIPPSignInState -TenantFilter $tenantFilter -userid $username -AccountEnabled $false -ExecutingUser $ExecutingUser -APIName $APIName + Set-CIPPSignInState -TenantFilter $tenantFilter -userid $username -AccountEnabled $false -Headers $Headers -APIName $APIName } - { $_.'OnedriveAccess' } { - $Options.OnedriveAccess | ForEach-Object { Set-CIPPSharePointPerms -tenantFilter $tenantFilter -userid $username -OnedriveAccessUser $_.value -ExecutingUser $ExecutingUser -APIName $APIName } + $Options.OnedriveAccess | ForEach-Object { Set-CIPPSharePointPerms -tenantFilter $tenantFilter -userid $username -OnedriveAccessUser $_.value -Headers $Headers -APIName $APIName } } - { $_.'AccessNoAutomap' } { - $Options.AccessNoAutomap | ForEach-Object { Set-CIPPMailboxAccess -tenantFilter $tenantFilter -userid $username -AccessUser $_.value -Automap $false -AccessRights @('FullAccess') -ExecutingUser $ExecutingUser -APIName $APIName } + $Options.AccessNoAutomap | ForEach-Object { Set-CIPPMailboxAccess -tenantFilter $tenantFilter -userid $username -AccessUser $_.value -Automap $false -AccessRights @('FullAccess') -Headers $Headers -APIName $APIName } } { $_.'AccessAutomap' } { - $Options.AccessAutomap | ForEach-Object { Set-CIPPMailboxAccess -tenantFilter $tenantFilter -userid $username -AccessUser $_.value -Automap $true -AccessRights @('FullAccess') -ExecutingUser $ExecutingUser -APIName $APIName } + $Options.AccessAutomap | ForEach-Object { Set-CIPPMailboxAccess -tenantFilter $tenantFilter -userid $username -AccessUser $_.value -Automap $true -AccessRights @('FullAccess') -Headers $Headers -APIName $APIName } } - { $_.'OOO' } { - Set-CIPPOutOfOffice -tenantFilter $tenantFilter -userid $username -InternalMessage $Options.OOO -ExternalMessage $Options.OOO -ExecutingUser $ExecutingUser -APIName $APIName -state 'Enabled' + Set-CIPPOutOfOffice -tenantFilter $tenantFilter -userid $username -InternalMessage $Options.OOO -ExternalMessage $Options.OOO -Headers $Headers -APIName $APIName -state 'Enabled' } { $_.'forward' } { if (!$Options.keepCopy) { - Set-CIPPForwarding -userid $userid -username $username -tenantFilter $Tenantfilter -Forward $Options.forward.value -ExecutingUser $ExecutingUser -APIName $APIName + Set-CIPPForwarding -userid $userid -username $username -tenantFilter $Tenantfilter -Forward $Options.forward.value -Headers $Headers -APIName $APIName } else { $KeepCopy = [boolean]$Options.keepCopy - Set-CIPPForwarding -userid $userid -username $username -tenantFilter $Tenantfilter -Forward $Options.forward.value -KeepCopy $KeepCopy -ExecutingUser $ExecutingUser -APIName $APIName + Set-CIPPForwarding -userid $userid -username $username -tenantFilter $Tenantfilter -Forward $Options.forward.value -KeepCopy $KeepCopy -Headers $Headers -APIName $APIName } } { $_.'RemoveLicenses' -eq $true } { - Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -Schedule + Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName -Schedule } - { $_.'deleteuser' -eq $true } { - Remove-CIPPUser -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName + Remove-CIPPUser -userid $userid -username $Username -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName } - { $_.'removeRules' -eq $true } { Write-Host "Removing rules for $username" - Remove-CIPPMailboxRule -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -RemoveAllRules + Remove-CIPPMailboxRule -userid $userid -username $Username -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName -RemoveAllRules } - { $_.'removeMobile' -eq $true } { - Remove-CIPPMobileDevice -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName + Remove-CIPPMobileDevice -userid $userid -username $Username -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName } { $_.'removeCalendarInvites' -eq $true } { - Remove-CIPPCalendarInvites -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName + Remove-CIPPCalendarInvites -userid $userid -username $Username -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName } { $_.'removePermissions' } { if ($RunScheduled) { - Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid 'AllUsers' -AccessUser $UserName -TenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $ExecutingUser + Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid 'AllUsers' -AccessUser $UserName -TenantFilter $TenantFilter -APIName $APINAME -Headers $Headers } else { $Queue = New-CippQueueEntry -Name "Offboarding - Mailbox Permissions: $Username" -TotalTasks 1 $InputObject = [PSCustomObject]@{ Batch = @( [PSCustomObject]@{ - 'FunctionName' = 'ExecOffboardingMailboxPermissions' - 'TenantFilter' = $TenantFilter - 'User' = $Username - 'ExecutingUser' = $ExecutingUser - 'APINAME' = $APINAME - 'QueueId' = $Queue.RowKey + 'FunctionName' = 'ExecOffboardingMailboxPermissions' + 'TenantFilter' = $TenantFilter + 'User' = $Username + 'Headers' = $Headers + 'APINAME' = $APINAME + 'QueueId' = $Queue.RowKey } ) OrchestratorName = "OffboardingMailboxPermissions_$Username" @@ -101,9 +94,8 @@ function Invoke-CIPPOffboardingJob { } } { $_.'RemoveMFADevices' } { - Remove-CIPPUserMFA -UserPrincipalName $Username -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser + Remove-CIPPUserMFA -UserPrincipalName $Username -TenantFilter $TenantFilter -Headers $Headers } - } return $Return diff --git a/Modules/CIPPCore/Public/Remove-CIPPCalendarInvites.ps1 b/Modules/CIPPCore/Public/Remove-CIPPCalendarInvites.ps1 index 3c0d9c326024..0fa8eab58997 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPCalendarInvites.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPCalendarInvites.ps1 @@ -5,18 +5,18 @@ function Remove-CIPPCalendarInvites { $tenantFilter, $username, $APIName = 'Remove Calendar Invites', - $ExecutingUser + $Headers ) try { New-ExoRequest -tenantid $tenantFilter -cmdlet 'Remove-CalendarEvents' -Anchor $username -cmdParams @{Identity = $username; QueryWindowInDays = 730 ; CancelOrganizedMeetings = $true ; Confirm = $false } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Cancelled all calendar invites for $($username)" -Sev 'Info' -tenant $tenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Cancelled all calendar invites for $($username)" -Sev 'Info' -tenant $tenantFilter "Cancelled all calendar invites for $($username)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not cancel calendar invites for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $tenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not cancel calendar invites for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $tenantFilter -LogData $ErrorMessage return "Could not cancel calendar invites for $($username). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 b/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 index 6bf266fc7a7a..1b35fc29eabd 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 @@ -1,7 +1,7 @@ function Remove-CIPPLicense { [CmdletBinding(SupportsShouldProcess = $true)] param ( - $ExecutingUser, + $Headers, $userid, $username, $APIName = 'Remove License', @@ -45,16 +45,16 @@ function Remove-CIPPLicense { } if ($PSCmdlet.ShouldProcess($userid, "Remove licenses: $ConvertedLicense")) { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/assignlicense" -tenantid $tenantFilter -type POST -body (ConvertTo-Json -InputObject $LicensePayload -Compress -Depth 5) -verbose - Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed licenses for $($username): $ConvertedLicense" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Removed licenses for $($username): $ConvertedLicense" -Sev 'Info' -tenant $TenantFilter } return "Removed licenses for $($Username): $ConvertedLicense" } else { - Write-LogMessage -user $ExecutingUser -API $APIName -message "No licenses to remove for $username" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "No licenses to remove for $username" -Sev 'Info' -tenant $TenantFilter return "No licenses to remove for $username" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not remove license for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not remove license for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not remove license for $($username). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 b/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 index 16a2dd352cda..522f6d32bde6 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 @@ -6,7 +6,7 @@ function Remove-CIPPMailboxPermissions { $TenantFilter, $PermissionsLevel, $APIName = 'Manage Shared Mailbox Access', - $ExecutingUser + $Headers ) try { @@ -24,14 +24,14 @@ function Remove-CIPPMailboxPermissions { 'SendOnBehalf' { $MailboxPerms = New-ExoRequest -Anchor $UserId -tenantid $Tenantfilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $userid; GrantSendonBehalfTo = @{'@odata.type' = '#Exchange.GenericHashTable'; remove = $AccessUser }; } if ($MailboxPerms -notlike '*completed successfully but no settings of*') { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed SendOnBehalf permissions for $($AccessUser) from $($userid)'s mailbox." -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Removed SendOnBehalf permissions for $($AccessUser) from $($userid)'s mailbox." -Sev 'Info' -tenant $TenantFilter "Removed SendOnBehalf permissions for $($AccessUser) from $($userid)'s mailbox." } } 'SendAS' { $MailboxPerms = New-ExoRequest -Anchor $userId -tenantid $Tenantfilter -cmdlet 'Remove-RecipientPermission' -cmdParams @{Identity = $userid; Trustee = $AccessUser; accessRights = @('SendAs') } if ($MailboxPerms -notlike "*because the ACE isn't present*") { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed SendAs permissions for $($AccessUser) from $($userid)'s mailbox." -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Removed SendAs permissions for $($AccessUser) from $($userid)'s mailbox." -Sev 'Info' -tenant $TenantFilter "Removed SendAs permissions for $($AccessUser) from $($userid)'s mailbox." } } @@ -50,7 +50,7 @@ function Remove-CIPPMailboxPermissions { $permissions = New-ExoRequest @ExoRequest if ($permissions -notlike "*because the ACE doesn't exist on the object.*") { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed FullAccess permissions for $($AccessUser) from $($userid)'s mailbox." -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Removed FullAccess permissions for $($AccessUser) from $($userid)'s mailbox." -Sev 'Info' -tenant $TenantFilter "Removed FullAccess permissions for $($AccessUser) from $($userid)'s mailbox." } } @@ -60,7 +60,7 @@ function Remove-CIPPMailboxPermissions { return $Results } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not remove mailbox permissions for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not remove mailbox permissions for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not remove mailbox permissions for $($userid). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 b/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 index 82fa745d6f83..47b494ac4b7c 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 @@ -5,7 +5,7 @@ function Remove-CIPPMailboxRule { $username, $TenantFilter, $APIName = 'Mailbox Rules Removal', - $ExecutingUser, + $Headers, $RuleId, $RuleName, [switch]$RemoveAllRules @@ -18,29 +18,29 @@ function Remove-CIPPMailboxRule { $rules = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $username; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } Write-Host "$($rules.count) rules found" if ($null -eq $rules) { - Write-LogMessage -user $ExecutingUser -API $APIName -message "No Rules for $($username) to delete" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "No Rules for $($username) to delete" -Sev 'Info' -tenant $TenantFilter return "No rules for $($username) to delete" } else { ForEach ($rule in $rules) { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-InboxRule' -Anchor $username -cmdParams @{Identity = $rule.Identity } } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted Rules for $($username)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Deleted Rules for $($username)" -Sev 'Info' -tenant $TenantFilter return "Deleted Rules for $($username)" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete rules for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not delete rules for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not delete rules for $($username). Error: $($ErrorMessage.NormalizedError)" } } else { # Only delete 1 rule try { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-InboxRule' -Anchor $username -cmdParams @{Identity = $RuleId } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted mailbox rule $($RuleName) for $($username)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Deleted mailbox rule $($RuleName) for $($username)" -Sev 'Info' -tenant $TenantFilter return "Deleted mailbox rule $($RuleName) for $($username)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete rule for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not delete rule for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not delete rule for $($username). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPMobileDevice.ps1 b/Modules/CIPPCore/Public/Remove-CIPPMobileDevice.ps1 index 54706e3e97f3..d1d0a8cb45ba 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPMobileDevice.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPMobileDevice.ps1 @@ -5,7 +5,7 @@ function Remove-CIPPMobileDevice { $tenantFilter, $username, $APIName = 'Remove Mobile', - $ExecutingUser + $Headers ) try { @@ -18,11 +18,11 @@ function Remove-CIPPMobileDevice { } } if (!$Devices) { $Devices = 'No mobile devices have been removed as we could not find any' } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted mobile devices for $($username)" -Sev 'Info' -tenant $tenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Deleted mobile devices for $($username)" -Sev 'Info' -tenant $tenantFilter return $devices } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete mobile devices for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $tenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not delete mobile devices for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $tenantFilter -LogData $ErrorMessage return "Could not delete mobile devices for $($username). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPUser.ps1 b/Modules/CIPPCore/Public/Remove-CIPPUser.ps1 index f144b7f1213f..b789f5943fc5 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPUser.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPUser.ps1 @@ -1,7 +1,7 @@ function Remove-CIPPUser { [CmdletBinding()] param ( - $ExecutingUser, + $Headers, $userid, $username, $APIName = 'Remove User', @@ -10,12 +10,12 @@ function Remove-CIPPUser { try { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -type DELETE -tenant $TenantFilter - Write-LogMessage -user $ExecutingUser, -API $APIName -message "Deleted account $username" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers, -API $APIName -message "Deleted account $username" -Sev 'Info' -tenant $TenantFilter return "Deleted the user account $username" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser, -API $APIName -message "Could not delete $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers, -API $APIName -message "Could not delete $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not delete $username. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPUserMFA.ps1 b/Modules/CIPPCore/Public/Remove-CIPPUserMFA.ps1 index 6056c62511c5..2d9efd1e30e2 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPUserMFA.ps1 @@ -23,14 +23,14 @@ function Remove-CIPPUserMFA { [Parameter(Mandatory = $true)] [string]$TenantFilter, [Parameter(Mandatory = $false)] - [string]$ExecutingUser = 'CIPP' + $Headers ) Write-Information "Getting auth methods for $UserPrincipalName" try { $AuthMethods = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$UserPrincipalName/authentication/methods" -tenantid $TenantFilter -AsApp $true } catch { - Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to get MFA methods for user $UserPrincipalName" -sev 'Error' -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Headers -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to get MFA methods for user $UserPrincipalName" -sev 'Error' -LogData (Get-CippException -Exception $_) return "Failed to get MFA methods for user $UserPrincipalName - $($_.Exception.Message)" } $Requests = [System.Collections.Generic.List[object]]::new() @@ -45,17 +45,17 @@ function Remove-CIPPUserMFA { } } if (($Requests | Measure-Object).Count -eq 0) { - Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "No MFA methods found for user $UserPrincipalName" -sev 'Info' + Write-LogMessage -headers $Headers -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "No MFA methods found for user $UserPrincipalName" -sev 'Info' $Results = "No MFA methods found for user $($UserPrincipalName)" } else { if ($PSCmdlet.ShouldProcess("Remove MFA methods for $UserPrincipalName")) { $Results = New-GraphBulkRequest -Requests $Requests -tenantid $TenantFilter -asapp $true -erroraction stop if ($Results.status -eq 204) { - Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Successfully removed MFA methods for user $UserPrincipalName" -sev 'Info' + Write-LogMessage -headers $Headers -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Successfully removed MFA methods for user $UserPrincipalName" -sev 'Info' $Results = [pscustomobject]@{'Results' = "Successfully completed request. User $($Request.Query.ID) must supply MFA at next logon" } } else { $FailedAuthMethods = (($Results | Where-Object { $_.status -ne 204 }).id -split '-')[0] -join ', ' - Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to remove MFA methods for $FailedAuthMethods" -sev 'Error' + Write-LogMessage -headers $Headers -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to remove MFA methods for $FailedAuthMethods" -sev 'Error' $Results = "Failed to reset MFA methods for $FailedAuthMethods" } } diff --git a/Modules/CIPPCore/Public/Revoke-CIPPSessions.ps1 b/Modules/CIPPCore/Public/Revoke-CIPPSessions.ps1 index a20a0df59c8e..82ee5126cd4c 100644 --- a/Modules/CIPPCore/Public/Revoke-CIPPSessions.ps1 +++ b/Modules/CIPPCore/Public/Revoke-CIPPSessions.ps1 @@ -1,7 +1,7 @@ function Revoke-CIPPSessions { [CmdletBinding()] param ( - $ExecutingUser, + $Headers, $userid, $username, $APIName = 'Revoke Sessions', @@ -10,12 +10,12 @@ function Revoke-CIPPSessions { try { $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/invalidateAllRefreshTokens" -tenantid $TenantFilter -type POST -body '{}' -verbose - Write-LogMessage -user $ExecutingUser -API $APIName -message "Revoked sessions for $($username)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Revoked sessions for $($username)" -Sev 'Info' -tenant $TenantFilter return "Success. All sessions by $username have been revoked" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to revoke sessions for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Failed to revoke sessions for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Revoke Session Failed: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPForwarding.ps1 b/Modules/CIPPCore/Public/Set-CIPPForwarding.ps1 index 23bce649ca3e..81e8cf53c9fe 100644 --- a/Modules/CIPPCore/Public/Set-CIPPForwarding.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPForwarding.ps1 @@ -18,8 +18,8 @@ function Set-CIPPForwarding { .PARAMETER username Username to manage for forwarding. - .PARAMETER ExecutingUser - CIPP user executing the command. + .PARAMETER Headers + CIPP HTTP Request headers. .PARAMETER APIName Name of the API executing the command. @@ -40,7 +40,7 @@ function Set-CIPPForwarding { [string]$forwardingSMTPAddress, [string]$tenantFilter, [string]$username, - [string]$ExecutingUser, + $Headers, [string]$APIName = 'Forwarding', [string]$Forward, $KeepCopy, @@ -63,11 +63,11 @@ function Set-CIPPForwarding { $Message = "Forwarding all email for $username to External Address $ForwardingSMTPAddress and keeping a copy set to $KeepCopy" } } - Write-LogMessage -user $ExecutingUser -API $APIName -message $Message -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message $Message -Sev 'Info' -tenant $TenantFilter return $Message } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add forwarding for $($username). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not add forwarding for $($username). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not add forwarding for $($username). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 b/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 index be63ce724782..b34daface0e1 100644 --- a/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPHideFromGAL.ps1 @@ -5,16 +5,16 @@ function Set-CIPPHideFromGAL { $TenantFilter, $APIName = 'Hide From Address List', [bool]$HideFromGAL, - $ExecutingUser + $Headers ) $Text = if ($HideFromGAL) { 'hidden' } else { 'unhidden' } try { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $UserId ; HiddenFromAddressListsEnabled = $HideFromGAL } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($Tenantfilter) -message "$($UserId) $Text from GAL" -Sev Info + Write-LogMessage -headers $Headers -API $APINAME -tenant $($Tenantfilter) -message "$($UserId) $Text from GAL" -Sev Info return "Successfully $Text $($UserId) from GAL." } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not hide $($UserId) from address list. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 index e9efdf9eaa10..b7e7fdd7805c 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 @@ -6,7 +6,7 @@ function Set-CIPPMailboxAccess { [bool]$Automap, $TenantFilter, $APIName = 'Manage Shared Mailbox Access', - $ExecutingUser, + $Headers, [array]$AccessRights ) @@ -14,15 +14,15 @@ function Set-CIPPMailboxAccess { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-MailboxPermission' -cmdParams @{Identity = $userid; user = $AccessUser; automapping = $Automap; accessRights = $AccessRights; InheritanceType = 'all' } -Anchor $userid if ($Automap) { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Gave $AccessRights permissions to $($AccessUser) on $($userid) with automapping" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Gave $AccessRights permissions to $($AccessUser) on $($userid) with automapping" -Sev 'Info' -tenant $TenantFilter return "added $($AccessUser) to $($userid) Shared Mailbox with automapping, with the following permissions: $AccessRights" } else { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Gave $AccessRights permissions to $($AccessUser) on $($userid) without automapping" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Gave $AccessRights permissions to $($AccessUser) on $($userid) without automapping" -Sev 'Info' -tenant $TenantFilter return "added $($AccessUser) to $($userid) Shared Mailbox without automapping, with the following permissions: $AccessRights" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add mailbox permissions for $($AccessUser) on $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not add mailbox permissions for $($AccessUser) on $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not add shared mailbox permissions for $($userid). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxType.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxType.ps1 index f139908ade52..cd2ba3313635 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMailboxType.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMailboxType.ps1 @@ -1,7 +1,7 @@ function Set-CIPPMailboxType { [CmdletBinding()] param ( - $ExecutingUser, + $Headers, $userid, $username, $APIName = 'Mailbox Conversion', @@ -13,11 +13,11 @@ function Set-CIPPMailboxType { try { if ([string]::IsNullOrWhiteSpace($username)) { $username = $userid } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $userid; Type = $MailboxType } -Anchor $username - Write-LogMessage -user $ExecutingUser -API $APIName -message "Converted $($username) to a $MailboxType mailbox" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Converted $($username) to a $MailboxType mailbox" -Sev 'Info' -tenant $TenantFilter return "Converted $username to a $MailboxType mailbox" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not convert $username to $MailboxType mailbox. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not convert $username to $MailboxType mailbox. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not convert $username to a $MailboxType mailbox. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPOutOfoffice.ps1 b/Modules/CIPPCore/Public/Set-CIPPOutOfoffice.ps1 index 116c503486c1..7581fc0c2286 100644 --- a/Modules/CIPPCore/Public/Set-CIPPOutOfoffice.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPOutOfoffice.ps1 @@ -7,7 +7,7 @@ function Set-CIPPOutOfOffice { $TenantFilter, $State, $APIName = 'Set Out of Office', - $ExecutingUser, + $Headers, $StartTime, $EndTime ) @@ -21,16 +21,16 @@ function Set-CIPPOutOfOffice { } if ($State -ne 'Scheduled') { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-MailboxAutoReplyConfiguration' -cmdParams @{Identity = $userid; AutoReplyState = $State; InternalMessage = $InternalMessage; ExternalMessage = $ExternalMessage } -Anchor $userid - Write-LogMessage -user $ExecutingUser -API $APIName -message "Set Out-of-office for $($userid) to $state" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Set Out-of-office for $($userid) to $state" -Sev 'Info' -tenant $TenantFilter return "Set Out-of-office for $($userid) to $state." } else { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-MailboxAutoReplyConfiguration' -cmdParams @{Identity = $userid; AutoReplyState = $State; InternalMessage = $InternalMessage; ExternalMessage = $ExternalMessage; StartTime = $StartTime; EndTime = $EndTime } -Anchor $userid - Write-LogMessage -user $ExecutingUser -API $APIName -message "Scheduled Out-of-office for $($userid) between $StartTime and $EndTime" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Scheduled Out-of-office for $($userid) between $StartTime and $EndTime" -Sev 'Info' -tenant $TenantFilter return "Scheduled Out-of-office for $($userid) between $($StartTime.toString()) and $($EndTime.toString())" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add OOO for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not add OOO for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not add out of office message for $($userid). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPResetPassword.ps1 b/Modules/CIPPCore/Public/Set-CIPPResetPassword.ps1 index fbe745f55981..74d248789127 100644 --- a/Modules/CIPPCore/Public/Set-CIPPResetPassword.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPResetPassword.ps1 @@ -4,7 +4,7 @@ function Set-CIPPResetPassword { $userid, $tenantFilter, $APIName = 'Reset Password', - $ExecutingUser, + $Headers, [bool]$forceChangePasswordNextSignIn = $true ) @@ -25,7 +25,7 @@ function Set-CIPPResetPassword { if ($PasswordLink) { $password = $PasswordLink } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Reset the password for $($userid). User must change password is set to $forceChangePasswordNextSignIn" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Reset the password for $($userid). User must change password is set to $forceChangePasswordNextSignIn" -Sev 'Info' -tenant $TenantFilter if ($UserDetails.onPremisesSyncEnabled -eq $true) { return [pscustomobject]@{ resultText = "Reset the password for $($userid). User must change password is set to $forceChangePasswordNextSignIn. The new password is $password. WARNING: This user is AD synced. Please confirm passthrough or writeback is enabled." @@ -40,7 +40,7 @@ function Set-CIPPResetPassword { } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not reset password for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not reset password for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return [pscustomobject]@{ resultText = "Could not reset password for $($userid). Error: $($ErrorMessage.NormalizedError)" state = 'Error' diff --git a/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1 b/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1 index 54f1a49222da..66a87747b371 100644 --- a/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1 @@ -6,7 +6,7 @@ function Set-CIPPSharePointPerms { $TenantFilter, $APIName = 'Manage SharePoint Owner', $RemovePermission, - $ExecutingUser, + $Headers, $URL ) if ($RemovePermission -eq $true) { @@ -43,16 +43,16 @@ function Set-CIPPSharePointPerms { # Write-Host $($request) if (!$request.ErrorInfo.ErrorMessage) { $Message = "$($OnedriveAccessUser) has been $($RemovePermission ? 'removed from' : 'given') access to $URL" - Write-LogMessage -user $ExecutingUser -API $APIName -message $Message -Sev Info -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message $Message -Sev Info -tenant $TenantFilter return $Message } else { $message = "Failed to change access: $($request.ErrorInfo.ErrorMessage)" - Write-LogMessage -user $ExecutingUser -API $APIName -message $message -Sev Error -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message $message -Sev Error -tenant $TenantFilter throw $Message } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add new owner to $($OnedriveAccessUser) on $URL. Error: $($ErrorMessage.NormalizedError)" -Sev Error -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not add new owner to $($OnedriveAccessUser) on $URL. Error: $($ErrorMessage.NormalizedError)" -Sev Error -tenant $TenantFilter -LogData $ErrorMessage return "Could not add owner for $($URL). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPSignInState.ps1 b/Modules/CIPPCore/Public/Set-CIPPSignInState.ps1 index 793f8f6f8c6a..f3a51da6934b 100644 --- a/Modules/CIPPCore/Public/Set-CIPPSignInState.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPSignInState.ps1 @@ -5,7 +5,7 @@ function Set-CIPPSignInState { [bool]$AccountEnabled, $TenantFilter, $APIName = 'Disable User Sign-in', - $ExecutingUser + $Headers ) try { @@ -15,7 +15,7 @@ function Set-CIPPSignInState { $body = ConvertTo-Json -InputObject $body -Compress -Depth 5 $UserDetails = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserId)?`$select=onPremisesSyncEnabled" -noPagination $true -tenantid $TenantFilter -verbose $null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/users/$($UserId)" -tenantid $TenantFilter -type PATCH -body $body -verbose - Write-LogMessage -user $ExecutingUser -API $APIName -message "Set account enabled state to $AccountEnabled for $UserId" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Set account enabled state to $AccountEnabled for $UserId" -Sev 'Info' -tenant $TenantFilter if ($UserDetails.onPremisesSyncEnabled -eq $true) { return 'WARNING: User is AD Sync enabled. Please enable/disable in AD.' @@ -25,7 +25,7 @@ function Set-CIPPSignInState { } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not disable sign in for $UserId. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not disable sign in for $UserId. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not disable $UserId. Error: $($ErrorMessage.NormalizedError)" } } From a8d0217e64b037c4177d0ada2f943198d02d95a8 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 23:27:13 -0500 Subject: [PATCH 075/138] fix logging for groups --- .../Email-Exchange/Invoke-ExecGroupsDelete.ps1 | 2 +- Modules/CIPPCore/Public/Remove-CIPPGroup.ps1 | 8 ++++---- Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 | 6 +++--- Modules/CIPPCore/Public/Remove-CIPPGroups.ps1 | 8 ++++---- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 index 34a5aa77b9ad..6dc149972be2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecGroupsDelete { # Interact with query parameters or the body of the request. Try { - $RemoveResults = Remove-CIPPGroup -ID $Request.query.id -GroupType $Request.query.GroupType -tenantFilter $Request.query.TenantFilter -displayName $Request.query.displayName -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $RemoveResults = Remove-CIPPGroup -ID $Request.query.id -GroupType $Request.query.GroupType -tenantFilter $Request.query.TenantFilter -displayName $Request.query.displayName -APIName $APINAME -Headers $Request.Headers $Results = [pscustomobject]@{'Results' = $RemoveResults } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Remove-CIPPGroup.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGroup.ps1 index 4dcd10d02988..b356dd990b3a 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPGroup.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPGroup.ps1 @@ -1,7 +1,7 @@ function Remove-CIPPGroup { [CmdletBinding()] param ( - $ExecutingUser, + $Headers, $GroupType, $ID, $DisplayName, @@ -12,18 +12,18 @@ function Remove-CIPPGroup { try { if ($GroupType -eq 'Distribution List' -or $GroupType -eq 'Mail-Enabled Security') { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-DistributionGroup' -cmdParams @{Identity = $id; BypassSecurityGroupManagerCheck = $true } -useSystemMailbox $true - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "$($DisplayName) Deleted" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantfilter) -message "$($DisplayName) Deleted" -Sev 'Info' return "Successfully Deleted $($GroupType) group $($DisplayName)" } elseif ($GroupType -eq 'Microsoft 365' -or $GroupType -eq 'Security') { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/groups/$($ID)" -tenantid $TenantFilter -type Delete -verbose - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantfilter) -message "$($DisplayName) Deleted" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantfilter) -message "$($DisplayName) Deleted" -Sev 'Info' return "Successfully Deleted $($GroupType) group $($DisplayName)" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete $DisplayName. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not delete $DisplayName. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not delete $DisplayName. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 index c434625a3537..aeba2d9aa66b 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 @@ -1,5 +1,5 @@ function Remove-CIPPGroupMember( - [string]$ExecutingUser, + $Headers [string]$GroupType, [string]$GroupId, [string]$Member, @@ -17,13 +17,13 @@ function Remove-CIPPGroupMember( New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)/members/$($Member)/`$ref" -tenantid $TenantFilter -type DELETE -body '{}' -Verbose } $Message = "Successfully removed user $($Member) from $($GroupId)." - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' return $message } catch { $ErrorMessage = Get-CippException -Exception $_ $message = "Failed to remove user $($Member) from $($GroupId): $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData $ErrorMessage return $message } } diff --git a/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1 index e9cb0b078b23..b7fcec73a316 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPGroups.ps1 @@ -4,7 +4,7 @@ function Remove-CIPPGroups { $Username, $tenantFilter, $APIName = 'Remove From Groups', - $ExecutingUser, + $Headers, $userid ) @@ -32,17 +32,17 @@ function Remove-CIPPGroups { New-ExoRequest -tenantid $using:tenantFilter -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true } - Write-LogMessage -user $using:ExecutingUser -API $($using:APIName) -message "Removed $($using:Username) from $groupname" -Sev 'Info' -tenant $using:TenantFilter + Write-LogMessage -headers $using:Headers -API $($using:APIName) -message "Removed $($using:Username) from $groupname" -Sev 'Info' -tenant $using:TenantFilter "Successfully removed $($using:Username) from group $Groupname" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $using:ExecutingUser -API $($using:APIName) -message "Could not remove $($using:Username) from group $groupname : $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $using:TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $using:Headers -API $($using:APIName) -message "Could not remove $($using:Username) from group $groupname : $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $using:TenantFilter -LogData $ErrorMessage "Could not remove $($using:Username) from group $($Groupname): $($ErrorMessage.NormalizedError). This is likely because its a Dynamic Group or synched with active directory" } } if (!$Returnval) { $Returnval = "$($Username) is not a member of any groups." - Write-LogMessage -user $ExecutingUser -API $APIName -message "$($Username) is not a member of any groups" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "$($Username) is not a member of any groups" -Sev 'Info' -tenant $TenantFilter } return $Returnval } From 2613590d29cef3762d4e362806d460812f387ce3 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 8 Feb 2025 23:32:16 -0500 Subject: [PATCH 076/138] fix intune policy logging --- .../Endpoint/MEM/Invoke-AddPolicy.ps1 | 2 +- .../CIPPCore/Public/Set-CIPPIntunePolicy.ps1 | 24 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 index e6a62da20f50..5cf66fec102d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 @@ -27,7 +27,7 @@ Function Invoke-AddPolicy { } try { Write-Host 'Calling Adding policy' - Set-CIPPIntunePolicy -TemplateType $Request.body.TemplateType -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $AssignTo -tenantFilter $Tenant + Set-CIPPIntunePolicy -TemplateType $Request.body.TemplateType -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $AssignTo -tenantFilter $Tenant -Headers $Request.Headers Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Added policy $($Displayname)" -Sev 'Info' } catch { "$($_.Exception.Message)" diff --git a/Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1 index 95929155730a..0db2439052a0 100644 --- a/Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1 @@ -6,7 +6,7 @@ function Set-CIPPIntunePolicy { $DisplayName, $RawJSON, $AssignTo, - $ExecutingUser, + $Headers, $tenantFilter ) $ReturnValue = try { @@ -39,13 +39,13 @@ function Set-CIPPIntunePolicy { $PostType = 'edited' $ExistingID = $CheckExististing | Where-Object -Property displayName -EQ $displayname $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenantFilter -type PATCH -body $RawJSON - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info' $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName } else { $RawJSON = ConvertTo-Json -InputObject $JSON -Depth 20 -Compress $PostType = 'added' $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' } } 'Admin' { @@ -62,13 +62,13 @@ function Set-CIPPIntunePolicy { $DeleteRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL('$($ExistingID.id)')/updateDefinitionValues" -tenantid $tenantFilter -type POST -body $DeleteJson $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL('$($ExistingID.id)')/updateDefinitionValues" -tenantid $tenantFilter -type POST -body $RawJSON $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($Displayname) to template defaults" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($Displayname) to template defaults" -Sev 'info' $PostType = 'edited' } else { $PostType = 'added' $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $CreateBody $UpdateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL('$($CreateRequest.id)')/updateDefinitionValues" -tenantid $tenantFilter -type POST -body $RawJSON - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Added policy $($Displayname) to template defaults" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($Displayname) to template defaults" -Sev 'info' } } @@ -86,11 +86,11 @@ function Set-CIPPIntunePolicy { Write-Host "Raw JSON is $RawJSON" $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenantFilter -type PATCH -body $RawJSON $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info' } else { $PostType = 'added' $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' } } @@ -106,7 +106,7 @@ function Set-CIPPIntunePolicy { } else { $PostType = 'added' $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' } } 'windowsDriverUpdateProfiles' { @@ -124,22 +124,22 @@ function Set-CIPPIntunePolicy { } else { $PostType = 'added' $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' + Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info' } } } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantFilter) -message "$($PostType) policy $($Displayname)" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "$($PostType) policy $($Displayname)" -Sev 'Info' if ($AssignTo) { Write-Host "Assigning policy to $($AssignTo) with ID $($CreateRequest.id) and type $TemplateTypeURL for tenant $tenantFilter" Write-Host "ID is $($CreateRequest.id)" - + Set-CIPPAssignedPolicy -GroupName $AssignTo -PolicyId $CreateRequest.id -Type $TemplateTypeURL -TenantFilter $tenantFilter } return "Successfully $($PostType) policy for $($tenantFilter) with display name $($Displayname)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantFilter) -message "Failed $($PostType) policy $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Failed $($PostType) policy $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage throw "Failed to add or set policy for $($tenantFilter) with display name $($Displayname): $($ErrorMessage.NormalizedError)" } From ac37c469bbd51e326d5a5751c1658b35b4c2cf65 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 00:01:16 -0500 Subject: [PATCH 077/138] Update Remove-CIPPMailboxPermissions.ps1 --- Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 b/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 index 522f6d32bde6..dc934b29088d 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPMailboxPermissions.ps1 @@ -16,7 +16,7 @@ function Remove-CIPPMailboxPermissions { Import-Module '.\Modules\AzBobbyTables' Import-Module '.\Modules\CIPPCore' Write-Host "Removing permissions from mailbox $($_.UserPrincipalName)" - Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid $_.UserPrincipalName -AccessUser $using:AccessUser -TenantFilter $using:TenantFilter -APIName $using:APINAME -ExecutingUser $using:ExecutingUser + Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid $_.UserPrincipalName -AccessUser $using:AccessUser -TenantFilter $using:TenantFilter -APIName $using:APINAME -Headers $using:Headers } -ThrottleLimit 10 } else { $Results = $PermissionsLevel | ForEach-Object { From 0a534210770e18609e40fc4ec3a821d3830f166c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 00:07:43 -0500 Subject: [PATCH 078/138] Update Remove-CIPPGroupMember.ps1 --- Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 index aeba2d9aa66b..862b4b318610 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 @@ -1,5 +1,5 @@ function Remove-CIPPGroupMember( - $Headers + $Headers, [string]$GroupType, [string]$GroupId, [string]$Member, From 7db4fefca213dfee4d692d981e84e483b463e371 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 00:09:03 -0500 Subject: [PATCH 079/138] Update Get-Tenants.ps1 --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 6cd3bd8bb5c6..9921b7c869e2 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -32,7 +32,7 @@ function Get-Tenants { } if ($TenantFilter) { - Write-Information "Getting tenant $TenantFilter" + #Write-Information "Getting tenant $TenantFilter" if ($TenantFilter -match '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$') { $Filter = "{0} and customerId eq '{1}'" -f $Filter, $TenantFilter # create where-object scriptblock From 5dd63343722bab61261c56e342f1c918178708dc Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 11:25:14 -0500 Subject: [PATCH 080/138] tweaks --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 3 ++- Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 0a29df5d2852..10ccfc0dbd7f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -145,13 +145,14 @@ function Invoke-ExecApiClient { if ($Request.Body.ClientId) { $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId if ($Request.Body.RemoveAppReg -eq $true) { + Write-Information "Deleting API Client: $ClientId from Entra" $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=id,appId&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter $Id = $Apps | Where-Object { $_.appId -eq $ClientId } | Select-Object -ExpandProperty id if ($Id) { New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications(appId='$ClientId')" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true } } - + Write-Information "Deleting API Client: $ClientId from CIPP" $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag Remove-AzDataTableEntity @Table -Entity $Client Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 index b7e7fdd7805c..7ac44a00b9ee 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMailboxAccess.ps1 @@ -15,10 +15,10 @@ function Set-CIPPMailboxAccess { if ($Automap) { Write-LogMessage -headers $Headers -API $APIName -message "Gave $AccessRights permissions to $($AccessUser) on $($userid) with automapping" -Sev 'Info' -tenant $TenantFilter - return "added $($AccessUser) to $($userid) Shared Mailbox with automapping, with the following permissions: $AccessRights" + return "Added $($AccessUser) to $($userid) Shared Mailbox with automapping, with the following permissions: $AccessRights" } else { Write-LogMessage -headers $Headers -API $APIName -message "Gave $AccessRights permissions to $($AccessUser) on $($userid) without automapping" -Sev 'Info' -tenant $TenantFilter - return "added $($AccessUser) to $($userid) Shared Mailbox without automapping, with the following permissions: $AccessRights" + return "Added $($AccessUser) to $($userid) Shared Mailbox without automapping, with the following permissions: $AccessRights" } } catch { $ErrorMessage = Get-CippException -Exception $_ From 9aa702b6ef435058d2e4f49d9bd871b2adcd8ce7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 11:31:56 -0500 Subject: [PATCH 081/138] Update CippEntrypoints.psm1 --- Modules/CippEntrypoints/CippEntrypoints.psm1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index e7de51d858a7..4378bc872d98 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -10,6 +10,10 @@ function Receive-CippHttpTrigger { $TriggerMetadata ) + if ($Request.Headers.'x-ms-coldstart' -eq 1) { + Write-Information '** Function app cold start detected **' + } + $ConfigTable = Get-CIPPTable -tablename Config $Config = Get-CIPPAzDataTableEntity @ConfigTable -Filter "PartitionKey eq 'OffloadFunctions' and RowKey eq 'OffloadFunctions'" From 59dbe6ff4613742d5f2f6afb3ab5179a8f770659 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 11:37:38 -0500 Subject: [PATCH 082/138] Update Invoke-ExecApiClient.ps1 --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 10ccfc0dbd7f..d3ccf65293ed 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -154,7 +154,8 @@ function Invoke-ExecApiClient { } Write-Information "Deleting API Client: $ClientId from CIPP" $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag - Remove-AzDataTableEntity @Table -Entity $Client + Write-Information ($Client | ConvertTo-Json) + Remove-AzDataTableEntity @Table -Entity $Client -Force Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' $Body = @{ Results = "API client $ClientId deleted" } } else { From cc0f16df25d7d9ce13c099b2d2da66c0db201502 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 11:46:49 -0500 Subject: [PATCH 083/138] fix api client delete --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index d3ccf65293ed..096ba4e2761e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -153,8 +153,7 @@ function Invoke-ExecApiClient { } } Write-Information "Deleting API Client: $ClientId from CIPP" - $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey, ETag - Write-Information ($Client | ConvertTo-Json) + $Client = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'" -Property RowKey, PartitionKey Remove-AzDataTableEntity @Table -Entity $Client -Force Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Deleted API client $ClientId" -Sev 'Info' $Body = @{ Results = "API client $ClientId deleted" } From 702fba7fe2dccd25d325025ad8cf3c1bbd158031 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 11:53:40 -0500 Subject: [PATCH 084/138] add coldstart metadata --- .../HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 index 85e3d92bafc7..09beb0a109e2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1 @@ -117,6 +117,9 @@ function Invoke-ListGraphRequest { } $Metadata = $GraphRequestParams + if ($Request.Headers.'x-ms-coldstart' -eq 1) { + $Metadata.ColdStart = $true + } try { $Results = Get-GraphRequestList @GraphRequestParams From 97a797c40140e2484ac9fe102456baca4c3f2421 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 12:09:52 -0500 Subject: [PATCH 085/138] Update Invoke-ExecApiClient.ps1 --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 096ba4e2761e..6b819cf6f721 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -149,7 +149,7 @@ function Invoke-ExecApiClient { $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=id,appId&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter $Id = $Apps | Where-Object { $_.appId -eq $ClientId } | Select-Object -ExpandProperty id if ($Id) { - New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications(appId='$ClientId')" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true + New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$Id" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true } } Write-Information "Deleting API Client: $ClientId from CIPP" From 0256c236e91866e310a627b6c568d6bcc0bfe6d9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 12:57:17 -0500 Subject: [PATCH 086/138] fix more logging --- Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 | 6 +++--- .../Email-Exchange/Invoke-ExecEmailForward.ps1 | 2 +- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 2 +- .../Administration/Devices/Invoke-ExecDeviceDelete.ps1 | 2 +- .../Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 | 4 ++-- .../Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 | 2 +- Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 | 6 +++--- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 b/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 index c81175d2c9ef..455b2dcad9c4 100644 --- a/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 @@ -1,5 +1,5 @@ function Add-CIPPGroupMember( - [string]$ExecutingUser, + $Headers, [string]$GroupType, [string]$GroupId, [string]$Member, @@ -17,11 +17,11 @@ function Add-CIPPGroupMember( $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose } $Message = "Successfully added user $($Member) to $($GroupId)." - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' return $message } catch { $message = "Failed to add user $($Member) to $($GroupId) - $($_.Exception.Message)" - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData (Get-CippException -Exception $_) return $message } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 index 45b86338270e..71fef9ce1fb1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 @@ -51,7 +51,7 @@ Function Invoke-ExecEmailForward { if ($ForwardOption -eq 'disabled') { try { - Set-CIPPForwarding -userid $username -username $username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -Disable $true + Set-CIPPForwarding -userid $username -username $username -tenantFilter $Tenantfilter -Headers $Request.Headers -APIName $APIName -Disable $true $results = "Disabled Email Forwarding for $($username)" } catch { Write-LogMessage -headers $Request.Headers -API $APINAME -message "Could not disable Email forwarding for $($username)" -Sev 'Error' -tenant $TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index edbc72a7cc86..191f511cf1f4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -22,7 +22,7 @@ Function Invoke-ExecHideFromGAL { Try { - $HideResults = Set-CIPPHideFromGAL -tenantFilter $TenantFilter -UserID $UserId -hidefromgal $Hidden -ExecutingUser $ExecutingUser -APIName $APIName + $HideResults = Set-CIPPHideFromGAL -tenantFilter $TenantFilter -UserID $UserId -hidefromgal $Hidden -Headers $Request.Headers -APIName $APIName $Results = [pscustomobject]@{'Results' = $HideResults } $StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index ff3d221b1145..7d49b34420e7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecDeviceDelete { $DeviceID = $Request.body.ID ?? $Request.Query.ID try { - $Results = Set-CIPPDeviceState -Action $Action -DeviceID $DeviceID -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser -APIName $APINAME + $Results = Set-CIPPDeviceState -Action $Action -DeviceID $DeviceID -TenantFilter $TenantFilter -Headers $Request.Headers -APIName $APINAME $StatusCode = [HttpStatusCode]::OK } catch { $Results = $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 index cec32662711d..ca77575c209c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 @@ -21,10 +21,10 @@ Function Invoke-ExecSetSharePointMember { if ($Request.body.SharePointType -eq 'Group') { $GroupId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups?`$filter=mail eq '$($Request.Body.GroupID)' or proxyAddresses/any(x:endsWith(x,'$($Request.Body.GroupID)'))&`$count=true" -ComplexFilter -tenantid $TenantFilter).id if ($Request.body.Add -eq $true) { - $Results = Add-CIPPGroupMember -GroupType 'Team' -GroupID $GroupID -Member $Request.Body.user.value -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser + $Results = Add-CIPPGroupMember -GroupType 'Team' -GroupID $GroupID -Member $Request.Body.user.value -TenantFilter $TenantFilter -Headers $Request.Headers } else { $UserID = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.Body.user.value)" -tenantid $TenantFilter).id - $Results = Remove-CIPPGroupMember -GroupType 'Team' -GroupID $GroupID -Member $UserID -TenantFilter $TenantFilter -ExecutingUser $ExecutingUser + $Results = Remove-CIPPGroupMember -GroupType 'Team' -GroupID $GroupID -Member $UserID -TenantFilter $TenantFilter -Headers $Request.Headers } } else { $Results = 'This type of SharePoint site is not supported.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 index 00a4ac5caf18..13191170bb1e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 @@ -26,7 +26,7 @@ Function Invoke-ExecSharePointPerms { $State = Set-CIPPSharePointPerms -tenantFilter $tenantFilter ` -UserId $UserId ` -OnedriveAccessUser $OnedriveAccessUser ` - -ExecutingUser $ExecutingUser ` + -Headers $Request.Headers ` -APIName $APIName ` -RemovePermission $Request.body.RemovePermission ` -URL $Request.Body.URL diff --git a/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 index f9740fb591a7..3cf9ae487b22 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 @@ -49,7 +49,7 @@ [Parameter(Mandatory = $true)]$DeviceID, [Parameter(Mandatory = $true)]$TenantFilter, - $ExecutingUser, + $Headers, $APIName = 'Set Device State' ) $Url = "https://graph.microsoft.com/beta/devices/$($DeviceID)" @@ -67,11 +67,11 @@ } } Write-Host $ActionResult - Write-LogMessage -user $ExecutingUser -API $APIName -message "Executed action $($Action) on $($DeviceID)" -Sev Info + Write-LogMessage -headers $Headers -API $APIName -message "Executed action $($Action) on $($DeviceID)" -Sev Info return "Executed action $($Action) on $($DeviceID)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage throw "Failed to queue action $($Action) on $($DeviceID). Error: $($ErrorMessage.NormalizedError)" } From cf753974df8de71dca2d2563d76d87395f233d82 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 19:23:03 -0500 Subject: [PATCH 087/138] ip address validation --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 6b819cf6f721..2d5be60cf1e1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -53,7 +53,13 @@ function Invoke-ExecApiClient { } if ($Request.Body.IpRange.value) { - $IpRange = @($Request.Body.IpRange.value) + $IpRange = [System.Collections.Generic.List[string]]::new() + $regexPattern = '^(?:(?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/\d{1,2})?|(?:[0-9A-Fa-f]{1,4}:){1,7}[0-9A-Fa-f]{1,4}(?:/\d{1,3})?)$' + foreach ($IP in @($Request.Body.IPRange.value)) { + if ($IP -match $regexPattern) { + $IpRange.Add($IP) + } + } } else { $IpRange = @() } From d2bd15dcaed90f6d80657708d0675934a991d539 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 19:37:37 -0500 Subject: [PATCH 088/138] Update Invoke-ExecApiClient.ps1 --- .../CIPP/Settings/Invoke-ExecApiClient.ps1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 2d5be60cf1e1..4deb169db6c6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -152,10 +152,13 @@ function Invoke-ExecApiClient { $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId if ($Request.Body.RemoveAppReg -eq $true) { Write-Information "Deleting API Client: $ClientId from Entra" - $Apps = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=signInAudience eq 'AzureAdMyOrg' and web/redirectUris/any(x:x eq 'https://$($sitename).azurewebsites.net/.auth/login/aad/callback')&`$top=999&`$select=id,appId&`$count=true" -NoAuthCheck $true -asapp $true -ComplexFilter - $Id = $Apps | Where-Object { $_.appId -eq $ClientId } | Select-Object -ExpandProperty id - if ($Id) { + $App = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=appId eq '$($ClientId)'&`$select=id,appId,web" -NoAuthCheck $true -asapp $true + $Id = $App.id + if ($Id -and $App.web.redirectUris -like "*$($env:WEBSITE_SITE_NAME)*") { New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$Id" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true + Write-Information "Deleted App Registration for $ClientId" + } else { + Write-Information "App Registration for $ClientId not found or Redirect URI does not match" } } Write-Information "Deleting API Client: $ClientId from CIPP" From d67565c500cebdce1a99ab47868a53c22f662ada Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 9 Feb 2025 19:43:35 -0500 Subject: [PATCH 089/138] Update Invoke-ExecApiClient.ps1 --- .../HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 index 4deb169db6c6..08ed1490a556 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1 @@ -155,7 +155,7 @@ function Invoke-ExecApiClient { $App = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications?`$filter=appId eq '$($ClientId)'&`$select=id,appId,web" -NoAuthCheck $true -asapp $true $Id = $App.id if ($Id -and $App.web.redirectUris -like "*$($env:WEBSITE_SITE_NAME)*") { - New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$Id" -Method DELETE -Body '{}' -NoAuthCheck $true -asapp $true + New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$Id" -type DELETE -Body '{}' -NoAuthCheck $true -asapp $true Write-Information "Deleted App Registration for $ClientId" } else { Write-Information "App Registration for $ClientId not found or Redirect URI does not match" From ca3a37869c9d8159c90a31a4ef99588b9a5bce0a Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 10 Feb 2025 16:46:38 +0100 Subject: [PATCH 090/138] executing user changes 1 --- .../Push-CIPPAccessTenantTest.ps1 | 2 +- .../CIPP/Core/Invoke-ExecPartnerWebhook.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecAccessChecks.ps1 | 8 ++-- .../Email-Exchange/Invoke-AddRoomMailbox.ps1 | 2 +- .../Invoke-AddSharedMailbox.ps1 | 2 +- .../Invoke-AddTransportTemplate.ps1 | 8 ++-- .../Email-Exchange/Invoke-EditContact.ps1 | 8 ++-- .../Email-Exchange/Invoke-EditExConnector.ps1 | 8 ++-- .../Invoke-EditTransportRule.ps1 | 8 ++-- .../Invoke-ExecConverttoRoomMailbox.ps1 | 2 +- .../Invoke-ExecConverttoSharedMailbox.ps1 | 2 +- .../Email-Exchange/Invoke-ExecCopyForSent.ps1 | 2 +- .../Invoke-ExecEmailForward.ps1 | 4 +- .../Invoke-ExecEnableArchive.ps1 | 2 +- .../Invoke-ExecGroupsDeliveryManagement.ps1 | 2 +- .../Invoke-ExecGroupsHideFromGAL.ps1 | 2 +- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 4 +- .../Invoke-ExecMailboxMobileDevices.ps1 | 2 +- .../Invoke-ExecRemoveMailboxRule.ps1 | 2 +- .../Invoke-ExecSetMailboxLocale.ps1 | 2 +- .../Email-Exchange/Invoke-ExecSetOoO.ps1 | 4 +- .../Invoke-ListGlobalAddressList.ps1 | 4 +- .../Email-Exchange/Invoke-ListOoO.ps1 | 2 +- .../Endpoint/MEM/Invoke-EditIntuneScript.ps1 | 4 +- .../Endpoint/MEM/Invoke-ExecDeviceAction.ps1 | 2 +- .../MEM/Invoke-ExecGetLocalAdminPassword.ps1 | 2 +- .../MEM/Invoke-ExecGetRecoveryKey.ps1 | 2 +- .../Endpoint/MEM/Invoke-ListIntuneScript.ps1 | 4 +- .../MEM/Invoke-RemoveIntuneScript.ps1 | 4 +- .../Devices/Invoke-ExecDeviceDelete.ps1 | 4 +- .../Groups/Invoke-EditGroup.ps1 | 2 +- .../Administration/Users/Invoke-EditUser.ps1 | 2 +- .../Users/Invoke-ExecBECRemediate.ps1 | 8 ++-- .../Users/Invoke-ExecCreateTAP.ps1 | 2 +- .../Users/Invoke-ExecDisableUser.ps1 | 2 +- ...Invoke-ExecOffboard_Mailboxpermissions.ps1 | 2 +- .../Users/Invoke-ExecOneDriveShortCut.ps1 | 2 +- .../Users/Invoke-ExecOnedriveProvision.ps1 | 2 +- .../Users/Invoke-ExecPerUserMFA.ps1 | 2 +- .../Users/Invoke-ExecPerUserMFAAllUsers.ps1 | 2 +- .../Users/Invoke-ExecResetMFA.ps1 | 2 +- .../Users/Invoke-ExecResetPass.ps1 | 2 +- .../Users/Invoke-ExecRevokeSessions.ps1 | 2 +- .../Invoke-ExecSetSharePointMember.ps1 | 4 +- .../Invoke-ExecSharePointPerms.ps1 | 4 +- ...ke-ExecTeamsVoicePhoneNumberAssignment.ps1 | 8 ++-- .../Invoke-ListAppConsentRequests.ps1 | 2 +- .../Tenant/Conditional/Invoke-AddCAPolicy.ps1 | 2 +- .../Conditional/Invoke-ExecCAExclusion.ps1 | 2 +- .../Conditional/Invoke-ExecNamedLocation.ps1 | 2 +- .../Standards/Invoke-ListDomainHealth.ps1 | 2 +- .../Tools/Invoke-ExecGraphExplorerPreset.ps1 | 2 +- .../Entrypoints/Invoke-ExecSyncAPDevices.ps1 | 8 ++-- .../Invoke-ListAzureADConnectStatus.ps1 | 4 +- .../Entrypoints/Invoke-ListDefenderTVM.ps1 | 4 +- .../Entrypoints/Invoke-ListDeletedItems.ps1 | 4 +- .../Invoke-ListExchangeConnectors.ps1 | 4 +- .../Invoke-ListFunctionParameters.ps1 | 2 +- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 4 +- .../CIPPCore/Public/Get-CIPPBitlockerKey.ps1 | 4 +- .../CIPPCore/Public/Get-CIPPLAPSPassword.ps1 | 4 +- .../Public/Get-CIPPLicenseOverview.ps1 | 2 +- Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 | 2 +- .../CIPPCore/Public/Get-CIPPOutOfOffice.ps1 | 2 +- .../CIPPCore/Public/Get-CIPPPerUserMFA.ps1 | 2 +- .../Public/Get-CIPPTenantCapabilities.ps1 | 2 +- .../Public/Invoke-RemoveExConnector.ps1 | 8 ++-- .../CIPPCore/Public/Invoke-RemovePolicy.ps1 | 8 ++-- .../Public/Invoke-RemoveTransportRule.ps1 | 8 ++-- Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 2 +- .../CIPPCore/Public/New-CIPPCATemplate.ps1 | 2 +- .../CIPPCore/Public/New-CIPPDeviceAction.ps1 | 6 +-- .../Public/New-CIPPOneDriveShortCut.ps1 | 6 +-- Modules/CIPPCore/Public/New-CIPPRestore.ps1 | 4 +- .../CIPPCore/Public/New-CIPPRestoreTask.ps1 | 44 +++++++++---------- Modules/CIPPCore/Public/New-CIPPTAP.ps1 | 6 +-- .../CIPPCore/Public/Remove-CIPPLicense.ps1 | 8 ++-- .../Public/Request-CIPPSPOPersonalSite.ps1 | 6 +-- Modules/CIPPCore/Public/Send-CIPPAlert.ps1 | 2 +- .../Public/Set-CIPPAlwaysShowFrom.ps1 | 12 ++--- .../Public/Set-CIPPAssignedApplication.ps1 | 6 +-- .../Public/Set-CIPPAssignedPolicy.ps1 | 6 +-- .../Public/Set-CIPPAuthenticationPolicy.ps1 | 16 +++---- .../CIPPCore/Public/Set-CIPPCAExclusion.ps1 | 6 +-- .../CIPPCore/Public/Set-CIPPCPVConsent.ps1 | 2 +- .../Set-CIPPDefaultAPDeploymentProfile.ps1 | 2 +- .../Public/Set-CIPPDefaultAPEnrollment.ps1 | 2 +- .../CIPPCore/Public/Set-CIPPDeviceState.ps1 | 4 +- .../Public/Set-CIPPGDAPAutoExtend.ps1 | 6 +-- .../Public/Set-CIPPGraphSubscription.ps1 | 4 +- .../Public/Set-CIPPGroupAuthentication.ps1 | 8 ++-- Modules/CIPPCore/Public/Set-CIPPGroupGAL.ps1 | 8 ++-- .../Public/Set-CIPPMailboxArchive.ps1 | 2 +- .../CIPPCore/Public/Set-CIPPMailboxLocale.ps1 | 6 +-- .../CIPPCore/Public/Set-CIPPMessageCopy.ps1 | 6 +-- .../CIPPCore/Public/Set-CIPPMobileDevice.ps1 | 14 +++--- .../CIPPCore/Public/Set-CIPPNamedLocation.ps1 | 6 +-- .../CIPPCore/Public/Set-CIPPPerUserMFA.ps1 | 10 ++--- .../CIPPCore/Public/Set-CIPPProfilePhoto.ps1 | 6 +-- Modules/CIPPCore/Public/Set-CIPPSignature.ps1 | 6 +-- ...-CIPPStandardConditionalAccessTemplate.ps1 | 4 +- .../Public/Test-CIPPAccessPermissions.ps1 | 2 +- .../CIPPCore/Public/Test-CIPPAccessTenant.ps1 | 12 ++--- .../Public/Test-CIPPGDAPRelationships.ps1 | 4 +- Modules/CIPPCore/Public/Test-CIPPRerun.ps1 | 6 +-- .../Invoke-CIPPGraphWebhookRenewal.ps1 | 2 +- .../Webhooks/Invoke-CIPPWebhookProcessing.ps1 | 10 ++--- .../Webhooks/New-CIPPGraphSubscription.ps1 | 14 +++--- .../Webhooks/Remove-CIPPGraphSubscription.ps1 | 10 ++--- .../NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 | 2 +- .../NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 2 +- 111 files changed, 265 insertions(+), 265 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAccessTenantTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAccessTenantTest.ps1 index 447661a71d88..7b50d26df778 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAccessTenantTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAccessTenantTest.ps1 @@ -5,5 +5,5 @@ function Push-CIPPAccessTenantTest { #> Param($Item) - Test-CIPPAccessTenant -Tenant $Item.customerId -ExecutingUser 'CIPP' + Test-CIPPAccessTenant -Tenant $Item.customerId -Headers 'CIPP' } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 index ea26ed3aca03..045ad540318f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 @@ -42,7 +42,7 @@ function Invoke-ExecPartnerWebhook { PartnerCenter = $true BaseURL = $BaseURL EventType = $Request.Body.EventType - ExecutingUser = $Request.Headers.'x-ms-client-principal' + Headers = $Request.Headers.'x-ms-client-principal' } $Results = New-CIPPGraphSubscription @Webhook diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 242343fd96c0..6e47b44c185e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -25,7 +25,7 @@ Function Invoke-ExecAccessChecks { $Results = $null } if (!$Results) { - $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -ExecutingUser $Request.Headers.'x-ms-client-principal' + $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -Headers $Request.Headers.'x-ms-client-principal' } else { try { $LastRun = [DateTime]::SpecifyKind($Cache.Timestamp.DateTime, [DateTimeKind]::Utc) @@ -34,7 +34,7 @@ Function Invoke-ExecAccessChecks { } } } else { - $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -ExecutingUser $Request.Headers.'x-ms-client-principal' + $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -Headers $Request.Headers.'x-ms-client-principal' } } 'Tenants' { @@ -82,12 +82,12 @@ Function Invoke-ExecAccessChecks { } if ($Request.Query.SkipCache -eq 'true' -or $Request.Query.SkipCache -eq $true) { - $Message = Test-CIPPAccessTenant -ExecutingUser $Request.Headers.'x-ms-client-principal' + $Message = Test-CIPPAccessTenant -Headers $Request.Headers.'x-ms-client-principal' } if ($Request.Body.TenantId) { $Tenant = Get-Tenants -TenantFilter $Request.Body.TenantId - $null = Test-CIPPAccessTenant -Tenant $Tenant.customerId -ExecutingUser $Request.Headers.'x-ms-client-principal' + $null = Test-CIPPAccessTenant -Tenant $Tenant.customerId -Headers $Request.Headers.'x-ms-client-principal' $Results = "Refreshing tenant $($Tenant.displayName)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 index d2f1ea21dbea..5dd16e8d7339 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 @@ -38,7 +38,7 @@ Function Invoke-AddRoomMailbox { # Block sign-in for the mailbox try { - $Request = Set-CIPPSignInState -userid $AddRoomRequest.ExternalDirectoryObjectId -TenantFilter $Tenant -APIName $APINAME -ExecutingUser $User -AccountEnabled $false + $Request = Set-CIPPSignInState -userid $AddRoomRequest.ExternalDirectoryObjectId -TenantFilter $Tenant -APIName $APINAME -Headers $User -AccountEnabled $false $Results.add("Blocked sign-in for Room mailbox; $($MailboxObject.userPrincipalName)") } catch { $ErrorMessage = Get-CippException -Exception $_ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 index 6366a90b6873..32213b5541c0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 @@ -38,7 +38,7 @@ Function Invoke-AddSharedMailbox { # Block sign-in for the mailbox try { - $null = Set-CIPPSignInState -userid $AddSharedRequest.ExternalDirectoryObjectId -TenantFilter $Tenant -APIName $APINAME -ExecutingUser $User -AccountEnabled $false + $null = Set-CIPPSignInState -userid $AddSharedRequest.ExternalDirectoryObjectId -TenantFilter $Tenant -APIName $APINAME -Headers $User -AccountEnabled $false $Body = $Results.add("Blocked sign-in for shared mailbox $Email") } catch { $ErrorMessage = Get-CippException -Exception $_ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index 6a169dd7a68c..b403d1f904ac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-AddTransportTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host ($request | ConvertTo-Json -Depth 10 -Compress) try { @@ -35,12 +35,12 @@ Function Invoke-AddTransportTemplate { RowKey = "$GUID" PartitionKey = 'TransportTemplate' } - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug + Write-LogMessage -user $Headers -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug $body = [pscustomobject]@{'Results' = "Created Transport Rule Template $($Request.body.name) with GUID $GUID" } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" } $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 index fc8687e5f3f1..84c93eec0728 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 @@ -12,8 +12,8 @@ Function Invoke-EditContact { $APIName = $Request.Params.CIPPEndpoint $TenantID = $Request.body.tenantID - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { # Extract contact information from the request body @@ -43,13 +43,13 @@ Function Invoke-EditContact { $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-Contact' -cmdParams $bodyForSetContact -UseSystemMailbox $true $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-MailContact' -cmdParams @{Identity = $contactInfo.ContactID; HiddenFromAddressListsEnabled = [System.Convert]::ToBoolean($contactInfo.hidefromGAL) } -UseSystemMailbox $true $Results = "Successfully edited contact $($contactInfo.DisplayName)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantID -message $Results -Sev Info + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantID -message $Results -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Failed to edit contact. $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::InternalServerError } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 index 11c0b8108689..a39aafdc75f8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 @@ -11,8 +11,8 @@ Function Invoke-EditExConnector { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter try { $ConnectorState = $Request.Query.State ?? $Request.Body.State @@ -25,11 +25,11 @@ Function Invoke-EditExConnector { } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "Set-$($Type)Connector" -cmdParams $params -UseSystemMailbox $true $Result = "Set Connector $($Guid) to $($ConnectorState)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CIPPException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index e41e730759ea..d4084bfc3995 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -11,8 +11,8 @@ Function Invoke-EditTransportRule { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter $Identity = $Request.Query.guid ?? $Request.body.guid @@ -26,11 +26,11 @@ Function Invoke-EditTransportRule { $cmdlet = if ($State -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true $Result = "Set transport rule $($Identity) to $($State)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message $Result -sev Info + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message $Result -sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 index f06dd608e5eb..b8e1ec132321 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 @@ -19,7 +19,7 @@ Function Invoke-ExecConvertToRoomMailbox { # Interact with query parameters or the body of the request. Try { - $ConvertedMailbox = Set-CIPPMailboxType -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -ExecutingUser $User -MailboxType 'Room' + $ConvertedMailbox = Set-CIPPMailboxType -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $User -MailboxType 'Room' $Results = [pscustomobject]@{'Results' = "$ConvertedMailbox" } $StatusCode = [HttpStatusCode]::OK } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 index d1023b50a11f..da49b84a4426 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 @@ -22,7 +22,7 @@ Function Invoke-ExecConverttoSharedMailbox { # Interact with query parameters or the body of the request. Try { $MailboxType = if ($request.query.ConvertToUser -eq 'true') { 'Regular' } else { 'Shared' } - $ConvertedMailbox = Set-CIPPMailboxType -userid $Request.query.id -tenantFilter $Tenant -APIName $APINAME -ExecutingUser $User -MailboxType $MailboxType + $ConvertedMailbox = Set-CIPPMailboxType -userid $Request.query.id -tenantFilter $Tenant -APIName $APINAME -Headers $User -MailboxType $MailboxType $Results = [pscustomobject]@{'Results' = "$ConvertedMailbox" } $StatusCode = [HttpStatusCode]::OK } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 index f5891a4f8c0f..763c1fd3d8b9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 @@ -21,7 +21,7 @@ Function Invoke-ExecCopyForSent { # Interact with query parameters or the body of the request. Try { $MessageCopyForSentAsEnabled = if ($request.query.MessageCopyForSentAsEnabled -eq 'false') { 'false' } else { 'true' } - $MessageResult = Set-CIPPMessageCopy -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -MessageCopyForSentAsEnabled $MessageCopyForSentAsEnabled + $MessageResult = Set-CIPPMessageCopy -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -MessageCopyForSentAsEnabled $MessageCopyForSentAsEnabled $Results = [pscustomobject]@{'Results' = "$MessageResult" } } catch { $Results = [pscustomobject]@{'Results' = "set MessageCopyForSentAsEnabled to $MessageCopyForSentAsEnabled failed - $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 index 71fef9ce1fb1..1978a6b97b44 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecEmailForward { if ($ForwardOption -eq 'internalAddress') { try { - Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -Forward $ForwardingAddress -keepCopy $KeepCopy + Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -Forward $ForwardingAddress -keepCopy $KeepCopy if (-not $request.body.KeepCopy) { $results = "Forwarding all email for $($username) to $($ForwardingAddress) and not keeping a copy" } else { @@ -35,7 +35,7 @@ Function Invoke-ExecEmailForward { if ($ForwardOption -eq 'ExternalAddress') { try { - Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -forwardingSMTPAddress $ForwardingSMTPAddress -keepCopy $KeepCopy + Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -forwardingSMTPAddress $ForwardingSMTPAddress -keepCopy $KeepCopy if (-not $request.body.KeepCopy) { $results = "Forwarding all email for $($username) to $($ForwardingSMTPAddress) and not keeping a copy" } else { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 index 6bf2d138ed3b..5496c7706e93 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecEnableArchive { # Interact with query parameters or the body of the request. Try { - $ResultsArch = Set-CIPPMailboxArchive -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -ArchiveEnabled $true + $ResultsArch = Set-CIPPMailboxArchive -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -ArchiveEnabled $true $Results = [pscustomobject]@{'Results' = "$ResultsArch" } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 index 755620ab02f0..5bd4bec010b9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecGroupsDeliveryManagement { # Interact with query parameters or the body of the request. Try { - $SetResults = Set-CIPPGroupAuthentication -ID $Request.query.id -GroupType $Request.query.GroupType -OnlyAllowInternalString $Request.query.OnlyAllowInternal -tenantFilter $Request.query.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $SetResults = Set-CIPPGroupAuthentication -ID $Request.query.id -GroupType $Request.query.GroupType -OnlyAllowInternalString $Request.query.OnlyAllowInternal -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $Results = [pscustomobject]@{'Results' = $SetResults } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 index 0798b84ef5c7..3ba69134dbc2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 @@ -15,7 +15,7 @@ Function Invoke-ExecGroupsHideFromGAL { # Interact with query parameters or the body of the request. Try { - $GroupStatus = Set-CIPPGroupGAL -Id $Request.query.id -tenantFilter $Request.query.TenantFilter -GroupType $Request.query.groupType -HiddenString $Request.query.HidefromGAL -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $GroupStatus = Set-CIPPGroupGAL -Id $Request.query.id -tenantFilter $Request.query.TenantFilter -GroupType $Request.query.groupType -HiddenString $Request.query.HidefromGAL -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $Results = [pscustomobject]@{'Results' = $GroupStatus } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index 191f511cf1f4..e161213ffa0f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -10,9 +10,9 @@ Function Invoke-ExecHideFromGAL { [CmdletBinding()] param($Request, $TriggerMetadata) - $ExecutingUser = $Request.headers.'x-ms-client-principal' + $Headers = $Request.headers.'x-ms-client-principal' $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 index 8d40c1f4e083..006ee82b7132 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecMailboxMobileDevices { # Interact with query parameters or the body of the request. Try { - $MobileResults = Set-CIPPMobileDevice -UserId $request.query.Userid -Guid $request.query.guid -DeviceId $request.query.deviceid -Quarantine $request.query.Quarantine -tenantFilter $request.query.tenantfilter -APIName $APINAME -Delete $Request.query.Delete -ExecutingUser $request.headers.'x-ms-client-principal' + $MobileResults = Set-CIPPMobileDevice -UserId $request.query.Userid -Guid $request.query.guid -DeviceId $request.query.deviceid -Quarantine $request.query.Quarantine -tenantFilter $request.query.tenantfilter -APIName $APINAME -Delete $Request.query.Delete -Headers $request.headers.'x-ms-client-principal' $Results = [pscustomobject]@{'Results' = $MobileResults } } catch { $Results = [pscustomobject]@{'Results' = "Failed $($request.query.Userid): $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 index a747ac432e33..f802a879922e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 @@ -23,7 +23,7 @@ Function Invoke-ExecRemoveMailboxRule { Write-Host 'PowerShell HTTP trigger function processed a request.' # Remove the rule - $Results = Remove-CIPPMailboxRule -userid $User -username $Username -TenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $User -RuleId $RuleId -RuleName $RuleName + $Results = Remove-CIPPMailboxRule -userid $User -username $Username -TenantFilter $TenantFilter -APIName $APINAME -Headers $User -RuleId $RuleId -RuleName $RuleName if ($Results -like '*Could not delete*') { $StatusCode = [HttpStatusCode]::Forbidden diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 index 1fe012795d7b..32a9e43849d3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecSetMailboxLocale { # Interact with query parameters or the body of the request. - $Results = Set-CippMailboxLocale -username $Request.Body.user -locale $Request.body.locale -tenantFilter $Tenant -APIName $APINAME -ExecutingUser $User + $Results = Set-CippMailboxLocale -username $Request.Body.user -locale $Request.body.locale -tenantFilter $Tenant -APIName $APINAME -Headers $User # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 index f3540191de9a..5863faba10ec 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 @@ -25,9 +25,9 @@ Function Invoke-ExecSetOoO { $Results = try { if ($Request.Body.AutoReplyState.value -ne 'Scheduled') { - Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'X-MS-CLIENT-PRINCIPAL' -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -State $Request.Body.AutoReplyState.value + Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'X-MS-CLIENT-PRINCIPAL' -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -State $Request.Body.AutoReplyState.value } else { - Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'X-MS-CLIENT-PRINCIPAL' -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -StartTime $StartTime -EndTime $EndTime -State $Request.Body.AutoReplyState.value + Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'X-MS-CLIENT-PRINCIPAL' -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -StartTime $StartTime -EndTime $EndTime -State $Request.Body.AutoReplyState.value } } catch { "Could not add out of office message for $($username). Error: $($_.Exception.Message)" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 index 03d7df527ff1..827e0ba245f7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 @@ -11,8 +11,8 @@ Function Invoke-ListGlobalAddressList { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 index 98fe0b2ebad8..d44bfd360180 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListOoO { $APIName = $Request.Params.CIPPEndpoint $Tenantfilter = $request.query.tenantFilter try { - $Body = Get-CIPPOutOfOffice -userid $Request.query.userid -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $Body = Get-CIPPOutOfOffice -userid $Request.query.userid -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Body = [pscustomobject]@{'Results' = "Failed. $ErrorMessage" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 index 07391fcd6855..c88c9a81a6e4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 @@ -11,8 +11,8 @@ function Invoke-EditIntuneScript { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug $graphUrl = "https://graph.microsoft.com/beta" switch($Request.Method) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 index 04ac4554c36d..5083a97affb4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 @@ -29,7 +29,7 @@ Function Invoke-ExecDeviceAction { ActionBody = $ActionBody DeviceFilter = $Request.Body.GUID TenantFilter = $Request.Body.TenantFilter - ExecutingUser = $request.headers.'x-ms-client-principal' + Headers = $request.headers.'x-ms-client-principal' APINAME = $APINAME } $ActionResult = New-CIPPDeviceAction @cmdparams diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 index b3f923c1f5cc..9cb60cffef8b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 @@ -13,7 +13,7 @@ Function Invoke-ExecGetLocalAdminPassword { $APIName = $Request.Params.CIPPEndpoint try { - $GraphRequest = Get-CIPPLapsPassword -device $($request.body.guid) -tenantFilter $Request.body.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $GraphRequest = Get-CIPPLapsPassword -device $($request.body.guid) -tenantFilter $Request.body.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $Body = [pscustomobject]@{'Results' = $GraphRequest } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 index 17b9e9eed724..1c9464edd007 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecGetRecoveryKey { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $GraphRequest = Get-CIPPBitlockerKey -device $Request.query.GUID -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $GraphRequest = Get-CIPPBitlockerKey -device $Request.query.GUID -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $Body = [pscustomobject]@{'Results' = $GraphRequest } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 index edc724887eda..06792730345f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 @@ -11,8 +11,8 @@ function Invoke-ListIntuneScript { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 index 6bf528b855fe..5c8344c7e831 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 @@ -11,8 +11,8 @@ function Invoke-RemoveIntuneScript { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 7d49b34420e7..3a920cccb73a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -11,8 +11,8 @@ Function Invoke-ExecDeviceDelete { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with body parameters or the body of the request. $TenantFilter = $Request.body.tenantFilter ?? $Request.Query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 index ed49d9139618..e711afe05ab4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 @@ -156,7 +156,7 @@ Function Invoke-EditGroup { if ($userobj.allowExternal -eq 'true') { try { - Set-CIPPGroupAuthentication -ID $userobj.mail -GroupType $GroupType -tenantFilter $TenantId -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + Set-CIPPGroupAuthentication -ID $userobj.mail -GroupType $GroupType -tenantFilter $TenantId -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $body = $results.add("Allowed external senders to send to $($userobj.mail).") } catch { $body = $results.add("Failed to allow external senders to send to $($userobj.mail).") diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index 6952afd7ffbc..5f00967df60b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -133,7 +133,7 @@ Function Invoke-EditUser { } if ($Request.body.CopyFrom.value) { - $CopyFrom = Set-CIPPCopyGroupMembers -ExecutingUser $User -CopyFromId $Request.body.CopyFrom.value -UserID $UserPrincipalName -TenantFilter $UserObj.tenantFilter + $CopyFrom = Set-CIPPCopyGroupMembers -Headers $User -CopyFromId $Request.body.CopyFrom.value -UserID $UserPrincipalName -TenantFilter $UserObj.tenantFilter $null = $results.AddRange(@($CopyFrom)) } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 index 8c3e3ef44871..8293e259699e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 @@ -23,13 +23,13 @@ Function Invoke-ExecBECRemediate { Write-Host $SuspectUser $Results = try { $Step = 'Reset Password' - Set-CIPPResetPassword -UserID $username -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $User + Set-CIPPResetPassword -UserID $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $User $Step = 'Disable Account' - Set-CIPPSignInState -userid $username -AccountEnabled $false -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $User + Set-CIPPSignInState -userid $username -AccountEnabled $false -tenantFilter $TenantFilter -APIName $APINAME -Headers $User $Step = 'Revoke Sessions' - Revoke-CIPPSessions -userid $SuspectUser -username $username -ExecutingUser $User -APIName $APINAME -tenantFilter $TenantFilter + Revoke-CIPPSessions -userid $SuspectUser -username $username -Headers $User -APIName $APINAME -tenantFilter $TenantFilter $Step = 'Remove MFA methods' - Remove-CIPPUserMFA -UserPrincipalName $username -TenantFilter $TenantFilter -ExecutingUser $User + Remove-CIPPUserMFA -UserPrincipalName $username -TenantFilter $TenantFilter -Headers $User $Step = 'Disable Inbox Rules' $Rules = New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $username; IncludeHidden = $true } $RuleDisabled = 0 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 index 30650cd5c318..e86c61eed528 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 @@ -15,7 +15,7 @@ Function Invoke-ExecCreateTAP { # Interact with query parameters or the body of the request. try { - $TAP = New-CIPPTAP -userid $Request.query.ID -TenantFilter $Request.query.tenantfilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $TAP = New-CIPPTAP -userid $Request.query.ID -TenantFilter $Request.query.tenantfilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $Results = [pscustomobject]@{'Results' = $TAP } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 index fbe020546a1a..e2739a3a6f92 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecDisableUser { $APIName = $Request.Params.CIPPEndpoint try { - $State = Set-CIPPSignInState -userid $Request.query.ID -TenantFilter $Request.Query.TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -AccountEnabled ([System.Convert]::ToBoolean($Request.Query.Enable)) + $State = Set-CIPPSignInState -userid $Request.query.ID -TenantFilter $Request.Query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -AccountEnabled ([System.Convert]::ToBoolean($Request.Query.Enable)) $Results = [pscustomobject]@{'Results' = "$State" } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboard_Mailboxpermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboard_Mailboxpermissions.ps1 index 02e60ca462d0..10b4c8576330 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboard_Mailboxpermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboard_Mailboxpermissions.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecOffboard_Mailboxpermissions { param($Request, $TriggerMetadata) foreach ($Mailbox in $Mailboxes) { - Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid $Mailbox.UserPrincipalName -AccessUser $QueueItem.User -TenantFilter $QueueItem.TenantFilter -APIName $APINAME -ExecutingUser $QueueItem.ExecutingUser + Remove-CIPPMailboxPermissions -PermissionsLevel @('FullAccess', 'SendAs', 'SendOnBehalf') -userid $Mailbox.UserPrincipalName -AccessUser $QueueItem.User -TenantFilter $QueueItem.TenantFilter -APIName $APINAME -Headers $QueueItem.Headers } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 index 4a62823799b8..2a0028b3952b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 @@ -14,7 +14,7 @@ Function Invoke-ExecOneDriveShortCut { Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Try { - $MessageResult = New-CIPPOneDriveShortCut -username $Request.Body.username -userid $Request.Body.userid -TenantFilter $Request.Body.tenantFilter -URL $Request.Body.siteUrl.value -ExecutingUser $request.headers.'x-ms-client-principal' + $MessageResult = New-CIPPOneDriveShortCut -username $Request.Body.username -userid $Request.Body.userid -TenantFilter $Request.Body.tenantFilter -URL $Request.Body.siteUrl.value -Headers $request.headers.'x-ms-client-principal' $Results = [pscustomobject]@{ 'Results' = "$MessageResult" } } catch { $Results = [pscustomobject]@{'Results' = "OneDrive Shortcut creation failed: $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 index 49b2ab16d9c0..dbc29fe0cad1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 @@ -13,7 +13,7 @@ Function Invoke-ExecOneDriveProvision { $APIName = $Request.Params.CIPPEndpoint $Params = $Request.Body ?? $Request.Query try { - $State = Request-CIPPSPOPersonalSite -TenantFilter $Params.TenantFilter -UserEmails $Params.UserPrincipalName -ExecutingUser $Request.Headers.'x-ms-client-principal' -APIName $APINAME + $State = Request-CIPPSPOPersonalSite -TenantFilter $Params.TenantFilter -UserEmails $Params.UserPrincipalName -Headers $Request.Headers.'x-ms-client-principal' -APIName $APINAME $Results = [pscustomobject]@{'Results' = "$State" } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 index 58155d6fa8e3..8a45f34daa58 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 @@ -15,7 +15,7 @@ function Invoke-ExecPerUserMFA { userId = $Request.Body.userId TenantFilter = $Request.Body.TenantFilter State = $Request.Body.State.value ? $Request.Body.State.value : $Request.Body.State - executingUser = $Request.Headers.'x-ms-client-principal' + Headers = $Request.Headers.'x-ms-client-principal' } $Result = Set-CIPPPerUserMFA @Request $Body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 index f91b1f3a5a89..32f51b16d01d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 @@ -16,7 +16,7 @@ function Invoke-ExecPerUserMFAAllUsers { userId = $Users.id TenantFilter = $tenantfilter State = $Request.query.State - executingUser = $Request.Headers.'x-ms-client-principal' + Headers = $Request.Headers.'x-ms-client-principal' } $Result = Set-CIPPPerUserMFA @Request $Body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 index ddca99ba5193..1f706ce54164 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 @@ -19,7 +19,7 @@ Function Invoke-ExecResetMFA { try { $Body = @{ - Results = Remove-CIPPUserMFA -UserPrincipalName $UserID -TenantFilter $TenantFilter -ExecutingUser $request.headers.'x-ms-client-principal' + Results = Remove-CIPPUserMFA -UserPrincipalName $UserID -TenantFilter $TenantFilter -Headers $request.headers.'x-ms-client-principal' } } catch { $Body = [pscustomobject]@{'Results' = "Failed to reset MFA methods for $($Request.Query.ID): $(Get-NormalizedError -message $_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 index 42551f246aa5..4c4774959b29 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 @@ -22,7 +22,7 @@ Function Invoke-ExecResetPass { $mustChange = [System.Convert]::ToBoolean($request.query.MustChange) try { - $Reset = Set-CIPPResetPassword -userid $Request.query.ID -tenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' -forceChangePasswordNextSignIn $mustChange + $Reset = Set-CIPPResetPassword -userid $Request.query.ID -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -forceChangePasswordNextSignIn $mustChange $Results = [pscustomobject]@{'Results' = $Reset } } catch { $Results = [pscustomobject]@{'Results' = "Failed to reset password for $($Request.query.displayName): $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 index b16a12e0ab50..103d70396c5b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 @@ -16,7 +16,7 @@ Function Invoke-ExecRevokeSessions { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $RevokeSessions = Revoke-CIPPSessions -userid $Request.Query.id -tenantFilter $TenantFilter -username $Request.Query.Username -APIName $APINAME -ExecutingUser $request.headers.'x-ms-client-principal' + $RevokeSessions = Revoke-CIPPSessions -userid $Request.Query.id -tenantFilter $TenantFilter -username $Request.Query.Username -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' $Results = [pscustomobject]@{'Results' = $RevokeSessions } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 index ca77575c209c..72315cfd8bca 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 @@ -12,8 +12,8 @@ Function Invoke-ExecSetSharePointMember { $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 index 13191170bb1e..ced34984f8e7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 @@ -12,9 +12,9 @@ Function Invoke-ExecSharePointPerms { $APIName = $Request.Params.CIPPEndpoint $tenantFilter = $Request.Body.tenantFilter - $ExecutingUser = $Request.Headers.'x-ms-client-principal' + $Headers = $Request.Headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Accessed this API' -Sev Debug + Write-LogMessage -user $Headers -API $APIName -message 'Accessed this API' -Sev Debug # The UPN or ID of the users OneDrive we are changing permissions on $UserId = $Request.body.UPN diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 index 95e6c4126116..768c8879fccd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 @@ -11,8 +11,8 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Identity = $Request.Body.input.value $tenantFilter = $Request.Body.TenantFilter @@ -24,12 +24,12 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { $null = New-TeamsRequest -TenantFilter $TenantFilter -Cmdlet 'Set-CsPhoneNumberAssignment' -CmdParams @{Identity = $Identity; PhoneNumber = $Request.Body.PhoneNumber; PhoneNumberType = $Request.Body.PhoneNumberType; ErrorAction = 'stop' } $Results = [pscustomobject]@{'Results' = "Successfully assigned $($Request.Body.PhoneNumber) to $($Identity)" } } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Info + Write-LogMessage -user $Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = [pscustomobject]@{'Results' = $ErrorMessage.NormalizedError } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Error -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 index f3144ddb4c7e..aa2fa8806887 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 @@ -50,7 +50,7 @@ function Invoke-ListAppConsentRequests { $StatusCode = [HttpStatusCode]::OK } catch { $StatusCode = [HttpStatusCode]::OK - Write-LogMessage -user $ExecutingUser -API $APIName -message 'app consent request list failed' -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -user $Headers -API $APIName -message 'app consent request list failed' -Sev 'Error' -tenant $TenantFilter $Results = @{ appDisplayName = "Error: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 index 81f9a888d85b..a65ca0781160 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 @@ -18,7 +18,7 @@ Function Invoke-AddCAPolicy { $results = foreach ($Tenant in $tenants) { try { - $CAPolicy = New-CIPPCAPolicy -replacePattern $Request.body.replacename -Overwrite $request.body.overwrite -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' + $CAPolicy = New-CIPPCAPolicy -replacePattern $Request.body.replacename -Overwrite $request.body.overwrite -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -Headers $request.headers.'x-ms-client-principal' Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($Displayname)" -Sev 'Info' "Successfully added Conditional Access Policy for $($Tenant)" } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 index 98d1a88ec542..a063eb7c5ece 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 @@ -41,7 +41,7 @@ Function Invoke-ExecCAExclusion { Add-CIPPScheduledTask -Task $TaskBody -hidden $false $body = @{ Results = "Successfully added vacation mode schedule for $Username." } } else { - Set-CIPPCAExclusion -TenantFilter $Request.body.TenantFilter -ExclusionType $Request.body.ExclusionType -UserID $Request.body.UserID -PolicyId $Request.body.PolicyId -executingUser $request.headers.'x-ms-client-principal' -UserName $Username + Set-CIPPCAExclusion -TenantFilter $Request.body.TenantFilter -ExclusionType $Request.body.ExclusionType -UserID $Request.body.UserID -PolicyId $Request.body.PolicyId -Headers $request.headers.'x-ms-client-principal' -UserName $Username } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 index 058cd00c7993..5ce1ded7bb39 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 @@ -23,7 +23,7 @@ Function Invoke-ExecNamedLocation { $content = $Request.Body.input ?? $Request.Query.input try { - $results = Set-CIPPNamedLocation -NamedLocationId $NamedLocationId -TenantFilter $TenantFilter -change $change -content $content -ExecutingUser $request.headers.'x-ms-client-principal' + $results = Set-CIPPNamedLocation -NamedLocationId $NamedLocationId -TenantFilter $TenantFilter -change $change -content $content -Headers $request.headers.'x-ms-client-principal' } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -headers $Request.Headers -API $APIName -message "Failed to edit named location: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 index 63685cb242d5..01e66c47bc9c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 @@ -34,7 +34,7 @@ Function Invoke-ListDomainHealth { } Set-DnsResolver -Resolver $Resolver - + #UNDOREPLACE $UserCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json) $APIName = $Request.Params.CIPPEndpoint diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 index 0c94e882ea86..f5d37d2bad3c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecGraphExplorerPreset { $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - + #UNDOREPLACE $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 index 79c34f584138..0f2bdc7ce203 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 @@ -10,19 +10,19 @@ Function Invoke-ExecSyncAPDevices { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' + $Headers = $request.headers.'x-ms-client-principal' $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug try { $null = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotSettings/sync' -tenantid $TenantFilter $Results = "Successfully Started Sync for $($TenantFilter)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message 'Successfully started Autopilot sync' -Sev Info + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message 'Successfully started Autopilot sync' -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Failed to start sync for $TenantFilter. Did you try syncing in the last 10 minutes?" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message 'Failed to start Autopilot sync. Did you try syncing in the last 10 minutes?' -Sev Error -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message 'Failed to start Autopilot sync. Did you try syncing in the last 10 minutes?' -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 index 5d5fb2b2b62b..f11759d45324 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 @@ -11,9 +11,9 @@ Function Invoke-ListAzureADConnectStatus { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' + $Headers = $Request.headers.'x-ms-client-principal' $TenantFilter = $Request.Query.TenantFilter - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $DataToReturn = $Request.Query.DataToReturn diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 index eedf83e4f5b5..6a995051cb66 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 @@ -12,8 +12,8 @@ Function Invoke-ListDefenderTVM { $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 index 90eb7f9b89ac..90c085efa367 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 @@ -12,8 +12,8 @@ Function Invoke-ListDeletedItems { $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $Types = 'Application', 'User', 'Device', 'Group' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 index 610d3660ffcb..580e4efc28c9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 @@ -11,8 +11,8 @@ Function Invoke-ListExchangeConnectors { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $request.Query.tenantFilter $Results = try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 index 9b1c35fb0b14..a79dd3782dd0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1 @@ -24,7 +24,7 @@ function Invoke-ListFunctionParameters { $CommandQuery.Name = $Function } $IgnoreList = 'entryPoint', 'internal' - $CommonParameters = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'TenantFilter', 'APIName', 'ExecutingUser', 'ProgressAction', 'WhatIf', 'Confirm', 'Headers', 'NoAuthCheck') + $CommonParameters = @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'TenantFilter', 'APIName', 'Headers', 'ProgressAction', 'WhatIf', 'Confirm', 'Headers', 'NoAuthCheck') $TemporaryBlacklist = 'Get-CIPPAuthentication', 'Invoke-CippWebhookProcessing', 'Invoke-ListFunctionParameters', 'New-CIPPAPIConfig', 'New-CIPPGraphSubscription' try { if ($Module -eq 'ExchangeOnlineManagement') { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 5edc8623ad9b..74ab44bca43b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -10,8 +10,8 @@ Function Invoke-ListIntunePolicy { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 b/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 index b7aed6e35fc0..b7d8b1646468 100644 --- a/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 @@ -5,7 +5,7 @@ function Get-CIPPBitlockerKey { $device, $TenantFilter, $APIName = 'Get Bitlocker key', - $ExecutingUser + $Headers ) try { @@ -15,7 +15,7 @@ function Get-CIPPBitlockerKey { return $GraphRequest } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not retrieve bitlocker recovery key for $($device)" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Headers -API $APIName -message "Could not retrieve bitlocker recovery key for $($device)" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_) return "Could not retrieve bitlocker recovery key for $($device). Error: $ErrorMessage" } } diff --git a/Modules/CIPPCore/Public/Get-CIPPLAPSPassword.ps1 b/Modules/CIPPCore/Public/Get-CIPPLAPSPassword.ps1 index eeac2a740ac2..e7fa518f0b7b 100644 --- a/Modules/CIPPCore/Public/Get-CIPPLAPSPassword.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPLAPSPassword.ps1 @@ -5,7 +5,7 @@ function Get-CIPPLapsPassword { $device, $TenantFilter, $APIName = 'Get LAPS Password', - $ExecutingUser + $Headers ) try { @@ -17,7 +17,7 @@ function Get-CIPPLapsPassword { if ($GraphRequest) { return $GraphRequest } else { return "No LAPS password found for $device" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not retrieve LAPS password for $($device). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not retrieve LAPS password for $($device). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not retrieve LAPS password for $($device). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 index 2aaf6964e3ec..017e03fa978b 100644 --- a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 @@ -4,7 +4,7 @@ function Get-CIPPLicenseOverview { param ( $TenantFilter, $APIName = 'Get License Overview', - $ExecutingUser + $Headers ) diff --git a/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 b/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 index 402543c97d02..68b9e03ae1a3 100644 --- a/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 @@ -4,7 +4,7 @@ function Get-CIPPMFAState { param ( $TenantFilter, $APIName = 'Get MFA Status', - $ExecutingUser + $Headers ) $PerUserMFAState = Get-CIPPPerUserMFA -TenantFilter $TenantFilter -AllUsers $true $users = foreach ($user in (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users?$top=999&$select=id,UserPrincipalName,DisplayName,accountEnabled,assignedLicenses' -tenantid $TenantFilter)) { diff --git a/Modules/CIPPCore/Public/Get-CIPPOutOfOffice.ps1 b/Modules/CIPPCore/Public/Get-CIPPOutOfOffice.ps1 index caca21766253..2f5e45739c69 100644 --- a/Modules/CIPPCore/Public/Get-CIPPOutOfOffice.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPOutOfOffice.ps1 @@ -4,7 +4,7 @@ function Get-CIPPOutOfOffice { $userid, $TenantFilter, $APIName = 'Get Out of Office', - $ExecutingUser + $Headers ) try { diff --git a/Modules/CIPPCore/Public/Get-CIPPPerUserMFA.ps1 b/Modules/CIPPCore/Public/Get-CIPPPerUserMFA.ps1 index 26a6033055ad..5a83e85f5a6c 100644 --- a/Modules/CIPPCore/Public/Get-CIPPPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPPerUserMFA.ps1 @@ -3,7 +3,7 @@ function Get-CIPPPerUserMFA { param( $TenantFilter, $userId, - $executingUser, + $Headers, $AllUsers = $false ) try { diff --git a/Modules/CIPPCore/Public/Get-CIPPTenantCapabilities.ps1 b/Modules/CIPPCore/Public/Get-CIPPTenantCapabilities.ps1 index 3db9c3a60562..5b44f04737e6 100644 --- a/Modules/CIPPCore/Public/Get-CIPPTenantCapabilities.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPTenantCapabilities.ps1 @@ -4,7 +4,7 @@ function Get-CIPPTenantCapabilities { param ( $TenantFilter, $APIName = 'Get Tenant Capabilities', - $ExecutingUser + $Headers ) $Org = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/organization' -tenantid $TenantFilter diff --git a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 index f4da2e4a0f98..305ce5ba818c 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 @@ -11,9 +11,9 @@ Function Invoke-RemoveExConnector { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' + $Headers = $request.headers.'x-ms-client-principal' $TenantFilter = $request.Query.tenantFilter ?? $Request.Body.tenantFilter - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $Type = $Request.Query.Type ?? $Request.Body.Type @@ -22,11 +22,11 @@ Function Invoke-RemoveExConnector { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "Remove-$($Type)Connector" -cmdParams $params -useSystemMailbox $true $Result = "Deleted Connector: $($Guid)" - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Deleted connector $($Guid)" -sev Debug + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Deleted connector $($Guid)" -sev Debug $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed deleting connector $($Guid). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed deleting connector $($Guid). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 index 1d7b4b4a0053..2410c741a5af 100644 --- a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemovePolicy { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $request.headers.'x-ms-client-principal' + Write-LogMessage -headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter @@ -25,13 +25,13 @@ Function Invoke-RemovePolicy { #$unAssignRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($PolicyId)')/assign" -type POST -Body '{"assignments":[]}' -tenant $TenantFilter $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($UrlName)('$($PolicyId)')" -type DELETE -tenant $TenantFilter $Results = "Successfully deleted the policy with ID: $($PolicyId)" - Write-LogMessage -user $ExecutingUser -API $APINAME -message $Results -Sev Info -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APINAME -message $Results -Sev Info -tenant $TenantFilter $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Could not delete policy: $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExecutingUser -API $APINAME -message $Results -Sev Error -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -message $Results -Sev Error -tenant $TenantFilter -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index 6ccfefe1825c..8f0d4ace12fb 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveTransportRule { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExecutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.headers.'x-ms-client-principal' + Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter $Identity = $Request.Query.guid ?? $Request.body.guid @@ -25,11 +25,11 @@ Function Invoke-RemoveTransportRule { $cmdlet = 'Remove-TransportRule' $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $Params -UseSystemMailbox $true $Result = "Deleted $($Identity)" - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Deleted transport rule $($Identity)" -Sev Info + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Deleted transport rule $($Identity)" -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed deleting transport rule $($Identity). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed deleting transport rule $($Identity). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 10f1e81d45dc..10ba89fd3708 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -8,7 +8,7 @@ function New-CIPPCAPolicy { $Overwrite, $ReplacePattern = 'none', $APIName = 'Create CA Policy', - $ExecutingUser + $Headers ) $User = $request.headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/New-CIPPCATemplate.ps1 b/Modules/CIPPCore/Public/New-CIPPCATemplate.ps1 index e2cd6b6a22e8..890fc1247bab 100644 --- a/Modules/CIPPCore/Public/New-CIPPCATemplate.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCATemplate.ps1 @@ -4,7 +4,7 @@ function New-CIPPCATemplate { $TenantFilter, $JSON, $APIName = 'Add CIPP CA Template', - $ExecutingUser + $Headers ) $JSON = ([pscustomobject]$JSON) | ForEach-Object { diff --git a/Modules/CIPPCore/Public/New-CIPPDeviceAction.ps1 b/Modules/CIPPCore/Public/New-CIPPDeviceAction.ps1 index 8a1d2eaf5476..1d60aa3328d0 100644 --- a/Modules/CIPPCore/Public/New-CIPPDeviceAction.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPDeviceAction.ps1 @@ -5,16 +5,16 @@ function New-CIPPDeviceAction { $ActionBody = '{}', $DeviceFilter, $TenantFilter, - $ExecutingUser, + $Headers, $APINAME ) try { $null = New-Graphpostrequest -uri "https://graph.microsoft.com/beta/deviceManagement/managedDevices('$DeviceFilter')/$($Action)" -type POST -tenantid $TenantFilter -body $ActionBody - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Queued $Action on $DeviceFilter" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $TenantFilter -message "Queued $Action on $DeviceFilter" -Sev 'Info' return "Queued $Action on $DeviceFilter" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $TenantFilter -message "Failed to queue action $Action on $DeviceFilter : $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -tenant $TenantFilter -message "Failed to queue action $Action on $DeviceFilter : $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Failed to queue action $Action on $DeviceFilter $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/New-CIPPOneDriveShortCut.ps1 b/Modules/CIPPCore/Public/New-CIPPOneDriveShortCut.ps1 index d270b17efde3..2acbe9f71057 100644 --- a/Modules/CIPPCore/Public/New-CIPPOneDriveShortCut.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPOneDriveShortCut.ps1 @@ -7,7 +7,7 @@ function New-CIPPOneDriveShortCut { $URL, $TenantFilter, $APIName = 'Create OneDrive shortcut', - $ExecutingUser + $Headers ) Write-Host "Received $username and $userid. We're using $url and $TenantFilter" try { @@ -27,11 +27,11 @@ function New-CIPPOneDriveShortCut { '@microsoft.graph.conflictBehavior' = 'rename' } | ConvertTo-Json -Depth 10 New-GraphPOSTRequest -method POST "https://graph.microsoft.com/beta/users/$username/drive/root/children" -body $body -tenantid $TenantFilter -asapp $true - Write-LogMessage -API $APIName -user $ExecutingUser -message "Created OneDrive shortcut called $($SiteInfo.displayName) for $($username)" -Sev 'info' + Write-LogMessage -API $APIName -headers $Headers -message "Created OneDrive shortcut called $($SiteInfo.displayName) for $($username)" -Sev 'info' return "Created OneDrive Shortcut for $username called $($SiteInfo.displayName) " } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add Onedrive shortcut to $username : $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not add Onedrive shortcut to $username : $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Could not add Onedrive shortcut to $username : $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/New-CIPPRestore.ps1 b/Modules/CIPPCore/Public/New-CIPPRestore.ps1 index f3dd2ca21cbd..ec9ca53e4b12 100644 --- a/Modules/CIPPCore/Public/New-CIPPRestore.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPRestore.ps1 @@ -5,11 +5,11 @@ function New-CIPPRestore { $Type = 'Scheduled', $RestoreValues, $APIName = 'CIPP Restore', - $ExecutingUser + $Headers ) Write-Host "Scheduled Restore psproperties: $(([pscustomobject]$RestoreValues).psobject.Properties)" - Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Restored backup' -Sev 'Debug' + Write-LogMessage -headers $Headers -API $APINAME -message 'Restored backup' -Sev 'Debug' $RestoreData = foreach ($ScheduledBackup in ([pscustomobject]$RestoreValues).psobject.Properties.Name | Where-Object { $_ -notin 'email', 'webhook', 'psa', 'backup', 'overwrite' }) { New-CIPPRestoreTask -Task $ScheduledBackup -TenantFilter $TenantFilter -backup $RestoreValues.backup.value -overwrite $RestoreValues.overwrite } diff --git a/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 b/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 index d7499abfff5d..798f8d86cd1a 100644 --- a/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 @@ -41,7 +41,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -77,7 +77,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -91,7 +91,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -103,7 +103,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } #Convert the manual method to a function @@ -116,7 +116,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Compliance $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -130,7 +130,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Protection $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -146,9 +146,9 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } - + $policyparams = @( 'AddXHeaderValue', 'AdminDisplayName', @@ -227,7 +227,7 @@ function New-CIPPRestoreTask { $cmdparams = @{ Identity = $policy.Identity } - + foreach ($param in $policyparams) { if ($policy.PSObject.Properties[$param]) { if ($param -eq 'IntraOrgFilterState' -and $policy.$param -eq 'Default') { @@ -237,7 +237,7 @@ function New-CIPPRestoreTask { } } } - + New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-HostedContentFilterPolicy' -cmdparams $cmdparams -UseSystemMailbox $true Write-LogMessage -message "Restored $($policy.Identity) from backup" -Sev 'info' @@ -266,7 +266,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -277,7 +277,7 @@ function New-CIPPRestoreTask { $cmdparams = @{ Identity = $rule.Identity } - + foreach ($param in $ruleparams) { if ($rule.PSObject.Properties[$param]) { if ($param -eq 'Enabled') { @@ -287,7 +287,7 @@ function New-CIPPRestoreTask { } } } - + New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-HostedContentFilterRule' -cmdparams $cmdparams -UseSystemMailbox $true Write-LogMessage -message "Restored $($rule.Identity) from backup" -Sev 'info' @@ -316,7 +316,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -331,9 +331,9 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } - + $policyparams = @( 'AdminDisplayName', 'AuthenticationFailAction', @@ -392,13 +392,13 @@ function New-CIPPRestoreTask { $cmdparams = @{ Identity = $policy.Identity } - + foreach ($param in $policyparams) { if ($policy.PSObject.Properties[$param]) { $cmdparams[$param] = $policy.$param } } - + New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams -UseSystemMailbox $true Write-LogMessage -message "Restored $($policy.Identity) from backup" -Sev 'info' @@ -423,7 +423,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -434,7 +434,7 @@ function New-CIPPRestoreTask { $cmdparams = @{ Identity = $rule.Identity } - + foreach ($param in $ruleparams) { if ($rule.PSObject.Properties[$param]) { if ($param -eq 'Enabled') { @@ -444,7 +444,7 @@ function New-CIPPRestoreTask { } } } - + New-ExoRequest -TenantId $Tenantfilter -cmdlet 'Set-AntiPhishRule' -cmdparams $cmdparams -UseSystemMailbox $true Write-LogMessage -message "Restored $($rule.Identity) from backup" -Sev 'info' @@ -473,7 +473,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } diff --git a/Modules/CIPPCore/Public/New-CIPPTAP.ps1 b/Modules/CIPPCore/Public/New-CIPPTAP.ps1 index 27c1a0648046..90df35f9d05c 100644 --- a/Modules/CIPPCore/Public/New-CIPPTAP.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTAP.ps1 @@ -4,13 +4,13 @@ function New-CIPPTAP { $userid, $TenantFilter, $APIName = 'Create TAP', - $ExecutingUser + $Headers ) try { $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/authentication/temporaryAccessPassMethods" -tenantid $TenantFilter -type POST -body '{}' -verbose - Write-LogMessage -user $ExecutingUser -API $APIName -message "Created Temporary Access Password (TAP) for $userid" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Created Temporary Access Password (TAP) for $userid" -Sev 'Info' -tenant $TenantFilter return [pscustomobject]@{ resultText = "The TAP for this user is $($GraphRequest.temporaryAccessPass) - This TAP is usable for the next $($GraphRequest.LifetimeInMinutes) minutes" copyField = $($GraphRequest.temporaryAccessPass) state = 'success' @@ -18,7 +18,7 @@ function New-CIPPTAP { } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to created TAP for $($userid): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Failed to created TAP for $($userid): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage Return [pscustomobject]@{ resultText = "Failed to create TAP: $($ErrorMessage.NormalizedError)" state = 'error' } diff --git a/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 b/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 index 1b35fc29eabd..30c8e6c10abc 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPLicense.ps1 @@ -17,10 +17,10 @@ function Remove-CIPPLicense { value = 'Remove-CIPPLicense' } Parameters = [pscustomobject]@{ - userid = $userid - username = $username - APIName = 'Scheduled License Removal' - ExecutingUser = $ExecutingUser + userid = $userid + username = $username + APIName = 'Scheduled License Removal' + Headers = $Headers } ScheduledTime = [int64](([datetime]::UtcNow).AddMinutes(5) - (Get-Date '1/1/1970')).TotalSeconds PostExecution = @{ diff --git a/Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1 b/Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1 index ec686280b938..46514ac6dd14 100644 --- a/Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1 +++ b/Modules/CIPPCore/Public/Request-CIPPSPOPersonalSite.ps1 @@ -5,7 +5,7 @@ function Request-CIPPSPOPersonalSite { [string]$TenantFilter, [Parameter(Mandatory = $true)] [string[]]$UserEmails, - [string]$ExecutingUser = 'CIPP', + [string]$Headers = 'CIPP', [string]$APIName = 'Request-CIPPSPOPersonalSite' ) $UserList = [System.Collections.Generic.List[string]]::new() @@ -42,11 +42,11 @@ function Request-CIPPSPOPersonalSite { try { $Request = New-GraphPostRequest -scope "$AdminURL/.default" -tenantid $TenantFilter -Uri "$AdminURL/_vti_bin/client.svc/ProcessQuery" -Type POST -Body $XML -ContentType 'text/xml' if (!$Request.IsComplete) { throw } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Requested personal site for $($UserEmails -join ', ')" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Requested personal site for $($UserEmails -join ', ')" -Sev 'Info' -tenant $TenantFilter return "Requested personal site for $($UserEmails -join ', ')" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not request personal site for $($UserEmails -join ', '). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not request personal site for $($UserEmails -join ', '). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not request personal site for $($UserEmails -join ', '). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 b/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 index b81d6ebf6654..3a186dc0b27c 100644 --- a/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 +++ b/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 @@ -8,7 +8,7 @@ function Send-CIPPAlert { $JSONContent, $TenantFilter, $APIName = 'Send Alert', - $ExecutingUser, + $Headers, $TableName, $RowKey = [string][guid]::NewGuid() ) diff --git a/Modules/CIPPCore/Public/Set-CIPPAlwaysShowFrom.ps1 b/Modules/CIPPCore/Public/Set-CIPPAlwaysShowFrom.ps1 index 56a8b2575678..8154ca11443b 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAlwaysShowFrom.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAlwaysShowFrom.ps1 @@ -17,7 +17,7 @@ Function Set-CIPPAlwaysShowFrom { .PARAMETER APIName Specifies the name of the API. The default value is "Always Show From". - .PARAMETER ExecutingUser + .PARAMETER Headers Specifies the user who is executing the function. .PARAMETER AlwaysShowFrom @@ -50,7 +50,7 @@ Function Set-CIPPAlwaysShowFrom { [Parameter(ParameterSetName = 'User')] [Parameter(ParameterSetName = 'AllUsers')] - $ExecutingUser, + $Headers, [Parameter(Mandatory = $true, ParameterSetName = 'User')] [Parameter(Mandatory = $true, ParameterSetName = 'AllUsers')] @@ -63,7 +63,7 @@ Function Set-CIPPAlwaysShowFrom { if ($RunOnAllUsersInTenant.IsPresent -eq $true) { $AllUsers = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-Mailbox' -cmdParams @{ ResultSize = 'Unlimited' } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Setting Always Show From to $AlwaysShowFrom for all $($AllUsers.Count) users in $TenantFilter" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Setting Always Show From to $AlwaysShowFrom for all $($AllUsers.Count) users in $TenantFilter" -Sev 'Info' -tenant $TenantFilter $ErrorCount = 0 foreach ($User in $AllUsers) { try { @@ -73,15 +73,15 @@ Function Set-CIPPAlwaysShowFrom { $ErrorCount++ } } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Set Always Show From to $AlwaysShowFrom for $($AllUsers.Count - $ErrorCount) users in $TenantFilter" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Set Always Show From to $AlwaysShowFrom for $($AllUsers.Count - $ErrorCount) users in $TenantFilter" -Sev 'Info' -tenant $TenantFilter return "Set Always Show From to $AlwaysShowFrom for $($AllUsers.Count - $ErrorCount) users in $TenantFilter" } else { try { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-MailboxMessageConfiguration' -anchor $UserID -cmdParams @{AlwaysShowFrom = $AlwaysShowFrom; Identity = $UserID } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Set Always Show From to $AlwaysShowFrom for $UserID" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Set Always Show From to $AlwaysShowFrom for $UserID" -Sev 'Info' -tenant $TenantFilter } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not set Always Show From to $AlwaysShowFrom for $UserID. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not set Always Show From to $AlwaysShowFrom for $UserID. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not set Always Show From to $AlwaysShowFrom for $UserID. Error: $($ErrorMessage.NormalizedError)" } return "Set Always Show From to $AlwaysShowFrom for $UserID" diff --git a/Modules/CIPPCore/Public/Set-CIPPAssignedApplication.ps1 b/Modules/CIPPCore/Public/Set-CIPPAssignedApplication.ps1 index d070d7bea3c2..478f1aa6e2b9 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAssignedApplication.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAssignedApplication.ps1 @@ -7,7 +7,7 @@ function Set-CIPPAssignedApplication { $ApplicationId, $TenantFilter, $APIName = 'Assign Application', - $ExecutingUser + $Headers ) try { @@ -111,12 +111,12 @@ function Set-CIPPAssignedApplication { if ($PSCmdlet.ShouldProcess($GroupName, "Assigning Application $ApplicationId")) { Start-Sleep -Seconds 1 $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($ApplicationId)/assign" -tenantid $TenantFilter -type POST -body ($DefaultAssignmentObject | ConvertTo-Json -Compress -Depth 10) - Write-LogMessage -user $ExecutingUser -API $APIName -message "Assigned Application to $($GroupName)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Assigned Application to $($GroupName)" -Sev 'Info' -tenant $TenantFilter } return "Assigned Application to $($GroupName)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not assign application to $GroupName. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not assign application to $GroupName. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not assign application to $GroupName. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 index 78a1ee21ea5d..671daa0667fa 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 @@ -7,7 +7,7 @@ function Set-CIPPAssignedPolicy { $TenantFilter, $PlatformType, $APIName = 'Assign Policy', - $ExecutingUser + $Headers ) if (!$PlatformType) { $PlatformType = 'deviceManagement' } try { @@ -76,10 +76,10 @@ function Set-CIPPAssignedPolicy { if ($PSCmdlet.ShouldProcess($GroupName, "Assigning policy $PolicyId")) { Write-Host "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" -tenantid $tenantFilter -type POST -body $AssignJSON - Write-LogMessage -user $ExecutingUser -API $APIName -message "Assigned $GroupName to Policy $PolicyId" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Assigned $GroupName to Policy $PolicyId" -Sev 'Info' -tenant $TenantFilter } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId, using Platform $PlatformType and $Type. The error is:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId, using Platform $PlatformType and $Type. The error is:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage } } diff --git a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 index 77cdabfa6374..be7e126de826 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 @@ -11,7 +11,7 @@ function Set-CIPPAuthenticationPolicy { $TAPDefaultLength = 8, #TAP password generated length in chars $TAPisUsableOnce = $true, $APIName = 'Set Authentication Policy', - $ExecutingUser + $Headers ) # Convert bool input to usable string @@ -22,7 +22,7 @@ function Set-CIPPAuthenticationPolicy { $CurrentInfo.state = $State } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage Return "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($ErrorMessage.NormalizedError)" } @@ -55,7 +55,7 @@ function Set-CIPPAuthenticationPolicy { # SMS 'SMS' { if ($State -eq 'enabled') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error return "Setting $AuthenticationMethodId to enabled is not allowed" } } @@ -86,7 +86,7 @@ function Set-CIPPAuthenticationPolicy { 'Voice' { # Disallow enabling voice if ($State -eq 'enabled') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error return "Setting $AuthenticationMethodId to enabled is not allowed" } } @@ -94,7 +94,7 @@ function Set-CIPPAuthenticationPolicy { # Email OTP 'Email' { if ($State -eq 'enabled') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error return "Setting $AuthenticationMethodId to enabled is not allowed" } } @@ -104,7 +104,7 @@ function Set-CIPPAuthenticationPolicy { # Nothing special to do here } Default { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error return "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." } } @@ -113,13 +113,13 @@ function Set-CIPPAuthenticationPolicy { if ($PSCmdlet.ShouldProcess($AuthenticationMethodId, "Set state to $State $OptionalLogMessage")) { # Convert body to JSON and send request $null = New-GraphPostRequest -tenantid $Tenant -Uri "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/$AuthenticationMethodId" -Type patch -Body ($CurrentInfo | ConvertTo-Json -Compress -Depth 10) -ContentType 'application/json' - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Set $AuthenticationMethodId state to $State $OptionalLogMessage" -sev Info + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Set $AuthenticationMethodId state to $State $OptionalLogMessage" -sev Info } return "Set $AuthenticationMethodId state to $State $OptionalLogMessage" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $Tenant -message "Failed to $State $AuthenticationMethodId Support: $ErrorMessage" -sev Error -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Failed to $State $AuthenticationMethodId Support: $ErrorMessage" -sev Error -LogData $ErrorMessage return "Failed to $State $AuthenticationMethodId Support. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPCAExclusion.ps1 b/Modules/CIPPCore/Public/Set-CIPPCAExclusion.ps1 index 9f66cf3e74c5..ea3ad84de6a5 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCAExclusion.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCAExclusion.ps1 @@ -6,7 +6,7 @@ function Set-CIPPCAExclusion { $UserID, $PolicyId, $Username, - $executingUser + $Headers ) try { $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($PolicyId)" -tenantid $TenantFilter -AsApp $true @@ -36,9 +36,9 @@ function Set-CIPPCAExclusion { } } "Successfully performed $($ExclusionType) exclusion for $username from policy $($PolicyId)" - Write-LogMessage -user $executingUser -API 'Set-CIPPConditionalAccessExclusion' -message "Successfully performed $($ExclusionType) exclusion for $username from policy $($PolicyId)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API 'Set-CIPPConditionalAccessExclusion' -message "Successfully performed $($ExclusionType) exclusion for $username from policy $($PolicyId)" -Sev 'Info' -tenant $TenantFilter } catch { "Failed to $($ExclusionType) user exclusion for $username from policy $($PolicyId): $($_.Exception.Message)" - Write-LogMessage -user $executingUser -API 'Set-CIPPConditionalAccessExclusion' -message "Failed to $($ExclusionType) user exclusion for $username from policy $($PolicyId): $_" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Headers -API 'Set-CIPPConditionalAccessExclusion' -message "Failed to $($ExclusionType) user exclusion for $username from policy $($PolicyId): $_" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_) } } diff --git a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 index db069f4f6032..f14b0a07d603 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 @@ -3,7 +3,7 @@ function Set-CIPPCPVConsent { param( $TenantFilter, $APIName = 'CPV Consent', - $ExecutingUser, + $Headers, [bool]$ResetSP = $false ) $Results = [System.Collections.Generic.List[string]]::new() diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 index ac523c8e1101..c96b2d215dc8 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 @@ -14,7 +14,7 @@ function Set-CIPPDefaultAPDeploymentProfile { $hidePrivacy, $hideTerms, $Autokeyboard, - $ExecutingUser, + $Headers, $Language = 'os-default', $APIName = 'Add Default Enrollment Status Page' ) diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 index 27ccfec1abde..76536b4c7441 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 @@ -10,7 +10,7 @@ function Set-CIPPDefaultAPEnrollment { $TimeOutInMinutes, $AllowFail, $OBEEOnly, - $ExecutingUser, + $Headers, $APIName = 'Add Default Enrollment Status Page' ) diff --git a/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 index 3cf9ae487b22..583dc58983be 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDeviceState.ps1 @@ -20,14 +20,14 @@ .PARAMETER TenantFilter Specifies the tenant ID or domain against which to perform the operation. - .PARAMETER ExecutingUser + .PARAMETER Headers Specifies the user who initiated the request for logging purposes. .PARAMETER APIName Specifies the name of the API call for logging purposes. Defaults to 'Set Device State'. .EXAMPLE - Set-CIPPDeviceState -Action Enable -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" -ExecutingUser "admin@contoso.onmicrosoft.com" + Set-CIPPDeviceState -Action Enable -DeviceID "1234abcd-5678-efgh-ijkl-9012mnopqrst" -TenantFilter "contoso.onmicrosoft.com" -Headers "admin@contoso.onmicrosoft.com" This command enables the specified device within the given tenant. diff --git a/Modules/CIPPCore/Public/Set-CIPPGDAPAutoExtend.ps1 b/Modules/CIPPCore/Public/Set-CIPPGDAPAutoExtend.ps1 index 4143c122d706..2d8a7dbb7572 100644 --- a/Modules/CIPPCore/Public/Set-CIPPGDAPAutoExtend.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPGDAPAutoExtend.ps1 @@ -4,7 +4,7 @@ function Set-CIPPGDAPAutoExtend { $RelationShipid, [switch]$All, $APIName = 'Set GDAP Auto Exension', - $ExecutingUser + $Headers ) $ReturnedData = if ($All -eq $true) { @@ -14,7 +14,7 @@ function Set-CIPPGDAPAutoExtend { $AddedHeader = @{'If-Match' = $Relation.'@odata.etag' } if ($PSCmdlet.ShouldProcess($Relation.id, "Set auto renew for $($Relation.customer.displayName)")) { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($Relation.id)" -tenantid $env:TenantID -type PATCH -body '{"autoExtendDuration":"P180D"}' -Verbose -NoAuthCheck $true -AddedHeaders $AddedHeader - Write-LogMessage -user $ExecutingUser -API $APIName -message "Successfully set auto renew for tenant $($Relation.customer.displayName) with ID $($RelationShipid)" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -message "Successfully set auto renew for tenant $($Relation.customer.displayName) with ID $($RelationShipid)" -Sev 'Info' @("Successfully set auto renew for tenant $($Relation.customer.displayName) with ID $($Relation.id)" ) } } catch { @@ -29,7 +29,7 @@ function Set-CIPPGDAPAutoExtend { $AddedHeader = @{'If-Match' = $Relationship.'@odata.etag' } if ($PSCmdlet.ShouldProcess($RelationShipid, "Set auto renew for $($Relationship.customer.displayName)")) { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($RelationShipid)" -tenantid $env:TenantID -type PATCH -body '{"autoExtendDuration":"P180D"}' -Verbose -NoAuthCheck $true -AddedHeaders $AddedHeader - write-LogMessage -user $ExecutingUser -API $APIName -message "Successfully set auto renew for tenant $($Relationship.customer.displayName) with ID $($RelationShipid)" -Sev 'Info' + write-LogMessage -headers $Headers -API $APIName -message "Successfully set auto renew for tenant $($Relationship.customer.displayName) with ID $($RelationShipid)" -Sev 'Info' @("Successfully set auto renew for tenant $($Relationship.customer.displayName) with ID $($RelationShipid)" ) } } catch { diff --git a/Modules/CIPPCore/Public/Set-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/Set-CIPPGraphSubscription.ps1 index c5cd14a1a7aa..aebf8b0e83c9 100644 --- a/Modules/CIPPCore/Public/Set-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPGraphSubscription.ps1 @@ -6,7 +6,7 @@ function Set-CIPPGraphSubscription { $Resource, $EventType, $APIName = 'Set Graph Webhook', - $ExecutingUser + $Headers ) if ($RenewSubscriptions) { @@ -26,7 +26,7 @@ function Set-CIPPGraphSubscription { } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to renew Webhook Subscription: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Failed to renew Webhook Subscription: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Failed to renew Webhook Subscription $($WebhookRow.RowKey): $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPGroupAuthentication.ps1 b/Modules/CIPPCore/Public/Set-CIPPGroupAuthentication.ps1 index e8d65c89fb5a..6fca31b53dbf 100644 --- a/Modules/CIPPCore/Public/Set-CIPPGroupAuthentication.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPGroupAuthentication.ps1 @@ -1,5 +1,5 @@ function Set-CIPPGroupAuthentication( - [string]$ExecutingUser, + [string]$Headers, [string]$GroupType, [string]$Id, [string]$OnlyAllowInternalString, @@ -15,15 +15,15 @@ function Set-CIPPGroupAuthentication( } elseif ($GroupType -eq 'Microsoft 365') { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-UnifiedGroup' -cmdParams @{Identity = $Id; RequireSenderAuthenticationEnabled = $OnlyAllowInternal } } elseif ($GroupType -eq 'Security') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message 'This setting cannot be set on a security group.' -Sev 'Error' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message 'This setting cannot be set on a security group.' -Sev 'Error' return "$GroupType's group cannot have this setting changed" } - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "$Id set to allow messages from people $messageSuffix" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "$Id set to allow messages from people $messageSuffix" -Sev 'Info' return "Set $GroupType group $Id to allow messages from people $messageSuffix" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Delivery Management failed: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Delivery Management failed: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Failed. $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPGroupGAL.ps1 b/Modules/CIPPCore/Public/Set-CIPPGroupGAL.ps1 index 0da6ddf798a6..1f2ecb0c07af 100644 --- a/Modules/CIPPCore/Public/Set-CIPPGroupGAL.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPGroupGAL.ps1 @@ -1,5 +1,5 @@ function Set-CIPPGroupGAL( - [string]$ExecutingUser, + [string]$Headers, [string]$GroupType, [string]$Id, [string]$HiddenString, @@ -15,15 +15,15 @@ function Set-CIPPGroupGAL( } elseif ($GroupType -eq 'Microsoft 365') { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-UnifiedGroup' -cmdParams @{Identity = $Id; HiddenFromAddressListsEnabled = $Hidden } } elseif ($GroupType -eq 'Security') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message 'This setting cannot be set on a security group.' -Sev 'Error' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message 'This setting cannot be set on a security group.' -Sev 'Error' return "$GroupType's group cannot have this setting changed" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "$Id $messageSuffix from GAL failed: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "$Id $messageSuffix from GAL failed: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Failed. $($ErrorMessage.NormalizedError)" } - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "$Id $messageSuffix from GAL" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "$Id $messageSuffix from GAL" -Sev 'Info' return "Successfully $messageSuffix $GroupType group $Id from GAL." } diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 index 041ce6ec8937..9a5e0c6ecace 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 @@ -1,7 +1,7 @@ function Set-CIPPMailboxArchive { [CmdletBinding()] param ( - $ExecutingUser, + $Headers, $userid, $username, $APIName = 'Mailbox Archive', diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxLocale.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxLocale.ps1 index ae7093b7714e..42f922e7891a 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMailboxLocale.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMailboxLocale.ps1 @@ -1,7 +1,7 @@ function Set-CippMailboxLocale { [CmdletBinding()] param ( - $ExecutingUser, + $Headers, $locale, $username, $APIName = 'Mailbox Locale', @@ -14,11 +14,11 @@ function Set-CippMailboxLocale { Language = $locale LocalizeDefaultFolderName = $true } -Anchor $username - Write-LogMessage -user $ExecutingUser -API $APIName -message "set locale for $($username) to a $locale" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "set locale for $($username) to a $locale" -Sev 'Info' -tenant $TenantFilter return "set locale for $($username) to a $locale" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not set locale for $($username). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not set locale for $($username). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not set locale for $username. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPMessageCopy.ps1 b/Modules/CIPPCore/Public/Set-CIPPMessageCopy.ps1 index dae07baf9bf4..8f3e6fe17c33 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMessageCopy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMessageCopy.ps1 @@ -5,15 +5,15 @@ function Set-CIPPMessageCopy { $MessageCopyForSentAsEnabled, $TenantFilter, $APIName = 'Manage OneDrive Access', - $ExecutingUser + $Headers ) Try { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $userid; MessageCopyForSentAsEnabled = $MessageCopyForSentAsEnabled } - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantfilter) -message "Successfully set MessageCopyForSentAsEnabled as $MessageCopyForSentAsEnabled on $($userid)." -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantfilter) -message "Successfully set MessageCopyForSentAsEnabled as $MessageCopyForSentAsEnabled on $($userid)." -Sev 'Info' return "Successfully set MessageCopyForSentAsEnabled as $MessageCopyForSentAsEnabled on $($userid)." } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $($tenantfilter) -message "set MessageCopyForSentAsEnabled to $MessageCopyForSentAsEnabled failed: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantfilter) -message "set MessageCopyForSentAsEnabled to $MessageCopyForSentAsEnabled failed: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "set MessageCopyForSentAsEnabled to $MessageCopyForSentAsEnabled failed - $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPMobileDevice.ps1 b/Modules/CIPPCore/Public/Set-CIPPMobileDevice.ps1 index 830a02cd2564..9726efad1b3f 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMobileDevice.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMobileDevice.ps1 @@ -1,5 +1,5 @@ function Set-CIPPMobileDevice( - [string]$ExecutingUser, + [string]$Headers, [string]$Quarantine, [string]$UserId, [string]$DeviceId, @@ -12,20 +12,20 @@ function Set-CIPPMobileDevice( try { if ($Quarantine -eq 'false') { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-CASMailbox' -cmdParams @{Identity = $UserId; ActiveSyncAllowedDeviceIDs = @{'@odata.type' = '#Exchange.GenericHashTable'; add = $DeviceId } } - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Allow Active Sync Device for $UserId" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Allow Active Sync Device for $UserId" -Sev 'Info' return "Allowed Active Sync Device for $UserId" } elseif ($Quarantine -eq 'true') { New-ExoRequest -tenantid $TenantFilter -cmdlet 'Set-CASMailbox' -cmdParams @{Identity = $UserId; ActiveSyncBlockedDeviceIDs = @{'@odata.type' = '#Exchange.GenericHashTable'; add = $DeviceId } } - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Blocked Active Sync Device for $UserId" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Blocked Active Sync Device for $UserId" -Sev 'Info' return "Blocked Active Sync Device for $UserId" } } catch { $ErrorMessage = Get-CippException -Exception $_ if ($Quarantine -eq 'false') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed to Allow Active Sync Device for $($UserId): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed to Allow Active Sync Device for $($UserId): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Failed to Allow Active Sync Device for $($UserId): $($ErrorMessage.NormalizedError)" } elseif ($Quarantine -eq 'true') { - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed to Block Active Sync Device for $($UserId): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed to Block Active Sync Device for $($UserId): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Failed to Block Active Sync Device for $($UserId): $($ErrorMessage.NormalizedError)" } } @@ -33,12 +33,12 @@ function Set-CIPPMobileDevice( try { if ($Delete -eq 'true') { New-ExoRequest -tenant $TenantFilter -cmdlet 'Remove-MobileDevice' -cmdParams @{Identity = $Guid; Confirm = $false } -UseSystemMailbox $true - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Deleted Active Sync Device for $UserId" -Sev 'Info' + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Deleted Active Sync Device for $UserId" -Sev 'Info' return "Deleted Active Sync Device for $UserId" } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message "Failed to delete Mobile Device $($Guid): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed to delete Mobile Device $($Guid): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return "Failed to delete Mobile Device $($Guid): $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPNamedLocation.ps1 b/Modules/CIPPCore/Public/Set-CIPPNamedLocation.ps1 index 2a5eb8477915..3f23365c31be 100644 --- a/Modules/CIPPCore/Public/Set-CIPPNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPNamedLocation.ps1 @@ -8,7 +8,7 @@ function Set-CIPPNamedLocation { $change, $content, $APIName = 'Set Named Location', - $ExecutingUser + $Headers ) try { @@ -36,12 +36,12 @@ function Set-CIPPNamedLocation { } $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations/$NamedLocationId" -tenantid $TenantFilter -type PATCH -body $($NamedLocations | ConvertTo-Json -Compress -Depth 10) - Write-LogMessage -user $ExecutingUser -API $APIName -message "Edited named location. Change: $change with content $($content)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Edited named location. Change: $change with content $($content)" -Sev 'Info' -tenant $TenantFilter } return "Edited named location. Change: $change with content $($content)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to edit named location: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Failed to edit named location: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Failed to edit named location. Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 b/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 index f1fd6b5c2121..0cb76246c828 100644 --- a/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 @@ -15,11 +15,11 @@ function Set-CIPPPerUserMFA { .PARAMETER State State to set the user to (enabled, disabled, enforced) - .PARAMETER executingUser + .PARAMETER Headers User executing the command .EXAMPLE - Set-CIPPPerUserMFA -TenantFilter 'contoso.onmicrosoft.com' -userId user@contoso.onmicrosoft.com -State 'disabled' -executingUser 'mspuser@partner.com' + Set-CIPPPerUserMFA -TenantFilter 'contoso.onmicrosoft.com' -userId user@contoso.onmicrosoft.com -State 'disabled' -Headers 'mspuser@partner.com' #> [CmdletBinding()] param( @@ -29,7 +29,7 @@ function Set-CIPPPerUserMFA { [string[]]$userId, [ValidateSet('enabled', 'disabled', 'enforced')] $State = 'enabled', - [string]$executingUser = 'CIPP' + [string]$Headers = 'CIPP' ) try { $int = 0 @@ -61,10 +61,10 @@ function Set-CIPPPerUserMFA { } } Set-CIPPUserSchemaProperties -TenantFilter $TenantFilter -Users $Users - Write-LogMessage -user $executingUser -API 'Set-CIPPPerUserMFA' -message "Successfully set Per user MFA State to $State for $id" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API 'Set-CIPPPerUserMFA' -message "Successfully set Per user MFA State to $State for $id" -Sev 'Info' -tenant $TenantFilter } catch { $ErrorMessage = Get-CippException -Exception $_ "Failed to set MFA State for $id. Error: $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $executingUser -API 'Set-CIPPPerUserMFA' -message "Failed to set MFA State to $State for $id. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API 'Set-CIPPPerUserMFA' -message "Failed to set MFA State to $State for $id. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage } } diff --git a/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1 b/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1 index fb829701390c..3069799de39f 100644 --- a/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPProfilePhoto.ps1 @@ -7,16 +7,16 @@ function Set-CIPPProfilePhoto { $type = 'users', $ContentType = 'image/png', $PhotoBase64, - $executingUser + $Headers ) try { $PhotoBytes = [Convert]::FromBase64String($PhotoBase64) New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$type/$id/photo/`$value" -tenantid $tenantfilter -type PUT -body $PhotoBytes -ContentType $ContentType "Successfully set profile photo for $id" - Write-LogMessage -user $executingUser -API 'Set-CIPPUserProfilePhoto' -message "Successfully set profile photo for $id" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API 'Set-CIPPUserProfilePhoto' -message "Successfully set profile photo for $id" -Sev 'Info' -tenant $TenantFilter } catch { $ErrorMessage = Get-CippException -Exception $_ "Failed to set profile photo for $id. Error: $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $executingUser -API 'Set-CIPPUserProfilePhoto' -message "Failed to set profile photo for $id. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API 'Set-CIPPUserProfilePhoto' -message "Failed to set profile photo for $id. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage } } diff --git a/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 b/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 index 81a985bf6d36..441854f5e831 100644 --- a/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 @@ -7,7 +7,7 @@ function Set-CIPPSignature { $TenantFilter, $State, $APIName = 'Set Outlook Roaming Signature', - $ExecutingUser, + $Headers, $StartTime, $EndTime ) @@ -17,12 +17,12 @@ function Set-CIPPSignature { [{"name":"Roaming_New_Signature","itemClass":"","id":"","scope":"AdeleV@M365x42953883.OnMicrosoft.com","parentSetting":"","secondaryKey":"","type":"String","timestamp":638296273181532792,"metadata":"","value":"Kelvin","isFirstSync":"true","source":"UserOverride"}] '@ $null = New-GraphPostRequest -uri 'https://substrate.office.com/ows/beta/outlookcloudsettings/settings/global' -tenantid $TenantFilter -type PATCH -contentType 'application/json' -verbose -scope 'https://outlook.office.com/.default' - Write-LogMessage -user $ExecutingUser -API $APIName -message "Set Out-of-office for $($userid) to $state" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Set Out-of-office for $($userid) to $state" -Sev 'Info' -tenant $TenantFilter return "Set Out-of-office for $($userid) to $state." } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add OOO for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APIName -message "Could not add OOO for $($userid). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage return "Could not add out of office message for $($userid). Error: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 index 51182481cfa2..b4badee0ad00 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 @@ -15,7 +15,7 @@ function Invoke-CIPPStandardConditionalAccessTemplate { MULTIPLE True DISABLEDFEATURES - + IMPACT High ADDEDCOMPONENT @@ -39,7 +39,7 @@ function Invoke-CIPPStandardConditionalAccessTemplate { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'CATemplate' and RowKey eq '$($Setting.TemplateList.value)'" $JSONObj = (Get-CippAzDataTableEntity @Table -Filter $Filter).JSON - $null = New-CIPPCAPolicy -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' -ReplacePattern 'displayName' + $null = New-CIPPCAPolicy -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -Headers $request.headers.'x-ms-client-principal' -ReplacePattern 'displayName' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update conditional access rule $($JSONObj.displayName). Error: $ErrorMessage" -sev 'Error' diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index 411497f4cb30..cfb430ce0bc7 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -3,7 +3,7 @@ function Test-CIPPAccessPermissions { param ( $TenantFilter, $APIName = 'Access Check', - $ExecutingUser + $Headers ) $User = $request.headers.'x-ms-client-principal' diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 index 575993740ca6..b895a40c9574 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 @@ -3,7 +3,7 @@ function Test-CIPPAccessTenant { param ( $Tenant = 'AllTenants', $APIName = 'Access Check', - $ExecutingUser + $Headers ) $ExpectedRoles = @( @{ Name = 'Application Administrator'; Id = '9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3' }, @@ -98,7 +98,7 @@ function Test-CIPPAccessTenant { } catch { $ErrorMessage = Get-CippException -Exception $_ $GraphTest = "Failed to connect to Graph: $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $tenant.defaultDomainName -message "Tenant access check failed: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -tenant $tenant.defaultDomainName -message "Tenant access check failed: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } try { @@ -112,11 +112,11 @@ function Test-CIPPAccessTenant { if ($null -eq $Message) { $Message = $($_.Exception.Message) } $ExchangeTest = "Failed to connect to Exchange: $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $tenant.defaultDomainName -message "Tenant access check for Exchange failed: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -tenant $tenant.defaultDomainName -message "Tenant access check for Exchange failed: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } if ($GraphStatus -and $ExchangeStatus) { - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant.defaultDomainName -tenantId $Tenant.customerId -message 'Tenant access check executed successfully' -Sev 'Info' + Write-LogMessage -headers $Headers -API $APINAME -tenant $Tenant.defaultDomainName -tenantId $Tenant.customerId -message 'Tenant access check executed successfully' -Sev 'Info' } $Results.GraphStatus = $GraphStatus @@ -126,7 +126,7 @@ function Test-CIPPAccessTenant { $Results.GDAPRoles = @($GDAPRoles) $Results.MissingRoles = @($MissingRoles) - $ExecutingUser = $ExecutingUser.UserDetails + $Headers = $Headers.UserDetails $Entity = @{ PartitionKey = 'TenantAccessChecks' RowKey = $Tenant.customerId @@ -136,7 +136,7 @@ function Test-CIPPAccessTenant { try { $null = Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force } catch { - Write-LogMessage -user $ExecutingUser -API $APINAME -tenant $Tenant.defaultDomainName -message "Failed to add access check for $($Tenant.customerId): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) + Write-LogMessage -headers $Headers -API $APINAME -tenant $Tenant.defaultDomainName -message "Failed to add access check for $($Tenant.customerId): $($_.Exception.Message)" -Sev 'Error' -LogData (Get-CippException -Exception $_) } } diff --git a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 index 09cf46fe35c4..596fc6a8e19c 100644 --- a/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPGDAPRelationships.ps1 @@ -3,7 +3,7 @@ function Test-CIPPGDAPRelationships { param ( $TenantFilter, $APIName = 'Access Check', - $ExecutingUser + $Headers ) $GDAPissues = [System.Collections.Generic.List[object]]@() @@ -95,7 +95,7 @@ function Test-CIPPGDAPRelationships { } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APINAME -message "Failed to run GDAP check for $($TenantFilter): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $APINAME -message "Failed to run GDAP check for $($TenantFilter): $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage } $GDAPRelationships = [PSCustomObject]@{ diff --git a/Modules/CIPPCore/Public/Test-CIPPRerun.ps1 b/Modules/CIPPCore/Public/Test-CIPPRerun.ps1 index 39384ad879bc..a7f5ed0d676a 100644 --- a/Modules/CIPPCore/Public/Test-CIPPRerun.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPRerun.ps1 @@ -5,7 +5,7 @@ function Test-CIPPRerun { $Type, $API, $Settings, - $ExecutingUser, + $Headers, [switch]$Clear, [switch]$ClearAll ) @@ -45,7 +45,7 @@ function Test-CIPPRerun { } } if ($RerunData.EstimatedNextRun -gt $CurrentUnixTime) { - Write-LogMessage -API $API -message "Standard rerun detected for $($API). Prevented from running again." -tenant $TenantFilter -user $ExecutingUser -Sev 'Info' + Write-LogMessage -API $API -message "Standard rerun detected for $($API). Prevented from running again." -tenant $TenantFilter -headers $Headers -Sev 'Info' return $true } else { $RerunData.EstimatedNextRun = $EstimatedNextRun @@ -67,7 +67,7 @@ function Test-CIPPRerun { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-Host "Could not detect if this is a rerun: $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExecutingUser -API $API -message "Could not detect if this is a rerun: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -headers $Headers -API $API -message "Could not detect if this is a rerun: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage return $false } } diff --git a/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 b/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 index 0ac6acf10bbb..610a59ea2548 100644 --- a/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 @@ -29,7 +29,7 @@ function Invoke-CippGraphWebhookRenewal { $EventType = "$($UpdateSub.EventType)" Write-LogMessage -user 'CIPP' -API 'Renew_Graph_Subscriptions' -message "Recreating: $($UpdateSub.SubscriptionID) as renewal failed." -Sev "Info" -tenant $TenantFilter - $CreateResult = New-CIPPGraphSubscription -TenantFilter $TenantFilter -TypeofSubscription $TypeofSubscription -BaseURL $BaseURL -Resource $Resource -EventType $EventType -ExecutingUser 'GraphSubscriptionRenewal' -Recreate + $CreateResult = New-CIPPGraphSubscription -TenantFilter $TenantFilter -TypeofSubscription $TypeofSubscription -BaseURL $BaseURL -Resource $Resource -EventType $EventType -Headers 'GraphSubscriptionRenewal' -Recreate if ($CreateResult -match 'Created Webhook subscription for') { Remove-AzDataTableEntity -Force @WebhookTable -Entity $UpdateSub diff --git a/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPWebhookProcessing.ps1 index ae8ad7a8ff74..e1850d93f551 100644 --- a/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPWebhookProcessing.ps1 @@ -7,7 +7,7 @@ function Invoke-CippWebhookProcessing { $Operations, $CIPPURL, $APIName = 'Process webhook', - $ExecutingUser + $Headers ) $AuditLogTable = Get-CIPPTable -TableName 'AuditLogs' @@ -26,13 +26,13 @@ function Invoke-CippWebhookProcessing { Write-Host "this is our action: $($action | ConvertTo-Json -Depth 15 -Compress)" switch ($action) { 'disableUser' { - Set-CIPPSignInState -TenantFilter $TenantFilter -User $data.UserId -AccountEnabled $false -APIName 'Alert Engine' -ExecutingUser 'Alert Engine' + Set-CIPPSignInState -TenantFilter $TenantFilter -User $data.UserId -AccountEnabled $false -APIName 'Alert Engine' -Headers 'Alert Engine' } 'becremediate' { $username = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($data.UserId)" -tenantid $TenantFilter).UserPrincipalName - Set-CIPPResetPassword -UserID $username -tenantFilter $TenantFilter -APIName 'Alert Engine' -ExecutingUser 'Alert Engine' - Set-CIPPSignInState -userid $username -AccountEnabled $false -tenantFilter $TenantFilter -APIName 'Alert Engine' -ExecutingUser 'Alert Engine' - Revoke-CIPPSessions -userid $username -username $username -ExecutingUser 'Alert Engine' -APIName 'Alert Engine' -tenantFilter $TenantFilter + Set-CIPPResetPassword -UserID $username -tenantFilter $TenantFilter -APIName 'Alert Engine' -Headers 'Alert Engine' + Set-CIPPSignInState -userid $username -AccountEnabled $false -tenantFilter $TenantFilter -APIName 'Alert Engine' -Headers 'Alert Engine' + Revoke-CIPPSessions -userid $username -username $username -Headers 'Alert Engine' -APIName 'Alert Engine' -tenantFilter $TenantFilter $RuleDisabled = 0 New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $username; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } | ForEach-Object { $null = New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'Disable-InboxRule' -cmdParams @{Confirm = $false; Identity = $_.Identity } diff --git a/Modules/CIPPCore/Public/Webhooks/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/Webhooks/New-CIPPGraphSubscription.ps1 index c03f02629b58..a68ab8923a8b 100644 --- a/Modules/CIPPCore/Public/Webhooks/New-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/New-CIPPGraphSubscription.ps1 @@ -8,7 +8,7 @@ function New-CIPPGraphSubscription { $Resource, $EventType, $APIName = 'Create Webhook', - $ExecutingUser, + $Headers, [Switch]$Recreate, [switch]$PartnerCenter ) @@ -68,14 +68,14 @@ function New-CIPPGraphSubscription { WebhookNotificationUrl = [string]$Body.WebhookUrl } $null = Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow -Force - Write-LogMessage -user $ExecutingUser -API $APIName -message "$Action Partner Center Webhook subscription" -Sev 'Info' -tenant 'PartnerTenant' + Write-LogMessage -headers $Headers -API $APIName -message "$Action Partner Center Webhook subscription" -Sev 'Info' -tenant 'PartnerTenant' return "$Action Partner Center Webhook subscription" } else { - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Existing Partner Center Webhook subscription found' -Sev 'Info' -tenant 'PartnerTenant' + Write-LogMessage -headers $Headers -API $APIName -message 'Existing Partner Center Webhook subscription found' -Sev 'Info' -tenant 'PartnerTenant' return 'Existing Partner Center Webhook subscription found' } } catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Partner Center Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant 'PartnerTenant' + Write-LogMessage -headers $Headers -API $APIName -message "Failed to create Partner Center Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant 'PartnerTenant' return "Failed to create Partner Webhook Subscription: $($_.Exception.Message)" } @@ -111,14 +111,14 @@ function New-CIPPGraphSubscription { $null = Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow #todo: add remove webhook function, add check webhook function, add list webhooks function #add refresh webhook function based on table. - Write-LogMessage -user $ExecutingUser -API $APIName -message "Created Graph Webhook subscription for $($TenantFilter)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Created Graph Webhook subscription for $($TenantFilter)" -Sev 'Info' -tenant $TenantFilter } else { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Existing Graph Webhook subscription for $($TenantFilter) found" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Existing Graph Webhook subscription for $($TenantFilter) found" -Sev 'Info' -tenant $TenantFilter } } return "Created Webhook subscription for $($TenantFilter)" } catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Failed to create Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter Return "Failed to create Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Webhooks/Remove-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/Webhooks/Remove-CIPPGraphSubscription.ps1 index a9b35a01c3e6..24769a81b3c6 100644 --- a/Modules/CIPPCore/Public/Webhooks/Remove-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Remove-CIPPGraphSubscription.ps1 @@ -6,7 +6,7 @@ function Remove-CIPPGraphSubscription { $APIName = 'Remove Graph Webhook', $Type, $EventType, - $ExecutingUser, + $Headers, $Cleanup = $false ) try { @@ -20,11 +20,11 @@ function Remove-CIPPGraphSubscription { $WebhookRow = Get-CIPPAzDataTableEntity @WebhookTable | Where-Object { $_.PartitionKey -eq $TenantFilter -and $_.Resource -eq $EventType -and $_.version -ne '2' } $null = Remove-AzDataTableEntity -Force @WebhookTable -Entity $Entity } catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Deleted an audit log webhook that was already removed from CIPP' -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message 'Deleted an audit log webhook that was already removed from CIPP' -Sev 'Info' -tenant $TenantFilter } } catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to cleanup old audit logs: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Failed to cleanup old audit logs: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter } } } else { @@ -39,7 +39,7 @@ function Remove-CIPPGraphSubscription { try { $AuditLog = New-GraphPOSTRequest -uri "https://manage.office.com/api/v1.0/$($TenantFilter)/activity/feed/subscriptions/stop?contentType=$($EventType)" -scope 'https://manage.office.com/.default' -tenantid $TenantFilter -type POST -body '{}' -verbose } catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to remove webhook subscription at Microsoft's side: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Failed to remove webhook subscription at Microsoft's side: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter } $null = Remove-AzDataTableEntity -Force @WebhookTable -Entity $Entity } else { @@ -50,7 +50,7 @@ function Remove-CIPPGraphSubscription { return "Removed webhook subscription to $($WebhookRow.resource) for $($TenantFilter)" } } catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to renew Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -headers $Headers -API $APIName -message "Failed to renew Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter return "Failed to remove Webhook Subscription $($GraphRequest.value.notificationUrl): $($_.Exception.Message)" } } diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 index 67e54991324e..b280394b3e0d 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 @@ -13,7 +13,7 @@ function Invoke-NinjaOneDeviceWebhook { } if ($MappedFields.DeviceCompliance) { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Webhook Recieved - Updating NinjaOne Device compliance for $($Data.resourceData.id) in $($Data.tenantId)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -user $Headers -API $APIName -message "Webhook Recieved - Updating NinjaOne Device compliance for $($Data.resourceData.id) in $($Data.tenantId)" -Sev 'Info' -tenant $TenantFilter $tenantfilter = $Data.tenantId $M365DeviceID = $Data.resourceData.id diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index 7008402506bf..25a987a3bf79 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -886,7 +886,7 @@ function Invoke-NinjaOneTenantSync { # Enable Device Updates Subscription if needed. if ($MappedFields.DeviceCompliance) { - New-CIPPGraphSubscription -TenantFilter $TenantFilter -TypeofSubscription 'updated' -BaseURL $CIPPUrl -Resource 'devices' -EventType 'DeviceUpdate' -ExecutingUser 'NinjaOneSync' + New-CIPPGraphSubscription -TenantFilter $TenantFilter -TypeofSubscription 'updated' -BaseURL $CIPPUrl -Resource 'devices' -EventType 'DeviceUpdate' -Headers 'NinjaOneSync' } Write-Information 'Processed Devices' From 86af7dd0366aea821f3721fbe88b811a721ea04a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 10 Feb 2025 10:53:52 -0500 Subject: [PATCH 091/138] Update Get-HaloTicketType.ps1 --- Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 b/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 index a69b5915e761..6ed6d21e4054 100644 --- a/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 +++ b/Modules/CippExtensions/Public/Halo/Get-HaloTicketType.ps1 @@ -15,7 +15,7 @@ function Get-HaloTicketType { $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).HaloPSA $Token = Get-HaloToken -configuration $Configuration - Invoke-RestMethod -Uri "$($Configuration.ResourceURL)/TicketType?showall=true&showinactive=true&access_control_level=2&include_defaults=true&domain=reqs" -ContentType 'application/json' -Method GET -Headers @{Authorization = "Bearer $($Token.access_token)" } + Invoke-RestMethod -Uri "$($Configuration.ResourceURL)/TicketType?showall=true" -ContentType 'application/json' -Method GET -Headers @{Authorization = "Bearer $($Token.access_token)" } } catch { $Message = if ($_.ErrorDetails.Message) { Get-NormalizedError -Message $_.ErrorDetails.Message From f3ae44c681986f90c36edf5ba3bcdcb12fee0187 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:06:34 +0100 Subject: [PATCH 092/138] header update --- .../CIPP/Core/Invoke-GetCippAlerts.ps1 | 2 +- .../Scheduler/Invoke-RemoveScheduledItem.ps1 | 4 ++-- .../CIPP/Settings/Invoke-ExecAccessChecks.ps1 | 10 ++++---- .../Settings/Invoke-ExecExcludeTenant.ps1 | 2 +- .../Email-Exchange/Invoke-AddRoomMailbox.ps1 | 8 +++---- .../Invoke-AddSharedMailbox.ps1 | 14 +++++------ .../Invoke-AddTransportRule.ps1 | 8 +++---- .../Invoke-AddTransportTemplate.ps1 | 8 +++---- .../Email-Exchange/Invoke-EditContact.ps1 | 8 +++---- .../Email-Exchange/Invoke-EditExConnector.ps1 | 8 +++---- .../Invoke-EditTransportRule.ps1 | 8 +++---- .../Invoke-ExecConverttoRoomMailbox.ps1 | 4 ++-- .../Invoke-ExecConverttoSharedMailbox.ps1 | 4 ++-- .../Email-Exchange/Invoke-ExecCopyForSent.ps1 | 2 +- .../Invoke-ExecEmailForward.ps1 | 4 ++-- .../Invoke-ExecEnableArchive.ps1 | 2 +- .../Invoke-ExecGroupsDeliveryManagement.ps1 | 2 +- .../Invoke-ExecGroupsHideFromGAL.ps1 | 2 +- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 4 ++-- .../Invoke-ExecMailboxMobileDevices.ps1 | 2 +- .../Invoke-ExecRemoveMailboxRule.ps1 | 4 ++-- .../Invoke-ExecSetMailboxLocale.ps1 | 4 ++-- .../Email-Exchange/Invoke-ExecSetOoO.ps1 | 4 ++-- ...Invoke-ExecStartManagedFolderAssistant.ps1 | 6 ++--- .../Invoke-ListGlobalAddressList.ps1 | 4 ++-- .../Email-Exchange/Invoke-ListOoO.ps1 | 2 +- .../Autopilot/Invoke-ExecAssignAPDevice.ps1 | 8 +++---- .../Endpoint/MEM/Invoke-EditIntuneScript.ps1 | 4 ++-- .../Endpoint/MEM/Invoke-ExecDeviceAction.ps1 | 2 +- .../MEM/Invoke-ExecGetLocalAdminPassword.ps1 | 2 +- .../MEM/Invoke-ExecGetRecoveryKey.ps1 | 2 +- .../Endpoint/MEM/Invoke-ListIntuneScript.ps1 | 4 ++-- .../MEM/Invoke-RemoveIntuneScript.ps1 | 4 ++-- .../Devices/Invoke-ExecDeviceDelete.ps1 | 4 ++-- .../Groups/Invoke-EditGroup.ps1 | 2 +- .../Administration/Users/Invoke-EditUser.ps1 | 2 +- .../Users/Invoke-ExecBECRemediate.ps1 | 4 ++-- .../Users/Invoke-ExecCreateTAP.ps1 | 2 +- .../Users/Invoke-ExecDisableUser.ps1 | 2 +- .../Users/Invoke-ExecJITAdmin.ps1 | 8 +++---- .../Users/Invoke-ExecOneDriveShortCut.ps1 | 2 +- .../Users/Invoke-ExecOnedriveProvision.ps1 | 2 +- .../Users/Invoke-ExecPerUserMFA.ps1 | 2 +- .../Users/Invoke-ExecPerUserMFAAllUsers.ps1 | 2 +- .../Users/Invoke-ExecResetMFA.ps1 | 2 +- .../Users/Invoke-ExecResetPass.ps1 | 2 +- .../Users/Invoke-ExecRevokeSessions.ps1 | 2 +- .../Users/Invoke-ListPerUserMFA.ps1 | 4 ++-- .../Users/Invoke-ListUserMailboxRules.ps1 | 6 ++--- .../Invoke-ExecSetSharePointMember.ps1 | 4 ++-- .../Invoke-ExecSharePointPerms.ps1 | 4 ++-- ...ke-ExecTeamsVoicePhoneNumberAssignment.ps1 | 8 +++---- .../Invoke-ListAppConsentRequests.ps1 | 2 +- .../Tenant/Conditional/Invoke-AddCAPolicy.ps1 | 2 +- .../Conditional/Invoke-ExecCAExclusion.ps1 | 2 +- .../Conditional/Invoke-ExecNamedLocation.ps1 | 2 +- .../Entrypoints/Invoke-ExecSyncAPDevices.ps1 | 8 +++---- .../Invoke-ListAzureADConnectStatus.ps1 | 4 ++-- .../Entrypoints/Invoke-ListDefenderTVM.ps1 | 4 ++-- .../Entrypoints/Invoke-ListDeletedItems.ps1 | 4 ++-- .../Invoke-ListExchangeConnectors.ps1 | 4 ++-- .../Invoke-ListGraphExplorerPresets.ps1 | 2 +- .../Invoke-ListInactiveAccounts.ps1 | 4 ++-- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 4 ++-- .../Public/GraphHelper/Write-AlertMessage.ps1 | 4 ++-- Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 | 8 +++---- .../Public/Invoke-RemoveBPATemplate.ps1 | 8 +++---- .../CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 | 8 +++---- .../Public/Invoke-RemoveCATemplate.ps1 | 8 +++---- .../Invoke-RemoveConnectionfilterTemplate.ps1 | 8 +++---- .../CIPPCore/Public/Invoke-RemoveContact.ps1 | 8 +++---- .../Public/Invoke-RemoveExConnector.ps1 | 2 +- .../Invoke-RemoveExConnectorTemplate.ps1 | 8 +++---- .../Public/Invoke-RemoveGroupTemplate.ps1 | 8 +++---- .../Public/Invoke-RemoveIntuneTemplate.ps1 | 8 +++---- .../CIPPCore/Public/Invoke-RemovePolicy.ps1 | 2 +- .../Public/Invoke-RemoveQueuedApp.ps1 | 8 +++---- .../Public/Invoke-RemoveSpamfilter.ps1 | 8 +++---- .../Invoke-RemoveSpamfilterTemplate.ps1 | 8 +++---- .../CIPPCore/Public/Invoke-RemoveStandard.ps1 | 8 +++---- .../Public/Invoke-RemoveStandardTemplate.ps1 | 8 +++---- .../Public/Invoke-RemoveTransportRule.ps1 | 2 +- .../Invoke-RemoveTransportRuleTemplate.ps1 | 8 +++---- Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 | 8 +++---- Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 16 ++++++------- .../CIPPCore/Public/New-CIPPRestoreTask.ps1 | 24 +++++++++---------- .../CIPPCore/Public/Set-CIPPCPVConsent.ps1 | 6 ++--- .../Set-CIPPDefaultAPDeploymentProfile.ps1 | 10 ++++---- .../Public/Set-CIPPDefaultAPEnrollment.ps1 | 6 ++--- .../Public/Set-CIPPIntuneTemplate.ps1 | 2 +- .../Public/Set-CIPPMailboxArchive.ps1 | 6 ++--- .../CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 | 2 +- .../CIPPCore/Public/Set-CIPPUserLicense.ps1 | 4 ++-- ...-CIPPStandardConditionalAccessTemplate.ps1 | 2 +- .../Public/Test-CIPPAccessPermissions.ps1 | 8 +++---- .../Invoke-CIPPGraphWebhookRenewal.ps1 | 6 ++--- .../Gradient/New-GradientServiceSyncRun.ps1 | 4 ++-- .../NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 | 10 ++++---- .../Invoke-NinjaOneExtensionScheduler.ps1 | 6 ++--- .../NinjaOne/Invoke-NinjaOneOrgMapping.ps1 | 2 +- .../Invoke-NinjaOneOrgMappingTenant.ps1 | 4 ++-- .../Public/NinjaOne/Invoke-NinjaOneSync.ps1 | 2 +- .../NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 6 ++--- 103 files changed, 263 insertions(+), 263 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 index f10665096d54..19b2b715bf91 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 @@ -15,7 +15,7 @@ Function Invoke-GetCippAlerts { $PartitionKey = Get-Date -UFormat '%Y%m%d' $Filter = "PartitionKey eq '{0}'" -f $PartitionKey $Rows = Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TableTimestamp -Descending | Select-Object -First 10 - $role = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userRoles + $role = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Request.Headers)) | ConvertFrom-Json).userRoles $CIPPVersion = $Request.Query.localversion $Version = Assert-CippVersion -CIPPVersion $CIPPVersion diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1 index 3fcce60e2d53..22a8eb024ce9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-RemoveScheduledItem.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemoveScheduledItem { param($Request, $TriggerMetadata) $APIName = 'RemoveScheduledItem' - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers $task = @{ RowKey = $Request.Query.id ? $Request.Query.id : $Request.Body.id @@ -20,7 +20,7 @@ Function Invoke-RemoveScheduledItem { $Table = Get-CIPPTable -TableName 'ScheduledTasks' Remove-AzDataTableEntity -Force @Table -Entity $task - Write-LogMessage -user $User -API $APINAME -message "Task removed: $($task.RowKey)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Task removed: $($task.RowKey)" -Sev 'Info' Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 6e47b44c185e..28b9ec5f0ef3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAccessChecks { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers$Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -tablename 'AccessChecks' $LastRun = (Get-Date).ToUniversalTime() @@ -25,7 +25,7 @@ Function Invoke-ExecAccessChecks { $Results = $null } if (!$Results) { - $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -Headers $Request.Headers.'x-ms-client-principal' + $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -Headers $Request.Headers } else { try { $LastRun = [DateTime]::SpecifyKind($Cache.Timestamp.DateTime, [DateTimeKind]::Utc) @@ -34,7 +34,7 @@ Function Invoke-ExecAccessChecks { } } } else { - $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -Headers $Request.Headers.'x-ms-client-principal' + $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -Headers $Request.Headers } } 'Tenants' { @@ -82,12 +82,12 @@ Function Invoke-ExecAccessChecks { } if ($Request.Query.SkipCache -eq 'true' -or $Request.Query.SkipCache -eq $true) { - $Message = Test-CIPPAccessTenant -Headers $Request.Headers.'x-ms-client-principal' + $Message = Test-CIPPAccessTenant -Headers $Request.Headers } if ($Request.Body.TenantId) { $Tenant = Get-Tenants -TenantFilter $Request.Body.TenantId - $null = Test-CIPPAccessTenant -Tenant $Tenant.customerId -Headers $Request.Headers.'x-ms-client-principal' + $null = Test-CIPPAccessTenant -Tenant $Tenant.customerId -Headers $Request.Headers $Results = "Refreshing tenant $($Tenant.displayName)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 index 28feb2af77ae..37ccb5f4e4e5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecExcludeTenant { Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $user = $request.headers.'x-ms-client-principal' + $user = $Request.Headers $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails $date = (Get-Date).tostring('yyyy-MM-dd') $TenantsTable = Get-CippTable -tablename Tenants diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 index 5dd16e8d7339..c2db728749b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddRoomMailbox.ps1 @@ -11,9 +11,9 @@ Function Invoke-AddRoomMailbox { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -34,7 +34,7 @@ Function Invoke-AddRoomMailbox { try { $AddRoomRequest = New-ExoRequest -tenantid $Tenant -cmdlet 'New-Mailbox' -cmdparams $AddRoomParams $Results.Add("Successfully created room: $($MailboxObject.DisplayName).") - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Created room $($MailboxObject.DisplayName) with id $($AddRoomRequest.id)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Created room $($MailboxObject.DisplayName) with id $($AddRoomRequest.id)" -Sev 'Info' # Block sign-in for the mailbox try { @@ -47,7 +47,7 @@ Function Invoke-AddRoomMailbox { $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Failed to create room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Failed to create room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Results.Add("Failed to create Room mailbox $($MailboxObject.userPrincipalName). $($ErrorMessage.NormalizedError)") $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 index 32213b5541c0..d79795c18fa0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 @@ -11,9 +11,9 @@ Function Invoke-AddSharedMailbox { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -34,7 +34,7 @@ Function Invoke-AddSharedMailbox { } $AddSharedRequest = New-ExoRequest -tenantid $Tenant -cmdlet 'New-Mailbox' -cmdparams $BodyToShip $Body = $Results.add("Successfully created shared mailbox: $Email.") - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Created shared mailbox $($MailboxObject.displayname) with email $Email" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Created shared mailbox $($MailboxObject.displayname) with email $Email" -Sev 'Info' # Block sign-in for the mailbox try { @@ -42,7 +42,7 @@ Function Invoke-AddSharedMailbox { $Body = $Results.add("Blocked sign-in for shared mailbox $Email") } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Failed to block sign-in for shared mailbox $Email. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Failed to block sign-in for shared mailbox $Email. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Body = $Results.add("Failed to block sign-in for shared mailbox $Email. Error: $($ErrorMessage.NormalizedError)") } @@ -55,19 +55,19 @@ Function Invoke-AddSharedMailbox { 'EmailAddresses' = @{'@odata.type' = '#Exchange.GenericHashTable'; Add = $Aliases } } $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdparams $AliasBodyToShip -UseSystemMailbox $true - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Added aliases to $Email : $($Aliases -join ',')" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Added aliases to $Email : $($Aliases -join ',')" -Sev 'Info' $Body = $results.add("Added Aliases to $Email : $($Aliases -join ',')") } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Failed to add aliases to $Email : $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Failed to add aliases to $Email : $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Body = $results.add("ERROR: Failed to add aliases to $Email : $($ErrorMessage.NormalizedError)") } } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Failed to create shared mailbox. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Failed to create shared mailbox. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Body = $Results.add("Failed to create Shared Mailbox. $($ErrorMessage.NormalizedError)") $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 index 69d404be047e..55518c7ea264 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 @@ -11,8 +11,8 @@ Function Invoke-AddTransportRule { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExetutingUser = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $ExetutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExetutingUser = $Request.Headers + Write-LogMessage -Headers$ExetutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, HasSenderOverride, ExceptIfHasSenderOverride, ExceptIfMessageContainsDataClassifications, MessageContainsDataClassifications @@ -31,11 +31,11 @@ Function Invoke-AddTransportRule { "Successfully created transport rule for $tenantFilter." } - Write-LogMessage -user $ExetutingUser -API $APINAME -tenant $tenantFilter -message "Created transport rule for $($tenantFilter)" -sev Info + Write-LogMessage -Headers$ExetutingUser -API $APINAME -tenant $tenantFilter -message "Created transport rule for $($tenantFilter)" -sev Info } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not create transport rule for $($tenantFilter): $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $ExetutingUser -API $APINAME -tenant $tenantFilter -message "Could not create transport rule for $($tenantFilter). Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$ExetutingUser -API $APINAME -tenant $tenantFilter -message "Could not create transport rule for $($tenantFilter). Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index b403d1f904ac..4c66ca145b1b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-AddTransportTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host ($request | ConvertTo-Json -Depth 10 -Compress) try { @@ -35,12 +35,12 @@ Function Invoke-AddTransportTemplate { RowKey = "$GUID" PartitionKey = 'TransportTemplate' } - Write-LogMessage -user $Headers -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug + Write-LogMessage -Headers$Headers -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug $body = [pscustomobject]@{'Results' = "Created Transport Rule Template $($Request.body.name) with GUID $GUID" } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $Headers -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" } $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 index 84c93eec0728..65ef714d8e3e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 @@ -12,8 +12,8 @@ Function Invoke-EditContact { $APIName = $Request.Params.CIPPEndpoint $TenantID = $Request.body.tenantID - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { # Extract contact information from the request body @@ -43,13 +43,13 @@ Function Invoke-EditContact { $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-Contact' -cmdParams $bodyForSetContact -UseSystemMailbox $true $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-MailContact' -cmdParams @{Identity = $contactInfo.ContactID; HiddenFromAddressListsEnabled = [System.Convert]::ToBoolean($contactInfo.hidefromGAL) } -UseSystemMailbox $true $Results = "Successfully edited contact $($contactInfo.DisplayName)" - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantID -message $Results -Sev Info + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantID -message $Results -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Failed to edit contact. $($ErrorMessage.NormalizedError)" - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::InternalServerError } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 index a39aafdc75f8..a5aa5f64dffd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 @@ -11,8 +11,8 @@ Function Invoke-EditExConnector { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter try { $ConnectorState = $Request.Query.State ?? $Request.Body.State @@ -25,11 +25,11 @@ Function Invoke-EditExConnector { } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "Set-$($Type)Connector" -cmdParams $params -UseSystemMailbox $true $Result = "Set Connector $($Guid) to $($ConnectorState)" - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CIPPException -Exception $_ - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index d4084bfc3995..57ffb6dfd40a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -11,8 +11,8 @@ Function Invoke-EditTransportRule { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter $Identity = $Request.Query.guid ?? $Request.body.guid @@ -26,11 +26,11 @@ Function Invoke-EditTransportRule { $cmdlet = if ($State -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true $Result = "Set transport rule $($Identity) to $($State)" - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message $Result -sev Info + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message $Result -sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 index b8e1ec132321..0631d7afa78a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoRoomMailbox.ps1 @@ -11,8 +11,8 @@ Function Invoke-ExecConvertToRoomMailbox { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 index da49b84a4426..b704bac3dd5b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 @@ -12,8 +12,8 @@ Function Invoke-ExecConverttoSharedMailbox { $APIName = $Request.Params.CIPPEndpoint $Tenant = $Request.query.TenantFilter - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 index 763c1fd3d8b9..f3f9b27e6b11 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 @@ -21,7 +21,7 @@ Function Invoke-ExecCopyForSent { # Interact with query parameters or the body of the request. Try { $MessageCopyForSentAsEnabled = if ($request.query.MessageCopyForSentAsEnabled -eq 'false') { 'false' } else { 'true' } - $MessageResult = Set-CIPPMessageCopy -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -MessageCopyForSentAsEnabled $MessageCopyForSentAsEnabled + $MessageResult = Set-CIPPMessageCopy -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $Request.Headers -MessageCopyForSentAsEnabled $MessageCopyForSentAsEnabled $Results = [pscustomobject]@{'Results' = "$MessageResult" } } catch { $Results = [pscustomobject]@{'Results' = "set MessageCopyForSentAsEnabled to $MessageCopyForSentAsEnabled failed - $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 index 1978a6b97b44..955606318b02 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecEmailForward { if ($ForwardOption -eq 'internalAddress') { try { - Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -Forward $ForwardingAddress -keepCopy $KeepCopy + Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers -Forward $ForwardingAddress -keepCopy $KeepCopy if (-not $request.body.KeepCopy) { $results = "Forwarding all email for $($username) to $($ForwardingAddress) and not keeping a copy" } else { @@ -35,7 +35,7 @@ Function Invoke-ExecEmailForward { if ($ForwardOption -eq 'ExternalAddress') { try { - Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -forwardingSMTPAddress $ForwardingSMTPAddress -keepCopy $KeepCopy + Set-CIPPForwarding -userid $username -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers -forwardingSMTPAddress $ForwardingSMTPAddress -keepCopy $KeepCopy if (-not $request.body.KeepCopy) { $results = "Forwarding all email for $($username) to $($ForwardingSMTPAddress) and not keeping a copy" } else { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 index 5496c7706e93..599b50ee0f34 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecEnableArchive { # Interact with query parameters or the body of the request. Try { - $ResultsArch = Set-CIPPMailboxArchive -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -ArchiveEnabled $true + $ResultsArch = Set-CIPPMailboxArchive -userid $Request.query.id -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $Request.Headers -ArchiveEnabled $true $Results = [pscustomobject]@{'Results' = "$ResultsArch" } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 index 5bd4bec010b9..5d7c0c45bc92 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecGroupsDeliveryManagement { # Interact with query parameters or the body of the request. Try { - $SetResults = Set-CIPPGroupAuthentication -ID $Request.query.id -GroupType $Request.query.GroupType -OnlyAllowInternalString $Request.query.OnlyAllowInternal -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $SetResults = Set-CIPPGroupAuthentication -ID $Request.query.id -GroupType $Request.query.GroupType -OnlyAllowInternalString $Request.query.OnlyAllowInternal -tenantFilter $Request.query.TenantFilter -APIName $APINAME -Headers $Request.Headers $Results = [pscustomobject]@{'Results' = $SetResults } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 index 3ba69134dbc2..b8bfa298cf6c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 @@ -15,7 +15,7 @@ Function Invoke-ExecGroupsHideFromGAL { # Interact with query parameters or the body of the request. Try { - $GroupStatus = Set-CIPPGroupGAL -Id $Request.query.id -tenantFilter $Request.query.TenantFilter -GroupType $Request.query.groupType -HiddenString $Request.query.HidefromGAL -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $GroupStatus = Set-CIPPGroupGAL -Id $Request.query.id -tenantFilter $Request.query.TenantFilter -GroupType $Request.query.groupType -HiddenString $Request.query.HidefromGAL -APIName $APINAME -Headers $Request.Headers $Results = [pscustomobject]@{'Results' = $GroupStatus } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index e161213ffa0f..012e9abb23be 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -10,9 +10,9 @@ Function Invoke-ExecHideFromGAL { [CmdletBinding()] param($Request, $TriggerMetadata) - $Headers = $Request.headers.'x-ms-client-principal' + $Headers = $Request.Headers $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 index 006ee82b7132..5d752378f18a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecMailboxMobileDevices { # Interact with query parameters or the body of the request. Try { - $MobileResults = Set-CIPPMobileDevice -UserId $request.query.Userid -Guid $request.query.guid -DeviceId $request.query.deviceid -Quarantine $request.query.Quarantine -tenantFilter $request.query.tenantfilter -APIName $APINAME -Delete $Request.query.Delete -Headers $request.headers.'x-ms-client-principal' + $MobileResults = Set-CIPPMobileDevice -UserId $request.query.Userid -Guid $request.query.guid -DeviceId $request.query.deviceid -Quarantine $request.query.Quarantine -tenantFilter $request.query.tenantfilter -APIName $APINAME -Delete $Request.query.Delete -Headers $Request.Headers $Results = [pscustomobject]@{'Results' = $MobileResults } } catch { $Results = [pscustomobject]@{'Results' = "Failed $($request.query.Userid): $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 index f802a879922e..530767520c08 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 @@ -16,8 +16,8 @@ Function Invoke-ExecRemoveMailboxRule { $RuleId = $Request.Query.ruleId $Username = $Request.Query.userPrincipalName - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -tenant $TenantFilter -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -tenant $TenantFilter -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 index 32a9e43849d3..f7d1c12ba762 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxLocale.ps1 @@ -12,8 +12,8 @@ Function Invoke-ExecSetMailboxLocale { $APIName = $Request.Params.CIPPEndpoint $Tenant = $Request.body.TenantFilter - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 index 5863faba10ec..1b60c5f7b8c0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 @@ -25,9 +25,9 @@ Function Invoke-ExecSetOoO { $Results = try { if ($Request.Body.AutoReplyState.value -ne 'Scheduled') { - Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'X-MS-CLIENT-PRINCIPAL' -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -State $Request.Body.AutoReplyState.value + Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -State $Request.Body.AutoReplyState.value } else { - Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'X-MS-CLIENT-PRINCIPAL' -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -StartTime $StartTime -EndTime $EndTime -State $Request.Body.AutoReplyState.value + Set-CIPPOutOfOffice -userid $Username -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers -InternalMessage $InternalMessage -ExternalMessage $ExternalMessage -StartTime $StartTime -EndTime $EndTime -State $Request.Body.AutoReplyState.value } } catch { "Could not add out of office message for $($username). Error: $($_.Exception.Message)" diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 index 9bc882da0b86..962d6a02d316 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecStartManagedFolderAssistant.ps1 @@ -11,9 +11,9 @@ Function Invoke-ExecStartManagedFolderAssistant { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers $Tenant = $Request.query.TenantFilter - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' @@ -27,7 +27,7 @@ Function Invoke-ExecStartManagedFolderAssistant { $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $Tenant -message "Failed to create room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $Tenant -message "Failed to create room: $($MailboxObject.DisplayName). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Results.Add("Failed to start Managed Folder Assistant for mailbox $($Request.query.id). Error: $($ErrorMessage.NormalizedError)") $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 index 827e0ba245f7..7c4bede0f71d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 @@ -11,8 +11,8 @@ Function Invoke-ListGlobalAddressList { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 index d44bfd360180..3fe5c9a4a15b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListOoO { $APIName = $Request.Params.CIPPEndpoint $Tenantfilter = $request.query.tenantFilter try { - $Body = Get-CIPPOutOfOffice -userid $Request.query.userid -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $Body = Get-CIPPOutOfOffice -userid $Request.query.userid -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message $Body = [pscustomobject]@{'Results' = "Failed. $ErrorMessage" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 index e34032ddb2db..2318ec44da7c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 @@ -10,8 +10,8 @@ Function Invoke-ExecAssignAPDevice { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.tenantFilter @@ -24,12 +24,12 @@ Function Invoke-ExecAssignAPDevice { addressableUserName = $UserObject.addressableUserName } | ConvertTo-Json New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($DeviceObject)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST | Out-Null - Write-LogMessage -user $User -API $APINAME -message "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" -Sev Info + Write-LogMessage -Headers $User -API $APINAME -message "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" -Sev Info $Results = "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Results = "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" $StatusCode = [HttpStatusCode]::BadRequest } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 index c88c9a81a6e4..62e40ea9b6b5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 @@ -11,8 +11,8 @@ function Invoke-EditIntuneScript { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug $graphUrl = "https://graph.microsoft.com/beta" switch($Request.Method) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 index 5083a97affb4..5057a2d7470f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 @@ -29,7 +29,7 @@ Function Invoke-ExecDeviceAction { ActionBody = $ActionBody DeviceFilter = $Request.Body.GUID TenantFilter = $Request.Body.TenantFilter - Headers = $request.headers.'x-ms-client-principal' + Headers = $Request.Headers APINAME = $APINAME } $ActionResult = New-CIPPDeviceAction @cmdparams diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 index 9cb60cffef8b..4a361359e20f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 @@ -13,7 +13,7 @@ Function Invoke-ExecGetLocalAdminPassword { $APIName = $Request.Params.CIPPEndpoint try { - $GraphRequest = Get-CIPPLapsPassword -device $($request.body.guid) -tenantFilter $Request.body.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $GraphRequest = Get-CIPPLapsPassword -device $($request.body.guid) -tenantFilter $Request.body.TenantFilter -APIName $APINAME -Headers $Request.Headers $Body = [pscustomobject]@{'Results' = $GraphRequest } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 index 1c9464edd007..9d7eed11b7fb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 @@ -20,7 +20,7 @@ Function Invoke-ExecGetRecoveryKey { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $GraphRequest = Get-CIPPBitlockerKey -device $Request.query.GUID -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $GraphRequest = Get-CIPPBitlockerKey -device $Request.query.GUID -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers $Body = [pscustomobject]@{'Results' = $GraphRequest } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 index 06792730345f..3964e4d0703f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 @@ -11,8 +11,8 @@ function Invoke-ListIntuneScript { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 index 5c8344c7e831..8dba97dd023c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 @@ -11,8 +11,8 @@ function Invoke-RemoveIntuneScript { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 3a920cccb73a..40153172c9ad 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -11,8 +11,8 @@ Function Invoke-ExecDeviceDelete { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with body parameters or the body of the request. $TenantFilter = $Request.body.tenantFilter ?? $Request.Query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 index e711afe05ab4..a2ac5ca43077 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 @@ -156,7 +156,7 @@ Function Invoke-EditGroup { if ($userobj.allowExternal -eq 'true') { try { - Set-CIPPGroupAuthentication -ID $userobj.mail -GroupType $GroupType -tenantFilter $TenantId -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + Set-CIPPGroupAuthentication -ID $userobj.mail -GroupType $GroupType -tenantFilter $TenantId -APIName $APINAME -Headers $Request.Headers $body = $results.add("Allowed external senders to send to $($userobj.mail).") } catch { $body = $results.add("Failed to allow external senders to send to $($userobj.mail).") diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 index 5f00967df60b..aaf0fd5f0a15 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 @@ -11,7 +11,7 @@ Function Invoke-EditUser { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $Request.headers.'x-ms-client-principal' + $User = $Request.Headers Write-LogMessage -headers $Request.headers -API $ApiName -message 'Accessed this API' -Sev 'Debug' $UserObj = $Request.body diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 index 8293e259699e..20927bbfa3ec 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 @@ -11,9 +11,9 @@ Function Invoke-ExecBECRemediate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' Write-Host 'PowerShell HTTP trigger function processed a request.' $TenantFilter = $request.body.tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 index e86c61eed528..4fc76d7300a6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 @@ -15,7 +15,7 @@ Function Invoke-ExecCreateTAP { # Interact with query parameters or the body of the request. try { - $TAP = New-CIPPTAP -userid $Request.query.ID -TenantFilter $Request.query.tenantfilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $TAP = New-CIPPTAP -userid $Request.query.ID -TenantFilter $Request.query.tenantfilter -APIName $APINAME -Headers $Request.Headers $Results = [pscustomobject]@{'Results' = $TAP } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 index e2739a3a6f92..31aeb9f5d45f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecDisableUser { $APIName = $Request.Params.CIPPEndpoint try { - $State = Set-CIPPSignInState -userid $Request.query.ID -TenantFilter $Request.Query.TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -AccountEnabled ([System.Convert]::ToBoolean($Request.Query.Enable)) + $State = Set-CIPPSignInState -userid $Request.query.ID -TenantFilter $Request.Query.TenantFilter -APIName $APINAME -Headers $Request.Headers -AccountEnabled ([System.Convert]::ToBoolean($Request.Query.Enable)) $Results = [pscustomobject]@{'Results' = "$State" } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 index 1ef908304c17..ac6b85aaf80a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 @@ -11,9 +11,9 @@ Function Invoke-ExecJITAdmin { param($Request, $TriggerMetadata) $APIName = 'ExecJITAdmin' - $User = $Request.Headers.'x-ms-client-principal' + $User = $Request.Headers $TenantFilter = $Request.body.TenantFilter.value ? $Request.body.TenantFilter.value : $Request.body.TenantFilter - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($Request.Query.Action -eq 'List') { $Schema = Get-CIPPSchemaExtensions | Where-Object { $_.id -match '_cippUser' } @@ -63,14 +63,14 @@ Function Invoke-ExecJITAdmin { if ($Request.Body.existingUser.value -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') { $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.Body.existingUser.value)" -tenantid $TenantFilter).userPrincipalName } - Write-LogMessage -user $User -API $APINAME -message "Executing JIT Admin for $Username" -tenant $TenantFilter -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Executing JIT Admin for $Username" -tenant $TenantFilter -Sev 'Info' $Start = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.StartDate)).DateTime.ToLocalTime() $Expiration = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.EndDate)).DateTime.ToLocalTime() $Results = [System.Collections.Generic.List[string]]::new() if ($Request.Body.useraction -eq 'Create') { - Write-LogMessage -user $User -API $APINAME -tenant $TenantFilter -message "Creating JIT Admin user $($Request.Body.Username)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $TenantFilter -message "Creating JIT Admin user $($Request.Body.Username)" -Sev 'Info' Write-Information "Creating JIT Admin user $($Request.Body.username)" $JITAdmin = @{ User = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 index 2a0028b3952b..7030dac2a4da 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 @@ -14,7 +14,7 @@ Function Invoke-ExecOneDriveShortCut { Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' Try { - $MessageResult = New-CIPPOneDriveShortCut -username $Request.Body.username -userid $Request.Body.userid -TenantFilter $Request.Body.tenantFilter -URL $Request.Body.siteUrl.value -Headers $request.headers.'x-ms-client-principal' + $MessageResult = New-CIPPOneDriveShortCut -username $Request.Body.username -userid $Request.Body.userid -TenantFilter $Request.Body.tenantFilter -URL $Request.Body.siteUrl.value -Headers $Request.Headers $Results = [pscustomobject]@{ 'Results' = "$MessageResult" } } catch { $Results = [pscustomobject]@{'Results' = "OneDrive Shortcut creation failed: $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 index dbc29fe0cad1..d86806c39f68 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOnedriveProvision.ps1 @@ -13,7 +13,7 @@ Function Invoke-ExecOneDriveProvision { $APIName = $Request.Params.CIPPEndpoint $Params = $Request.Body ?? $Request.Query try { - $State = Request-CIPPSPOPersonalSite -TenantFilter $Params.TenantFilter -UserEmails $Params.UserPrincipalName -Headers $Request.Headers.'x-ms-client-principal' -APIName $APINAME + $State = Request-CIPPSPOPersonalSite -TenantFilter $Params.TenantFilter -UserEmails $Params.UserPrincipalName -Headers $Request.Headers -APIName $APINAME $Results = [pscustomobject]@{'Results' = "$State" } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 index 8a45f34daa58..5dbea9130edd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFA.ps1 @@ -15,7 +15,7 @@ function Invoke-ExecPerUserMFA { userId = $Request.Body.userId TenantFilter = $Request.Body.TenantFilter State = $Request.Body.State.value ? $Request.Body.State.value : $Request.Body.State - Headers = $Request.Headers.'x-ms-client-principal' + Headers = $Request.Headers } $Result = Set-CIPPPerUserMFA @Request $Body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 index 32f51b16d01d..f1eec308807f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 @@ -16,7 +16,7 @@ function Invoke-ExecPerUserMFAAllUsers { userId = $Users.id TenantFilter = $tenantfilter State = $Request.query.State - Headers = $Request.Headers.'x-ms-client-principal' + Headers = $Request.Headers } $Result = Set-CIPPPerUserMFA @Request $Body = @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 index 1f706ce54164..f7ecd21d59e9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 @@ -19,7 +19,7 @@ Function Invoke-ExecResetMFA { try { $Body = @{ - Results = Remove-CIPPUserMFA -UserPrincipalName $UserID -TenantFilter $TenantFilter -Headers $request.headers.'x-ms-client-principal' + Results = Remove-CIPPUserMFA -UserPrincipalName $UserID -TenantFilter $TenantFilter -Headers $Request.Headers } } catch { $Body = [pscustomobject]@{'Results' = "Failed to reset MFA methods for $($Request.Query.ID): $(Get-NormalizedError -message $_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 index 4c4774959b29..60f78066ef3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 @@ -22,7 +22,7 @@ Function Invoke-ExecResetPass { $mustChange = [System.Convert]::ToBoolean($request.query.MustChange) try { - $Reset = Set-CIPPResetPassword -userid $Request.query.ID -tenantFilter $TenantFilter -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' -forceChangePasswordNextSignIn $mustChange + $Reset = Set-CIPPResetPassword -userid $Request.query.ID -tenantFilter $TenantFilter -APIName $APINAME -Headers $Request.Headers -forceChangePasswordNextSignIn $mustChange $Results = [pscustomobject]@{'Results' = $Reset } } catch { $Results = [pscustomobject]@{'Results' = "Failed to reset password for $($Request.query.displayName): $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 index 103d70396c5b..0c1b8bc5210d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 @@ -16,7 +16,7 @@ Function Invoke-ExecRevokeSessions { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter try { - $RevokeSessions = Revoke-CIPPSessions -userid $Request.Query.id -tenantFilter $TenantFilter -username $Request.Query.Username -APIName $APINAME -Headers $request.headers.'x-ms-client-principal' + $RevokeSessions = Revoke-CIPPSessions -userid $Request.Query.id -tenantFilter $TenantFilter -username $Request.Query.Username -APIName $APINAME -Headers $Request.Headers $Results = [pscustomobject]@{'Results' = $RevokeSessions } } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 index 74aac56d2527..7bc8db4c1fd7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 @@ -11,8 +11,8 @@ function Invoke-ListPerUserMFA { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 index 959abffe0ab7..a264dc39f8c6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 @@ -11,8 +11,8 @@ Function Invoke-ListUserMailboxRules { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. @@ -26,7 +26,7 @@ Function Invoke-ListUserMailboxRules { $GraphRequest = New-ExoRequest -Anchor $UserID -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{mailbox = $UserID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' -and $_.Name -notlike 'Microsoft.Exchange.OOF.*' } | Select-Object * -ExcludeProperty RuleIdentity } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to retrieve mailbox rules $($UserEmail): $($ErrorMessage.NormalizedError) " -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to retrieve mailbox rules $($UserEmail): $($ErrorMessage.NormalizedError) " -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = '500' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 index 72315cfd8bca..95d28974891d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 @@ -12,8 +12,8 @@ Function Invoke-ExecSetSharePointMember { $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 index ced34984f8e7..f6a8fb304158 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 @@ -12,9 +12,9 @@ Function Invoke-ExecSharePointPerms { $APIName = $Request.Params.CIPPEndpoint $tenantFilter = $Request.Body.tenantFilter - $Headers = $Request.Headers.'x-ms-client-principal' + $Headers = $Request.Headers - Write-LogMessage -user $Headers -API $APIName -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers$Headers -API $APIName -message 'Accessed this API' -Sev Debug # The UPN or ID of the users OneDrive we are changing permissions on $UserId = $Request.body.UPN diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 index 768c8879fccd..11a37aa029bf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 @@ -11,8 +11,8 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Identity = $Request.Body.input.value $tenantFilter = $Request.Body.TenantFilter @@ -24,12 +24,12 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { $null = New-TeamsRequest -TenantFilter $TenantFilter -Cmdlet 'Set-CsPhoneNumberAssignment' -CmdParams @{Identity = $Identity; PhoneNumber = $Request.Body.PhoneNumber; PhoneNumberType = $Request.Body.PhoneNumberType; ErrorAction = 'stop' } $Results = [pscustomobject]@{'Results' = "Successfully assigned $($Request.Body.PhoneNumber) to $($Identity)" } } - Write-LogMessage -user $Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Info + Write-LogMessage -Headers$Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = [pscustomobject]@{'Results' = $ErrorMessage.NormalizedError } - Write-LogMessage -user $Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 index aa2fa8806887..ca8aedef3d0f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 @@ -50,7 +50,7 @@ function Invoke-ListAppConsentRequests { $StatusCode = [HttpStatusCode]::OK } catch { $StatusCode = [HttpStatusCode]::OK - Write-LogMessage -user $Headers -API $APIName -message 'app consent request list failed' -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -Headers$Headers -API $APIName -message 'app consent request list failed' -Sev 'Error' -tenant $TenantFilter $Results = @{ appDisplayName = "Error: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 index a65ca0781160..1b7b990ecb1a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 @@ -18,7 +18,7 @@ Function Invoke-AddCAPolicy { $results = foreach ($Tenant in $tenants) { try { - $CAPolicy = New-CIPPCAPolicy -replacePattern $Request.body.replacename -Overwrite $request.body.overwrite -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -Headers $request.headers.'x-ms-client-principal' + $CAPolicy = New-CIPPCAPolicy -replacePattern $Request.body.replacename -Overwrite $request.body.overwrite -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -Headers $Request.Headers Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($Displayname)" -Sev 'Info' "Successfully added Conditional Access Policy for $($Tenant)" } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 index a063eb7c5ece..003dd4e9a2b6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 @@ -41,7 +41,7 @@ Function Invoke-ExecCAExclusion { Add-CIPPScheduledTask -Task $TaskBody -hidden $false $body = @{ Results = "Successfully added vacation mode schedule for $Username." } } else { - Set-CIPPCAExclusion -TenantFilter $Request.body.TenantFilter -ExclusionType $Request.body.ExclusionType -UserID $Request.body.UserID -PolicyId $Request.body.PolicyId -Headers $request.headers.'x-ms-client-principal' -UserName $Username + Set-CIPPCAExclusion -TenantFilter $Request.body.TenantFilter -ExclusionType $Request.body.ExclusionType -UserID $Request.body.UserID -PolicyId $Request.body.PolicyId -Headers $Request.Headers -UserName $Username } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 index 5ce1ded7bb39..8cd1f2341fd4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecNamedLocation.ps1 @@ -23,7 +23,7 @@ Function Invoke-ExecNamedLocation { $content = $Request.Body.input ?? $Request.Query.input try { - $results = Set-CIPPNamedLocation -NamedLocationId $NamedLocationId -TenantFilter $TenantFilter -change $change -content $content -Headers $request.headers.'x-ms-client-principal' + $results = Set-CIPPNamedLocation -NamedLocationId $NamedLocationId -TenantFilter $TenantFilter -change $change -content $content -Headers $Request.Headers } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -headers $Request.Headers -API $APIName -message "Failed to edit named location: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 index 0f2bdc7ce203..9bcd61679026 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 @@ -10,19 +10,19 @@ Function Invoke-ExecSyncAPDevices { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' + $Headers = $Request.Headers $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug try { $null = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotSettings/sync' -tenantid $TenantFilter $Results = "Successfully Started Sync for $($TenantFilter)" - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message 'Successfully started Autopilot sync' -Sev Info + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message 'Successfully started Autopilot sync' -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Failed to start sync for $TenantFilter. Did you try syncing in the last 10 minutes?" - Write-LogMessage -user $Headers -API $APINAME -tenant $TenantFilter -message 'Failed to start Autopilot sync. Did you try syncing in the last 10 minutes?' -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message 'Failed to start Autopilot sync. Did you try syncing in the last 10 minutes?' -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 index f11759d45324..d347d44a0d07 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 @@ -11,9 +11,9 @@ Function Invoke-ListAzureADConnectStatus { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' + $Headers = $Request.Headers $TenantFilter = $Request.Query.TenantFilter - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $DataToReturn = $Request.Query.DataToReturn diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 index 6a995051cb66..4e979231d7d1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 @@ -12,8 +12,8 @@ Function Invoke-ListDefenderTVM { $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 index 90c085efa367..f2920298a01c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 @@ -12,8 +12,8 @@ Function Invoke-ListDeletedItems { $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $Types = 'Application', 'User', 'Device', 'Group' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 index 580e4efc28c9..8a6696f9c627 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 @@ -11,8 +11,8 @@ Function Invoke-ListExchangeConnectors { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $request.Query.tenantFilter $Results = try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 index 00bde1a68df3..d899116de6b1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListGraphExplorerPresets { $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails + $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Request.Headers)) | ConvertFrom-Json).userDetails try { $Table = Get-CIPPTable -TableName 'GraphPresets' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 index 2bd26015ed03..a880849cafe5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1 @@ -11,8 +11,8 @@ Function Invoke-ListInactiveAccounts { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 74ab44bca43b..50472c783700 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -10,8 +10,8 @@ Function Invoke-ListIntunePolicy { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $Headers = $Request.Headers + Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 index 4d9fd8095059..5fa4f9633ff4 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 @@ -10,9 +10,9 @@ function Write-AlertMessage($message, $tenant = 'None', $tenantId = $null) { $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter if (!$ExistingMessage) { Write-Host 'No duplicate message found, writing to log' - Write-LogMessage -message $message -tenant $tenant -sev 'Alert' -tenantId $tenantId -user 'CIPP' -API 'Alerts' + Write-LogMessage -message $message -tenant $tenant -sev 'Alert' -tenantId $tenantId -Headers'CIPP' -API 'Alerts' } else { Write-Host 'Alerts: Duplicate entry found, not writing to log' } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 index a79cefbba3d1..b38057ad16ee 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveApp.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveApp { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter @@ -21,11 +21,11 @@ Function Invoke-RemoveApp { try { #$unAssignRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($policyId)')/assign" -type POST -Body '{"assignments":[]}' -tenant $TenantFilter $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($policyId)" -type DELETE -tenant $TenantFilter - Write-LogMessage -user $User -API $APINAME -message "Deleted $policyId" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -Headers $User -API $APINAME -message "Deleted $policyId" -Sev 'Info' -tenant $TenantFilter $body = [pscustomobject]@{'Results' = 'Successfully deleted the application' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Could not delete app $policyId. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Could not delete app $policyId. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Could not delete this application: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 index 11c2efabf670..376e2a02918e 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveBPATemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveBPATemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.query.TemplateName try { @@ -21,11 +21,11 @@ Function Invoke-RemoveBPATemplate { $Filter = "PartitionKey eq 'BPATemplate' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed BPA Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed BPA Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed BPA Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove BPA template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove BPA template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 index 53f74e9279fa..9d5a9380afcb 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveCAPolicy.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveCAPolicy { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter @@ -20,12 +20,12 @@ Function Invoke-RemoveCAPolicy { if (!$policyId) { exit } try { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/$($policyId)" -type DELETE -tenant $TenantFilter -asapp $true - Write-LogMessage -user $User -API $APINAME -message "Deleted CA Policy $policyId" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -Headers $User -API $APINAME -message "Deleted CA Policy $policyId" -Sev 'Info' -tenant $TenantFilter $body = [pscustomobject]@{'Results' = 'Successfully deleted the policy' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Could not delete CA policy $policyId. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Could not delete CA policy $policyId. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Could not delete policy: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 index 1c497724f77d..d355cf2a2235 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveCATemplate.ps1 @@ -11,9 +11,9 @@ Function Invoke-RemoveCATemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers $ID = $request.query.id - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { $Table = Get-CippTable -tablename 'templates' @@ -21,11 +21,11 @@ Function Invoke-RemoveCATemplate { $Filter = "PartitionKey eq 'CATemplate' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Conditional Access Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Conditional Access Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Conditional Access Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove Conditional Access template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove Conditional Access template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 index fd4cfe4276ad..a36d7a66d94e 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveConnectionfilterTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveConnectionfilterTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.body.id try { @@ -20,11 +20,11 @@ Function Invoke-RemoveConnectionfilterTemplate { $Filter = "PartitionKey eq 'ConnectionfilterTemplate' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Connection Filter Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Connection Filter Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Connection Filter Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove Connection Filter template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove Connection Filter template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 index fd052cf83ca6..1494650832e9 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveContact.ps1 @@ -12,8 +12,8 @@ Function Invoke-RemoveContact { $APIName = $Request.Params.CIPPEndpoint $Tenantfilter = $request.Query.tenantfilter - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Params = @{ @@ -25,10 +25,10 @@ Function Invoke-RemoveContact { $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet 'Remove-MailContact' -cmdParams $params -UseSystemMailbox $true $Result = "Deleted $($Request.query.guid)" - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Deleted contact $($Request.query.guid)" -sev Debug + Write-LogMessage -Headers $User -API $APIName -tenant $tenantfilter -message "Deleted contact $($Request.query.guid)" -sev Debug } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APIName -tenant $tenantfilter -message "Failed to delete contact $($Request.query.guid). $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APIName -tenant $tenantfilter -message "Failed to delete contact $($Request.query.guid). $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 index 305ce5ba818c..10327d3e50b0 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveExConnector.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemoveExConnector { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' + $Headers = $Request.Headers $TenantFilter = $request.Query.tenantFilter ?? $Request.Body.tenantFilter Write-LogMessage -headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' diff --git a/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 index b6d19f39bd63..72eb798e3930 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveExConnectorTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveExConnectorTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $Request.Query.ID ?? $Request.Body.ID try { @@ -20,11 +20,11 @@ Function Invoke-RemoveExConnectorTemplate { $Filter = "PartitionKey eq 'ExConnectorTemplate' and RowKey eq '$ID'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Exchange Connector Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Exchange Connector Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Exchange Connector Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove Exchange Connector Template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove Exchange Connector Template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 index c2f344a26a7f..bf0c45d1f90d 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveGroupTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveGroupTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.query.id try { @@ -23,11 +23,11 @@ Function Invoke-RemoveGroupTemplate { Write-Host $Filter $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Intune Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Intune Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove intune template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove intune template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 index dbe14276a02e..636cf3fe7cfc 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveIntuneTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveIntuneTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.query.id try { @@ -23,11 +23,11 @@ Function Invoke-RemoveIntuneTemplate { Write-Host $Filter $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Intune Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Intune Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Intune Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove intune template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove intune template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 index 2410c741a5af..2720fda34755 100644 --- a/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemovePolicy.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemovePolicy { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $request.headers.'x-ms-client-principal' + $Headers = $Request.Headers Write-LogMessage -headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 index 81a1f324bf94..d4714f12dc55 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveQueuedApp.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveQueuedApp { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.body.id try { @@ -20,11 +20,11 @@ Function Invoke-RemoveQueuedApp { $Filter = "PartitionKey eq 'apps' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed application queue for $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed application queue for $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed from queue.' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove application queue for $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove application queue for $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove item. $(Get-NormalizedError -message $_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 index fa10a7470d9b..c67bf676a579 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilter.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveSpamfilter { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Tenantfilter = $request.Query.tenantfilter $Params = @{ @@ -25,10 +25,10 @@ Function Invoke-RemoveSpamfilter { $cmdlet = 'Remove-HostedContentFilterPolicy' $null = New-ExoRequest -tenantid $Tenantfilter -cmdlet $cmdlet -cmdParams $params -useSystemmailbox $true $Result = "Deleted $($Request.query.name)" - Write-LogMessage -user $User -API 'TransportRules' -tenant $tenantfilter -message "Deleted transport rule $($Request.query.name)" -sev Debug + Write-LogMessage -Headers $User -API 'TransportRules' -tenant $tenantfilter -message "Deleted transport rule $($Request.query.name)" -sev Debug } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API 'TransportRules' -tenant $tenantfilter -message "Failed deleting transport rule $($Request.query.name). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $User -API 'TransportRules' -tenant $tenantfilter -message "Failed deleting transport rule $($Request.query.name). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 index d843eb67ed4b..c66447217bff 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveSpamfilterTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveSpamfilterTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.body.id try { @@ -20,11 +20,11 @@ Function Invoke-RemoveSpamfilterTemplate { $Filter = "PartitionKey eq 'SpamfilterTemplate' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Spamfilter Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Spamfilter Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully Spamfilter template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove Spam filter Rule template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove Spam filter Rule template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 index 74ea2f7b9ebd..393d6c886c4b 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveStandard.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveStandard { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.query.id try { @@ -20,13 +20,13 @@ Function Invoke-RemoveStandard { $Filter = "PartitionKey eq 'standards' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed standards for $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed standards for $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed standards deployment' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove standard for $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove standard for $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' $body = [pscustomobject]@{'Results' = 'Failed to remove standard)' } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 index d08cf139a390..42f436018037 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveStandardTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveStandardTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $Request.Body.ID ?? $Request.Query.ID try { @@ -20,11 +20,11 @@ Function Invoke-RemoveStandardTemplate { $Filter = "PartitionKey eq 'StandardsTemplateV2' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Standards Template named $($ClearRow.name) and id $($id)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Standards Template named $($ClearRow.name) and id $($id)" -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove Standards template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove Standards template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 index 8f0d4ace12fb..12af2322485a 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRule.ps1 @@ -11,7 +11,7 @@ Function Invoke-RemoveTransportRule { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $Headers = $Request.headers.'x-ms-client-principal' + $Headers = $Request.Headers Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 index 4daa15abae61..a5b744b89b7f 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveTransportRuleTemplate.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveTransportRuleTemplate { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' $ID = $request.query.id ?? $request.body.id try { @@ -20,11 +20,11 @@ Function Invoke-RemoveTransportRuleTemplate { $Filter = "PartitionKey eq 'TransportTemplate' and RowKey eq '$id'" $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey Remove-AzDataTableEntity -Force @Table -Entity $clearRow - Write-LogMessage -user $User -API $APINAME -message "Removed Transport Rule Template with ID $ID." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Removed Transport Rule Template with ID $ID." -Sev 'Info' $body = [pscustomobject]@{'Results' = 'Successfully removed Transport Rule Template' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Failed to remove Transport Rule template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Failed to remove Transport Rule template $ID. $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to remove template: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 b/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 index 2452a112216b..264aeaf9ec9f 100644 --- a/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 +++ b/Modules/CIPPCore/Public/Invoke-RemoveUser.ps1 @@ -11,8 +11,8 @@ Function Invoke-RemoveUser { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $User = $Request.Headers + Write-LogMessage -Headers $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter @@ -20,12 +20,12 @@ Function Invoke-RemoveUser { if (!$userid) { exit } try { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -type DELETE -tenant $TenantFilter - Write-LogMessage -user $User -API $APINAME -message "Deleted $userid" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -Headers $User -API $APINAME -message "Deleted $userid" -Sev 'Info' -tenant $TenantFilter $body = [pscustomobject]@{'Results' = 'Successfully deleted the user.' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Could not delete user $userid. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Could not delete user $userid. $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Could not delete user: $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 10ba89fd3708..11ec25cd0c60 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -11,7 +11,7 @@ function New-CIPPCAPolicy { $Headers ) - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers function Remove-EmptyArrays ($Object) { if ($Object -is [Array]) { @@ -41,11 +41,11 @@ function New-CIPPCAPolicy { param($groupNames) return $groupNames | ForEach-Object { if (Test-IsGuid $_) { - Write-LogMessage -user $User -API $APINAME -message "Already GUID, no need to replace: $_" -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message "Already GUID, no need to replace: $_" -Sev 'Debug' $_ # it's a GUID, so we keep it } else { $groupId = ($groups | Where-Object -Property displayName -EQ $_).id # it's a display name, so we get the group ID - Write-LogMessage -user $User -API $APINAME -message "Replaced group name $_ with ID $groupId" -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message "Replaced group name $_ with ID $groupId" -Sev 'Debug' $groupId } } @@ -79,7 +79,7 @@ function New-CIPPCAPolicy { $Body = ConvertTo-Json -InputObject $JSONObj.GrantControls.authenticationStrength $GraphRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationStrength/policies' -body $body -Type POST -tenantid $tenantfilter $JSONObj.GrantControls.authenticationStrength = @{ id = $ExistingStrength.id } - Write-LogMessage -user $User -API $APINAME -message "Created new Authentication Strength Policy: $($JSONObj.GrantControls.authenticationStrength.displayName)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Created new Authentication Strength Policy: $($JSONObj.GrantControls.authenticationStrength.displayName)" -Sev 'Info' } } @@ -94,13 +94,13 @@ function New-CIPPCAPolicy { id = ($CheckExististing | Where-Object -Property displayName -EQ $Location.displayName).id name = ($CheckExististing | Where-Object -Property displayName -EQ $Location.displayName).displayName } - Write-LogMessage -user $User -API $APINAME -message "Matched a CA policy with the existing Named Location: $($location.displayName)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Matched a CA policy with the existing Named Location: $($location.displayName)" -Sev 'Info' } else { if ($location.countriesAndRegions) { $location.countriesAndRegions = @($location.countriesAndRegions) } $Body = ConvertTo-Json -InputObject $Location $GraphRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -body $body -Type POST -tenantid $tenantfilter - Write-LogMessage -user $User -API $APINAME -message "Created new Named Location: $($location.displayName)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -message "Created new Named Location: $($location.displayName)" -Sev 'Info' [pscustomobject]@{ id = $GraphRequest.id name = $GraphRequest.displayName @@ -193,13 +193,13 @@ function New-CIPPCAPolicy { } else { Write-Host "overwriting $($CheckExististing.id)" $PatchRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($CheckExististing.id)" -tenantid $tenantfilter -type PATCH -body $RawJSON - Write-LogMessage -user $User -API $APINAME -tenant $($Tenant) -message "Updated Conditional Access Policy $($JSONObj.Displayname) to the template standard." -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $($Tenant) -message "Updated Conditional Access Policy $($JSONObj.Displayname) to the template standard." -Sev 'Info' return "Updated policy $displayname for $tenantfilter" } } else { Write-Host 'Creating' $CreateRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies' -tenantid $tenantfilter -type POST -body $RawJSON - Write-LogMessage -user $User -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($JSONObj.Displayname)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($JSONObj.Displayname)" -Sev 'Info' return "Created policy $displayname for $tenantfilter" } } catch { diff --git a/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 b/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 index 798f8d86cd1a..397a8e760ee9 100644 --- a/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 @@ -41,7 +41,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -77,7 +77,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -91,7 +91,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -103,7 +103,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } #Convert the manual method to a function @@ -116,7 +116,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Compliance $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -130,7 +130,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Protection $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -146,7 +146,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } $policyparams = @( @@ -266,7 +266,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -316,7 +316,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -331,7 +331,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } $policyparams = @( @@ -423,7 +423,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -473,7 +473,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -user $Headers -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } diff --git a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 index f14b0a07d603..339e4e278a5a 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 @@ -9,7 +9,7 @@ function Set-CIPPCPVConsent { $Results = [System.Collections.Generic.List[string]]::new() $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter | Select-Object -First 1 $TenantName = $Tenant.displayName - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers if ($TenantFilter -eq $env:TenantID) { return @('Cannot modify CPV consent on partner tenant') @@ -59,7 +59,7 @@ function Set-CIPPCPVConsent { Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force } $Results.add("Successfully added CPV Application to tenant $($TenantName)") | Out-Null - Write-LogMessage -user $User -API $APINAME -message "Added our Service Principal to $($TenantName)" -Sev 'Info' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter + Write-LogMessage -Headers $User -API $APINAME -message "Added our Service Principal to $($TenantName)" -Sev 'Info' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter } catch { $ErrorMessage = Get-CippException -Exception $_ if ($ErrorMessage.NormalizedError -like '*Permission entry already exists*') { @@ -75,7 +75,7 @@ function Set-CIPPCPVConsent { Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force return @("We've already added our Service Principal to $($TenantName)") } - Write-LogMessage -user $User -API $APINAME -message "Could not add our Service Principal to the client tenant $($TenantName): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Could not add our Service Principal to the client tenant $($TenantName): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter -LogData $ErrorMessage return @("Could not add our Service Principal to the client tenant $($TenantName). Error: $($ErrorMessage.NormalizedError)") } return $Results diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 index c96b2d215dc8..f257a9189a6c 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 @@ -19,7 +19,7 @@ function Set-CIPPDefaultAPDeploymentProfile { $APIName = 'Add Default Enrollment Status Page' ) - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers try { $ObjBody = [pscustomobject]@{ @@ -50,7 +50,7 @@ function Set-CIPPDefaultAPDeploymentProfile { if ($_.id -ne $Profiles[0].id) { if ($PSCmdlet.ShouldProcess($_.displayName, 'Delete duplicate Autopilot profile')) { $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$($_.id)" -tenantid $tenantfilter -type DELETE - Write-LogMessage -user $User -API $APIName -tenant $($tenantfilter) -message "Deleted duplicate Autopilot profile $($displayname)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APIName -tenant $($tenantfilter) -message "Deleted duplicate Autopilot profile $($displayname)" -Sev 'Info' } } } @@ -60,7 +60,7 @@ function Set-CIPPDefaultAPDeploymentProfile { if ($PSCmdlet.ShouldProcess($displayName, 'Add Autopilot profile')) { $Type = 'Add' $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles' -body $body -tenantid $tenantfilter - Write-LogMessage -user $User -API $APIName -tenant $($tenantfilter) -message "Added Autopilot profile $($displayname)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APIName -tenant $($tenantfilter) -message "Added Autopilot profile $($displayname)" -Sev 'Info' } } else { $Type = 'Edit' @@ -76,13 +76,13 @@ function Set-CIPPDefaultAPDeploymentProfile { if (!$Assignments) { $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$($GraphRequest.id)/assignments" -tenantid $tenantfilter -type POST -body $AssignBody } - Write-LogMessage -user $User -API $APIName -tenant $($tenantfilter) -message "Assigned autopilot profile $($Displayname) to $AssignTo" -Sev 'Info' + Write-LogMessage -Headers $User -API $APIName -tenant $($tenantfilter) -message "Assigned autopilot profile $($Displayname) to $AssignTo" -Sev 'Info' } } "Successfully $($Type)ed profile for $($tenantfilter)" } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APIName -tenant $($tenantfilter) -message "Failed $($Type)ing Autopilot Profile $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APIName -tenant $($tenantfilter) -message "Failed $($Type)ing Autopilot Profile $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage throw "Failed to add profile for $($tenantfilter): $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 index 76536b4c7441..c0ec587b0433 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPEnrollment.ps1 @@ -14,7 +14,7 @@ function Set-CIPPDefaultAPEnrollment { $APIName = 'Add Default Enrollment Status Page' ) - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers try { $ObjBody = [pscustomobject]@{ @@ -40,11 +40,11 @@ function Set-CIPPDefaultAPEnrollment { if ($PSCmdlet.ShouldProcess($ExistingStatusPage.ID, 'Set Default Enrollment Status Page')) { $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$($ExistingStatusPage.ID)" -body $body -Type PATCH -tenantid $($TenantFilter) "Successfully changed default enrollment status page for $($($TenantFilter))" - Write-LogMessage -user $User -API $APINAME -tenant $($TenantFilter) -message "Added Autopilot Enrollment Status Page $($Displayname)" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $($TenantFilter) -message "Added Autopilot Enrollment Status Page $($Displayname)" -Sev 'Info' } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $($TenantFilter) -message "Failed adding Autopilot Enrollment Status Page $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $($TenantFilter) -message "Failed adding Autopilot Enrollment Status Page $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage throw "Failed to change default enrollment status page for $($($TenantFilter)): $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 index 1f0f707ee267..58faf23a219f 100644 --- a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 @@ -26,7 +26,7 @@ function Set-CIPPIntuneTemplate { GUID = "$GUID" PartitionKey = 'IntuneTemplate' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -Headers$Request.Headers -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' return 'Successfully added template' } diff --git a/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 b/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 index 9a5e0c6ecace..c21505e27310 100644 --- a/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPMailboxArchive.ps1 @@ -9,16 +9,16 @@ function Set-CIPPMailboxArchive { [bool]$ArchiveEnabled ) - $User = $request.headers.'x-ms-client-principal' + $User = $Request.Headers Try { if (!$username) { $username = $userid } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Enable-Mailbox' -cmdParams @{Identity = $userid; Archive = $ArchiveEnabled } "Successfully set archive for $username to $ArchiveEnabled" - Write-LogMessage -user $User -API $APINAME -tenant $($tenantfilter) -message "Successfully set archive for $username to $ArchiveEnabled" -Sev 'Info' + Write-LogMessage -Headers $User -API $APINAME -tenant $($tenantfilter) -message "Successfully set archive for $username to $ArchiveEnabled" -Sev 'Info' } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $($tenantfilter) -message "Failed to set archive for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $($tenantfilter) -message "Failed to set archive for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage "Failed. $($ErrorMessage.NormalizedError)" } } diff --git a/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 b/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 index 51da2f11d762..22c1bd20a9a7 100644 --- a/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1 @@ -22,7 +22,7 @@ function Set-CIPPUserJITAdmin { DateTime for expiration .EXAMPLE - Set-CIPPUserJITAdmin -TenantFilter 'contoso.onmicrosoft.com' -User @{UserPrincipalName = 'jit@contoso.onmicrosoft.com'} -Roles @('62e90394-69f5-4237-9190-012177145e10') -Action 'AddRoles' -Expiration (Get-Date).AddDays(1) + Set-CIPPUserJITAdmin -TenantFilter 'contoso.onmicrosoft.com' -Headers@{UserPrincipalName = 'jit@contoso.onmicrosoft.com'} -Roles @('62e90394-69f5-4237-9190-012177145e10') -Action 'AddRoles' -Expiration (Get-Date).AddDays(1) #> [CmdletBinding(SupportsShouldProcess = $true)] diff --git a/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 b/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 index 029310ad772c..b27b6efbf7b9 100644 --- a/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 @@ -30,10 +30,10 @@ function Set-CIPPUserLicense { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserId/assignLicense" -tenantid $TenantFilter -type POST -body $LicenseBodyJson -Verbose } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $TenantFilter -message "Failed to assign the license. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers$Request.Headers -API $APIName -tenant $TenantFilter -message "Failed to assign the license. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage throw "Failed to assign the license. $($ErrorMessage.NormalizedError)" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $TenantFilter -message "Assigned licenses to user $UserId. Added: $AddLicenses; Removed: $RemoveLicenses" -Sev 'Info' + Write-LogMessage -Headers$Request.Headers -API $APIName -tenant $TenantFilter -message "Assigned licenses to user $UserId. Added: $AddLicenses; Removed: $RemoveLicenses" -Sev 'Info' return 'Set licenses successfully' } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 index b4badee0ad00..be53a501e8a9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 @@ -39,7 +39,7 @@ function Invoke-CIPPStandardConditionalAccessTemplate { $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'CATemplate' and RowKey eq '$($Setting.TemplateList.value)'" $JSONObj = (Get-CippAzDataTableEntity @Table -Filter $Filter).JSON - $null = New-CIPPCAPolicy -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -Headers $request.headers.'x-ms-client-principal' -ReplacePattern 'displayName' + $null = New-CIPPCAPolicy -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -Headers $Request.Headers -ReplacePattern 'displayName' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update conditional access rule $($JSONObj.displayName). Error: $ErrorMessage" -sev 'Error' diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index cfb430ce0bc7..e111bbf55d2e 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -7,7 +7,7 @@ function Test-CIPPAccessPermissions { ) $User = $request.headers.'x-ms-client-principal' - Write-LogMessage -user $User -API $APINAME -message 'Started permissions check' -Sev 'Debug' + Write-LogMessage -Headers $User -API $APINAME -message 'Started permissions check' -Sev 'Debug' $Messages = [System.Collections.Generic.List[string]]::new() $ErrorMessages = [System.Collections.Generic.List[string]]::new() $MissingPermissions = [System.Collections.Generic.List[string]]::new() @@ -46,7 +46,7 @@ function Test-CIPPAccessPermissions { } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -tenant $tenant -message "Key vault exception: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $tenant -message "Key vault exception: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } else { $Messages.Add('Your refresh token matches key vault.') | Out-Null @@ -60,7 +60,7 @@ function Test-CIPPAccessPermissions { Name = '' AuthMethods = @() } - Write-LogMessage -user $User -API $APINAME -tenant $tenant -message "Token exception: $($ErrorMessage.NormalizedError_) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -tenant $tenant -message "Token exception: $($ErrorMessage.NormalizedError_) " -Sev 'Error' -LogData $ErrorMessage $Success = $false } @@ -152,7 +152,7 @@ function Test-CIPPAccessPermissions { } } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $User -API $APINAME -message "Permissions check failed: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $User -API $APINAME -message "Permissions check failed: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage $ErrorMessages.Add("We could not connect to the API to retrieve the permissions. There might be a problem with the secure application model configuration. The returned error is: $($ErrorMessage.NormalizedError)") | Out-Null $Success = $false } diff --git a/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 b/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 index 610a59ea2548..16f7890c4e94 100644 --- a/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 +++ b/Modules/CIPPCore/Public/Webhooks/Invoke-CIPPGraphWebhookRenewal.ps1 @@ -15,7 +15,7 @@ function Invoke-CippGraphWebhookRenewal { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/subscriptions/$($UpdateSub.SubscriptionID)" -tenantid $TenantFilter -type PATCH -body $body -Verbose $UpdateSub.Expiration = $RenewalDate $null = Add-AzDataTableEntity @WebhookTable -Entity $UpdateSub -Force - Write-LogMessage -user 'CIPP' -API 'Renew_Graph_Subscriptions' -message "Renewed Subscription:$($UpdateSub.SubscriptionID)" -Sev "Info" -tenant $TenantFilter + Write-LogMessage -Headers'CIPP' -API 'Renew_Graph_Subscriptions' -message "Renewed Subscription:$($UpdateSub.SubscriptionID)" -Sev "Info" -tenant $TenantFilter } catch { # Rebuild creation parameters @@ -28,7 +28,7 @@ function Invoke-CippGraphWebhookRenewal { $Resource = "$($UpdateSub.Resource)" $EventType = "$($UpdateSub.EventType)" - Write-LogMessage -user 'CIPP' -API 'Renew_Graph_Subscriptions' -message "Recreating: $($UpdateSub.SubscriptionID) as renewal failed." -Sev "Info" -tenant $TenantFilter + Write-LogMessage -Headers'CIPP' -API 'Renew_Graph_Subscriptions' -message "Recreating: $($UpdateSub.SubscriptionID) as renewal failed." -Sev "Info" -tenant $TenantFilter $CreateResult = New-CIPPGraphSubscription -TenantFilter $TenantFilter -TypeofSubscription $TypeofSubscription -BaseURL $BaseURL -Resource $Resource -EventType $EventType -Headers 'GraphSubscriptionRenewal' -Recreate if ($CreateResult -match 'Created Webhook subscription for') { @@ -39,7 +39,7 @@ function Invoke-CippGraphWebhookRenewal { } catch { - Write-LogMessage -user 'CIPP' -API 'Renew_Graph_Subscriptions' -message "Failed to renew Webhook Subscription: $($UpdateSub.SubscriptionID). Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter + Write-LogMessage -Headers'CIPP' -API 'Renew_Graph_Subscriptions' -message "Failed to renew Webhook Subscription: $($UpdateSub.SubscriptionID). Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter } } } diff --git a/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 b/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 index 11d039d1ecf5..33e4a2ac614b 100644 --- a/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 +++ b/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 @@ -23,7 +23,7 @@ function New-GradientServiceSyncRun { $ActivateRequest = Invoke-RestMethod -Uri 'https://app.usegradient.com/api/vendor-api/organization/status/active' -Method PATCH -Headers $GradientToken } } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create tenants in Gradient API. Error: $($_.Exception.Message)" -Sev 'Error' -tenant 'GradientAPI' + Write-LogMessage -Headers$Request.Headers -API $APINAME -message "Failed to create tenants in Gradient API. Error: $($_.Exception.Message)" -Sev 'Error' -tenant 'GradientAPI' } @@ -83,7 +83,7 @@ function New-GradientServiceSyncRun { } | ConvertTo-Json -Depth 10 $Results = Invoke-RestMethod -Uri "https://app.usegradient.com/api/vendor-api/service/$($ExistingService.id)/count" -Method POST -Headers $GradientToken -Body $ServiceBody -ContentType 'application/json' } catch { - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to create license in Gradient API. Error: $($_). $results" -Sev 'Error' -tenant $singlereq.tenant + Write-LogMessage -Headers$Request.Headers -API $APINAME -message "Failed to create license in Gradient API. Error: $($_). $results" -Sev 'Error' -tenant $singlereq.tenant } } diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 index b280394b3e0d..854606641c8b 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 @@ -13,7 +13,7 @@ function Invoke-NinjaOneDeviceWebhook { } if ($MappedFields.DeviceCompliance) { - Write-LogMessage -user $Headers -API $APIName -message "Webhook Recieved - Updating NinjaOne Device compliance for $($Data.resourceData.id) in $($Data.tenantId)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -Headers$Headers -API $APIName -message "Webhook Recieved - Updating NinjaOne Device compliance for $($Data.resourceData.id) in $($Data.tenantId)" -Sev 'Info' -tenant $TenantFilter $tenantfilter = $Data.tenantId $M365DeviceID = $Data.resourceData.id @@ -28,7 +28,7 @@ function Invoke-NinjaOneDeviceWebhook { $Token = Get-NinjaOneToken -configuration $Configuration if (!$Token.access_token) { - Write-LogMessage -API 'NinjaOneSync' -tenant $tenantfilter -user 'CIPP' -message 'Failed to get NinjaOne Token for Device Compliance Update' -Sev 'Error' + Write-LogMessage -API 'NinjaOneSync' -tenant $tenantfilter -Headers'CIPP' -message 'Failed to get NinjaOne Token for Device Compliance Update' -Sev 'Error' return } @@ -52,10 +52,10 @@ function Invoke-NinjaOneDeviceWebhook { $_.Exception.message } Write-Error "Failed NinjaOne Device Webhook for: $($Data | ConvertTo-Json -Depth 100) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "Failed NinjaOne Device Webhook Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' + Write-LogMessage -API 'NinjaOneSync' -Headers'CIPP' -message "Failed NinjaOne Device Webhook Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' } } else { - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "$($DeviceM365.displayName) ($($M365DeviceID)) was not matched in Ninja for $($tenantfilter)" -Sev 'Info' + Write-LogMessage -API 'NinjaOneSync' -Headers'CIPP' -message "$($DeviceM365.displayName) ($($M365DeviceID)) was not matched in Ninja for $($tenantfilter)" -Sev 'Info' } } @@ -67,7 +67,7 @@ function Invoke-NinjaOneDeviceWebhook { $_.Exception.message } Write-Error "Failed NinjaOne Device Webhook for: $($Data | ConvertTo-Json -Depth 100) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "Failed NinjaOne Device Webhook Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' + Write-LogMessage -API 'NinjaOneSync' -Headers'CIPP' -message "Failed NinjaOne Device Webhook Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' } diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 index ca69e5b10935..921a6d1e1ac3 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 @@ -55,7 +55,7 @@ function Invoke-NinjaOneExtensionScheduler { } Add-AzDataTableEntity @Table -Entity $AddObject -Force - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "NinjaOne Daily Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' + Write-LogMessage -API 'NinjaOneSync' -Headers'CIPP' -message "NinjaOne Daily Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' } else { if ($LastRunTime -lt (Get-Date).AddMinutes(-90)) { @@ -91,10 +91,10 @@ function Invoke-NinjaOneExtensionScheduler { } if (($CatchupTenants | Measure-Object).count -gt 0) { - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "NinjaOne Synchronization Catchup Queued for $(($CatchupTenants | Measure-Object).count) Tenants" -Sev 'Info' + Write-LogMessage -API 'NinjaOneSync' -Headers'CIPP' -message "NinjaOne Synchronization Catchup Queued for $(($CatchupTenants | Measure-Object).count) Tenants" -Sev 'Info' } } } -} \ No newline at end of file +} diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 index 443e3d49042b..d8e963a536c1 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 @@ -87,7 +87,7 @@ function Invoke-NinjaOneOrgMapping { IntegrationName = "$($MatchedOrg.name)" } Add-AzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "Added mapping from Organization name match for $($Tenant.customerId). to $($($MatchedOrg.name))" -Sev 'Info' + Write-LogMessage -API 'NinjaOneAutoMap_Queue' -Headers'CIPP' -message "Added mapping from Organization name match for $($Tenant.customerId). to $($($MatchedOrg.name))" -Sev 'Info' } } diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMappingTenant.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMappingTenant.ps1 index c3f05acf1cc3..7db9841d7295 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMappingTenant.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneOrgMappingTenant.ps1 @@ -66,8 +66,8 @@ function Invoke-NinjaOneOrgMappingTenant { IntegrationName = "$($MatchedOrg.name)" } Add-AzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "Added mapping from Device match for $($Tenant.displayName) to $($($MatchedOrg.name))" -Sev 'Info' + Write-LogMessage -API 'NinjaOneAutoMap_Queue' -Headers'CIPP' -message "Added mapping from Device match for $($Tenant.displayName) to $($($MatchedOrg.name))" -Sev 'Info' } -} \ No newline at end of file +} diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneSync.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneSync.ps1 index c6fb732eb30a..54a0c2c28a67 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneSync.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneSync.ps1 @@ -32,7 +32,7 @@ function Invoke-NinjaOneSync { Add-AzDataTableEntity @Table -Entity $AddObject -Force - Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "NinjaOne Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' + Write-LogMessage -API 'NinjaOneAutoMap_Queue' -Headers'CIPP' -message "NinjaOne Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' } catch { Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message "Could not start NinjaOne Sync $($_.Exception.Message)" -sev Error } diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index 25a987a3bf79..813ce65b3af5 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -45,7 +45,7 @@ function Invoke-NinjaOneTenantSync { $Customer = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -eq $MappedTenant.RowKey } Write-Information "Processing: $($Customer.displayName) - Queued for $((New-TimeSpan -Start $StartQueueTime -End $StartTime).TotalSeconds)" - Write-LogMessage -API 'NinjaOneSync' -user 'NinjaOneSync' -message "Processing NinjaOne Synchronization for $($Customer.displayName) - Queued for $((New-TimeSpan -Start $StartQueueTime -End $StartTime).TotalSeconds)" -Sev 'Info' + Write-LogMessage -API 'NinjaOneSync' -Headers'NinjaOneSync' -message "Processing NinjaOne Synchronization for $($Customer.displayName) - Queued for $((New-TimeSpan -Start $StartQueueTime -End $StartTime).TotalSeconds)" -Sev 'Info' if (($Customer | Measure-Object).count -ne 1) { Throw "Unable to match the recieved ID to a tenant QueueItem: $($QueueItem | ConvertTo-Json -Depth 100 | Out-String) Matched Customer: $($Customer| ConvertTo-Json -Depth 100 | Out-String)" @@ -2326,7 +2326,7 @@ function Invoke-NinjaOneTenantSync { $CurrentItem | Add-Member -NotePropertyName lastStatus -NotePropertyValue 'Completed' -Force Add-CIPPAzDataTableEntity @MappingTable -Entity $CurrentItem -Force - Write-LogMessage -API 'NinjaOneSync' -user 'NinjaOneSync' -message "Completed NinjaOne Sync for $($Customer.displayName). Queued for $((New-TimeSpan -Start $StartQueueTime -End $StartTime).TotalSeconds) seconds. Data fetched in $((New-TimeSpan -Start $StartTime -End $FetchEnd).TotalSeconds) seconds. Total processing time $((New-TimeSpan -Start $StartTime -End (Get-Date)).TotalSeconds) seconds" -Sev 'info' + Write-LogMessage -API 'NinjaOneSync' -Headers'NinjaOneSync' -message "Completed NinjaOne Sync for $($Customer.displayName). Queued for $((New-TimeSpan -Start $StartQueueTime -End $StartTime).TotalSeconds) seconds. Data fetched in $((New-TimeSpan -Start $StartTime -End $FetchEnd).TotalSeconds) seconds. Total processing time $((New-TimeSpan -Start $StartTime -End (Get-Date)).TotalSeconds) seconds" -Sev 'info' } catch { $Message = if ($_.ErrorDetails.Message) { @@ -2335,7 +2335,7 @@ function Invoke-NinjaOneTenantSync { $_.Exception.message } Write-Error "Failed NinjaOne Processing for $($Customer.displayName) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" - Write-LogMessage -API 'NinjaOneSync' -user 'NinjaOneSync' -message "Failed NinjaOne Processing for $($Customer.displayName) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' + Write-LogMessage -API 'NinjaOneSync' -Headers'NinjaOneSync' -message "Failed NinjaOne Processing for $($Customer.displayName) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' $CurrentItem | Add-Member -NotePropertyName lastEndTime -NotePropertyValue ([string]$((Get-Date).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffZ'))) -Force $CurrentItem | Add-Member -NotePropertyName lastStatus -NotePropertyValue 'Failed' -Force Add-CIPPAzDataTableEntity @MappingTable -Entity $CurrentItem -Force From c8939e6dba742459259b480a9315282849950564 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:22:00 +0100 Subject: [PATCH 093/138] fix transport rule --- .../Email-Exchange/Invoke-AddTransportRule.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 index 55518c7ea264..18c1c71e134d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 @@ -11,8 +11,8 @@ Function Invoke-AddTransportRule { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - $ExetutingUser = $Request.Headers - Write-LogMessage -Headers$ExetutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $ExecutingUser = $Request.Headers + Write-LogMessage -Headers $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev 'Debug' $RequestParams = $Request.Body.PowerShellCommand | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty GUID, HasSenderOverride, ExceptIfHasSenderOverride, ExceptIfMessageContainsDataClassifications, MessageContainsDataClassifications @@ -31,11 +31,11 @@ Function Invoke-AddTransportRule { "Successfully created transport rule for $tenantFilter." } - Write-LogMessage -Headers$ExetutingUser -API $APINAME -tenant $tenantFilter -message "Created transport rule for $($tenantFilter)" -sev Info + Write-LogMessage -Headers $ExecutingUser -API $APINAME -tenant $tenantFilter -message "Created transport rule for $($tenantFilter)" -sev Info } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not create transport rule for $($tenantFilter): $($ErrorMessage.NormalizedError)" - Write-LogMessage -Headers$ExetutingUser -API $APINAME -tenant $tenantFilter -message "Could not create transport rule for $($tenantFilter). Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $ExecutingUser -API $APINAME -tenant $tenantFilter -message "Could not create transport rule for $($tenantFilter). Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } } From 15bd4b1c215490896513742a562441519aa3ec5d Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:23:40 +0100 Subject: [PATCH 094/138] revert headers --- .../HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 index 19b2b715bf91..f10665096d54 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 @@ -15,7 +15,7 @@ Function Invoke-GetCippAlerts { $PartitionKey = Get-Date -UFormat '%Y%m%d' $Filter = "PartitionKey eq '{0}'" -f $PartitionKey $Rows = Get-CIPPAzDataTableEntity @Table -Filter $Filter | Sort-Object TableTimestamp -Descending | Select-Object -First 10 - $role = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Request.Headers)) | ConvertFrom-Json).userRoles + $role = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userRoles $CIPPVersion = $Request.Query.localversion $Version = Assert-CippVersion -CIPPVersion $CIPPVersion From d5ff80425dbd59a3396257ea2078f3a4f8fe70b8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 10 Feb 2025 17:24:36 +0100 Subject: [PATCH 095/138] headers spacing fix --- .../CIPP/Settings/Invoke-ExecAccessChecks.ps1 | 2 +- .../Invoke-AddTransportTemplate.ps1 | 6 ++--- .../Email-Exchange/Invoke-EditContact.ps1 | 6 ++--- .../Email-Exchange/Invoke-EditExConnector.ps1 | 6 ++--- .../Invoke-EditTransportRule.ps1 | 6 ++--- .../Email-Exchange/Invoke-ExecHideFromGAL.ps1 | 2 +- .../Invoke-ListGlobalAddressList.ps1 | 2 +- .../Endpoint/MEM/Invoke-EditIntuneScript.ps1 | 2 +- .../Endpoint/MEM/Invoke-ListIntuneScript.ps1 | 2 +- .../MEM/Invoke-RemoveIntuneScript.ps1 | 2 +- .../Devices/Invoke-ExecDeviceDelete.ps1 | 2 +- .../Invoke-ExecSetSharePointMember.ps1 | 2 +- .../Invoke-ExecSharePointPerms.ps1 | 2 +- ...ke-ExecTeamsVoicePhoneNumberAssignment.ps1 | 6 ++--- .../Invoke-ListAppConsentRequests.ps1 | 2 +- .../Entrypoints/Invoke-ExecSyncAPDevices.ps1 | 6 ++--- .../Invoke-ListAzureADConnectStatus.ps1 | 2 +- .../Entrypoints/Invoke-ListDefenderTVM.ps1 | 2 +- .../Entrypoints/Invoke-ListDeletedItems.ps1 | 2 +- .../Invoke-ListExchangeConnectors.ps1 | 2 +- .../Entrypoints/Invoke-ListIntunePolicy.ps1 | 2 +- .../CIPPCore/Public/New-CIPPRestoreTask.ps1 | 24 +++++++++---------- .../Public/Set-CIPPIntuneTemplate.ps1 | 2 +- .../CIPPCore/Public/Set-CIPPUserLicense.ps1 | 4 ++-- .../Gradient/New-GradientServiceSyncRun.ps1 | 4 ++-- .../NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 | 2 +- 26 files changed, 51 insertions(+), 51 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 index 28b9ec5f0ef3..4568e389f721 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 @@ -11,7 +11,7 @@ Function Invoke-ExecAccessChecks { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -Headers$Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -tablename 'AccessChecks' $LastRun = (Get-Date).ToUniversalTime() diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 index 4c66ca145b1b..ecf773ddb29f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 @@ -12,7 +12,7 @@ Function Invoke-AddTransportTemplate { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host ($request | ConvertTo-Json -Depth 10 -Compress) try { @@ -35,12 +35,12 @@ Function Invoke-AddTransportTemplate { RowKey = "$GUID" PartitionKey = 'TransportTemplate' } - Write-LogMessage -Headers$Headers -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug + Write-LogMessage -Headers $Headers -API $APINAME -message "Created Transport Rule Template $($Request.body.name) with GUID $GUID" -Sev Debug $body = [pscustomobject]@{'Results' = "Created Transport Rule Template $($Request.body.name) with GUID $GUID" } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -Headers$Headers -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $body = [pscustomobject]@{'Results' = "Failed to create Transport Rule Template: $($ErrorMessage.NormalizedError)" } $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 index 65ef714d8e3e..f08ca3c40bdf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditContact.ps1 @@ -13,7 +13,7 @@ Function Invoke-EditContact { $APIName = $Request.Params.CIPPEndpoint $TenantID = $Request.body.tenantID $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { # Extract contact information from the request body @@ -43,13 +43,13 @@ Function Invoke-EditContact { $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-Contact' -cmdParams $bodyForSetContact -UseSystemMailbox $true $null = New-ExoRequest -tenantid $TenantID -cmdlet 'Set-MailContact' -cmdParams @{Identity = $contactInfo.ContactID; HiddenFromAddressListsEnabled = [System.Convert]::ToBoolean($contactInfo.hidefromGAL) } -UseSystemMailbox $true $Results = "Successfully edited contact $($contactInfo.DisplayName)" - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantID -message $Results -Sev Info + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantID -message $Results -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Failed to edit contact. $($ErrorMessage.NormalizedError)" - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantID -message $Results -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::InternalServerError } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 index a5aa5f64dffd..904f9d2c826e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 @@ -12,7 +12,7 @@ Function Invoke-EditExConnector { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter try { $ConnectorState = $Request.Query.State ?? $Request.Body.State @@ -25,11 +25,11 @@ Function Invoke-EditExConnector { } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet "Set-$($Type)Connector" -cmdParams $params -UseSystemMailbox $true $Result = "Set Connector $($Guid) to $($ConnectorState)" - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantFilter -message "Set Connector $($Guid) to $($ConnectorState)" -sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CIPPException -Exception $_ - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantFilter -message "Failed setting Connector $($Guid) to $($ConnectorState). Error:$($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 index 57ffb6dfd40a..87ec4164e9d8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 @@ -12,7 +12,7 @@ Function Invoke-EditTransportRule { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter ?? $Request.body.tenantFilter $Identity = $Request.Query.guid ?? $Request.body.guid @@ -26,11 +26,11 @@ Function Invoke-EditTransportRule { $cmdlet = if ($State -eq 'enable') { 'Enable-TransportRule' } else { 'Disable-TransportRule' } $null = New-ExoRequest -tenantid $TenantFilter -cmdlet $cmdlet -cmdParams $params -UseSystemMailbox $true $Result = "Set transport rule $($Identity) to $($State)" - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message $Result -sev Info + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantFilter -message $Result -sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantFilter -message "Failed setting transport rule $($Identity) to $($State). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage $Result = $ErrorMessage.NormalizedError $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 index 012e9abb23be..21b234e9bfd5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecHideFromGAL { $Headers = $Request.Headers $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Support if the request is a POST or a GET. So to support legacy(GET) and new(POST) requests diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 index 7c4bede0f71d..15d5702ce0a1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListGlobalAddressList.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListGlobalAddressList { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.Query.tenantFilter try { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 index 62e40ea9b6b5..902e39cb3102 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 @@ -12,7 +12,7 @@ function Invoke-EditIntuneScript { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev Debug $graphUrl = "https://graph.microsoft.com/beta" switch($Request.Method) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 index 3964e4d0703f..e53611befd00 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneScript.ps1 @@ -12,7 +12,7 @@ function Invoke-ListIntuneScript { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 index 8dba97dd023c..4770fbe1638a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemoveIntuneScript.ps1 @@ -12,7 +12,7 @@ function Invoke-RemoveIntuneScript { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev Debug Write-Host 'PowerShell HTTP trigger function processed a request.' diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 index 40153172c9ad..1916328d51da 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecDeviceDelete { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with body parameters or the body of the request. $TenantFilter = $Request.body.tenantFilter ?? $Request.Query.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 index 95d28974891d..0894c81fbdf1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 @@ -13,7 +13,7 @@ Function Invoke-ExecSetSharePointMember { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $Request.body.tenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 index f6a8fb304158..8f6e939440fb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointPerms.ps1 @@ -14,7 +14,7 @@ Function Invoke-ExecSharePointPerms { $tenantFilter = $Request.Body.tenantFilter $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APIName -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev Debug # The UPN or ID of the users OneDrive we are changing permissions on $UserId = $Request.body.UPN diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 index 11a37aa029bf..acc53b79f4c3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecTeamsVoicePhoneNumberAssignment.ps1 @@ -12,7 +12,7 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Identity = $Request.Body.input.value $tenantFilter = $Request.Body.TenantFilter @@ -24,12 +24,12 @@ Function Invoke-ExecTeamsVoicePhoneNumberAssignment { $null = New-TeamsRequest -TenantFilter $TenantFilter -Cmdlet 'Set-CsPhoneNumberAssignment' -CmdParams @{Identity = $Identity; PhoneNumber = $Request.Body.PhoneNumber; PhoneNumberType = $Request.Body.PhoneNumberType; ErrorAction = 'stop' } $Results = [pscustomobject]@{'Results' = "Successfully assigned $($Request.Body.PhoneNumber) to $($Identity)" } } - Write-LogMessage -Headers$Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Info + Write-LogMessage -Headers $Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = [pscustomobject]@{'Results' = $ErrorMessage.NormalizedError } - Write-LogMessage -Headers$Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -tenant $($TenantFilter) -message $($Results.Results) -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 index ca8aedef3d0f..55f5fdd82b76 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 @@ -50,7 +50,7 @@ function Invoke-ListAppConsentRequests { $StatusCode = [HttpStatusCode]::OK } catch { $StatusCode = [HttpStatusCode]::OK - Write-LogMessage -Headers$Headers -API $APIName -message 'app consent request list failed' -Sev 'Error' -tenant $TenantFilter + Write-LogMessage -Headers $Headers -API $APIName -message 'app consent request list failed' -Sev 'Error' -tenant $TenantFilter $Results = @{ appDisplayName = "Error: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 index 9bcd61679026..d29c24ce8bc6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSyncAPDevices.ps1 @@ -12,17 +12,17 @@ Function Invoke-ExecSyncAPDevices { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev Debug + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev Debug try { $null = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotSettings/sync' -tenantid $TenantFilter $Results = "Successfully Started Sync for $($TenantFilter)" - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message 'Successfully started Autopilot sync' -Sev Info + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantFilter -message 'Successfully started Autopilot sync' -Sev Info $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-CippException -Exception $_ $Results = "Failed to start sync for $TenantFilter. Did you try syncing in the last 10 minutes?" - Write-LogMessage -Headers$Headers -API $APINAME -tenant $TenantFilter -message 'Failed to start Autopilot sync. Did you try syncing in the last 10 minutes?' -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -tenant $TenantFilter -message 'Failed to start Autopilot sync. Did you try syncing in the last 10 minutes?' -Sev Error -LogData $ErrorMessage $StatusCode = [HttpStatusCode]::Forbidden } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 index d347d44a0d07..53d468609e5c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAzureADConnectStatus.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListAzureADConnectStatus { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers $TenantFilter = $Request.Query.TenantFilter - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $DataToReturn = $Request.Query.DataToReturn diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 index 4e979231d7d1..d699ab7fbb10 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDefenderTVM.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListDefenderTVM { $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 index f2920298a01c..b9dbdfb4da4f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDeletedItems.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListDeletedItems { $APIName = $Request.Params.CIPPEndpoint $TenantFilter = $Request.Query.tenantFilter $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Interact with query parameters or the body of the request. $Types = 'Application', 'User', 'Device', 'Group' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 index 8a6696f9c627..9fa161d38f72 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExchangeConnectors.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListExchangeConnectors { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' $TenantFilter = $request.Query.tenantFilter $Results = try { diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 index 50472c783700..d8febbcf029b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1 @@ -11,7 +11,7 @@ Function Invoke-ListIntunePolicy { $APIName = $Request.Params.CIPPEndpoint $Headers = $Request.Headers - Write-LogMessage -Headers$Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + Write-LogMessage -Headers $Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' # Write to the Azure Functions log stream. diff --git a/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 b/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 index 397a8e760ee9..9364749c54f2 100644 --- a/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1 @@ -41,7 +41,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore user $($UPN): $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -77,7 +77,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore group $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -91,7 +91,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Conditional Access Policy $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -103,7 +103,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } #Convert the manual method to a function @@ -116,7 +116,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Compliance $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -130,7 +130,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Intune Protection $DisplayName : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -146,7 +146,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not obtain Anti-Spam Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } $policyparams = @( @@ -266,7 +266,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Anti-spam policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -316,7 +316,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Anti-spam rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } @@ -331,7 +331,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not obtain Anti-Phishing Configuration: $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } $policyparams = @( @@ -423,7 +423,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Anti-phishing policy $($policy.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } @@ -473,7 +473,7 @@ function New-CIPPRestoreTask { } catch { $ErrorMessage = Get-CippException -Exception $_ "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " - Write-LogMessage -Headers$Headers -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage + Write-LogMessage -Headers $Headers -API $APINAME -message "Could not restore Anti-phishing rule $($rule.Identity) : $($ErrorMessage.NormalizedError) " -Sev 'Error' -LogData $ErrorMessage } } } diff --git a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 index 58faf23a219f..9ff552c5a878 100644 --- a/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1 @@ -26,7 +26,7 @@ function Set-CIPPIntuneTemplate { GUID = "$GUID" PartitionKey = 'IntuneTemplate' } - Write-LogMessage -Headers$Request.Headers -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' + Write-LogMessage -Headers $Request.Headers -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' return 'Successfully added template' } diff --git a/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 b/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 index b27b6efbf7b9..382869c4f52a 100644 --- a/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1 @@ -30,10 +30,10 @@ function Set-CIPPUserLicense { $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserId/assignLicense" -tenantid $TenantFilter -type POST -body $LicenseBodyJson -Verbose } catch { $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -Headers$Request.Headers -API $APIName -tenant $TenantFilter -message "Failed to assign the license. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + Write-LogMessage -Headers $Request.Headers -API $APIName -tenant $TenantFilter -message "Failed to assign the license. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage throw "Failed to assign the license. $($ErrorMessage.NormalizedError)" } - Write-LogMessage -Headers$Request.Headers -API $APIName -tenant $TenantFilter -message "Assigned licenses to user $UserId. Added: $AddLicenses; Removed: $RemoveLicenses" -Sev 'Info' + Write-LogMessage -Headers $Request.Headers -API $APIName -tenant $TenantFilter -message "Assigned licenses to user $UserId. Added: $AddLicenses; Removed: $RemoveLicenses" -Sev 'Info' return 'Set licenses successfully' } diff --git a/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 b/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 index 33e4a2ac614b..e60feeaac807 100644 --- a/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 +++ b/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 @@ -23,7 +23,7 @@ function New-GradientServiceSyncRun { $ActivateRequest = Invoke-RestMethod -Uri 'https://app.usegradient.com/api/vendor-api/organization/status/active' -Method PATCH -Headers $GradientToken } } catch { - Write-LogMessage -Headers$Request.Headers -API $APINAME -message "Failed to create tenants in Gradient API. Error: $($_.Exception.Message)" -Sev 'Error' -tenant 'GradientAPI' + Write-LogMessage -Headers $Request.Headers -API $APINAME -message "Failed to create tenants in Gradient API. Error: $($_.Exception.Message)" -Sev 'Error' -tenant 'GradientAPI' } @@ -83,7 +83,7 @@ function New-GradientServiceSyncRun { } | ConvertTo-Json -Depth 10 $Results = Invoke-RestMethod -Uri "https://app.usegradient.com/api/vendor-api/service/$($ExistingService.id)/count" -Method POST -Headers $GradientToken -Body $ServiceBody -ContentType 'application/json' } catch { - Write-LogMessage -Headers$Request.Headers -API $APINAME -message "Failed to create license in Gradient API. Error: $($_). $results" -Sev 'Error' -tenant $singlereq.tenant + Write-LogMessage -Headers $Request.Headers -API $APINAME -message "Failed to create license in Gradient API. Error: $($_). $results" -Sev 'Error' -tenant $singlereq.tenant } } diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 index 854606641c8b..bcd5735dcfca 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneDeviceWebhook.ps1 @@ -13,7 +13,7 @@ function Invoke-NinjaOneDeviceWebhook { } if ($MappedFields.DeviceCompliance) { - Write-LogMessage -Headers$Headers -API $APIName -message "Webhook Recieved - Updating NinjaOne Device compliance for $($Data.resourceData.id) in $($Data.tenantId)" -Sev 'Info' -tenant $TenantFilter + Write-LogMessage -Headers $Headers -API $APIName -message "Webhook Recieved - Updating NinjaOne Device compliance for $($Data.resourceData.id) in $($Data.tenantId)" -Sev 'Info' -tenant $TenantFilter $tenantfilter = $Data.tenantId $M365DeviceID = $Data.resourceData.id From 8ad2304137c011778808b3e8a0130ded9bcf06f2 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 10 Feb 2025 11:36:02 -0500 Subject: [PATCH 096/138] Update Invoke-ExecExcludeTenant.ps1 --- .../HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 index 37ccb5f4e4e5..d1beb8ca2547 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 @@ -12,8 +12,7 @@ Function Invoke-ExecExcludeTenant { Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $user = $Request.Headers - $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails + $username = $Request.Headers.'x-ms-client-principal-name' $date = (Get-Date).tostring('yyyy-MM-dd') $TenantsTable = Get-CippTable -tablename Tenants From 8651de72f4df54679fda142da8729b77091f5fac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 10 Feb 2025 17:49:55 +0100 Subject: [PATCH 097/138] Add Clear-CIPPImmutableId function and update Invoke-CIPPOffboardingJob to include it --- .../CIPPCore/Public/Clear-CIPPImmutableId.ps1 | 22 ++++++++++++++++ .../Users/Invoke-ExecClrImmId.ps1 | 25 ++++++++----------- .../Public/Invoke-CIPPOffboardingJob.ps1 | 7 ++++-- 3 files changed, 37 insertions(+), 17 deletions(-) create mode 100644 Modules/CIPPCore/Public/Clear-CIPPImmutableId.ps1 diff --git a/Modules/CIPPCore/Public/Clear-CIPPImmutableId.ps1 b/Modules/CIPPCore/Public/Clear-CIPPImmutableId.ps1 new file mode 100644 index 000000000000..ca9d60c172de --- /dev/null +++ b/Modules/CIPPCore/Public/Clear-CIPPImmutableId.ps1 @@ -0,0 +1,22 @@ +function Clear-CIPPImmutableId { + [CmdletBinding()] + param ( + $TenantFilter, + $userid, + $Headers, + $APIName + ) + + try { + $Body = [pscustomobject]@{ onPremisesImmutableId = $null } + $Body = ConvertTo-Json -InputObject $Body -Depth 5 -Compress + $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$userid" -tenantid $TenantFilter -type PATCH -body $Body + Write-LogMessage -headers $Headers -API $APIName -message "Successfully cleared immutable ID for $userid" -sev Info + return 'Successfully cleared immutable ID for user.' + } catch { + $ErrorMessage = Get-CippException -Exception $_ + $Message = "Could not clear immutable ID for $($userid): $($ErrorMessage.NormalizedError)" + Write-LogMessage -headers $Headers -API $APIName -message $Message -sev Error -LogData $ErrorMessage + return $Message + } +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 index fd5e11bf8f07..50374bc33a1b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 @@ -11,28 +11,23 @@ Function Invoke-ExecClrImmId { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev Debug + $UserID = $Request.Query.ID ?? $Request.Body.ID - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - - # Interact with query parameters or the body of the request. Try { - $TenantFilter = $Request.Query.TenantFilter - $UserID = $Request.Query.ID - $Body = [pscustomobject]@{ onPremisesImmutableId = $null } - $Body = ConvertTo-Json -InputObject $Body -Depth 5 -Compress - $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body - $Results = [pscustomobject]@{'Results' = 'Successfully Cleared ImmutableId' } + $Result = Clear-CIPPImmutableId -userid $UserID -TenantFilter $TenantFilter -Headers $Request.Headers -APIName $APIName + $StatusCode = [HttpStatusCode]::OK } catch { - $ErrorMessage = Get-NormalizedError -Message $_.Exception - $Results = [pscustomobject]@{'Results' = "Failed. $ErrorMessage"; colour = 'danger' } - $_.Exception + $ErrorMessage = Get-CippException -Exception $_ + $Result = $ErrorMessage.NormalizedError + $StatusCode = [HttpStatusCode]::InternalServerError } + $Results = [pscustomobject]@{'Results' = $Result } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $Results }) } diff --git a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 index 47a39a69ed30..02d2d21114ea 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 @@ -22,13 +22,13 @@ function Invoke-CIPPOffboardingJob { Revoke-CIPPSessions -tenantFilter $tenantFilter -username $username -userid $userid -Headers $Headers -APIName $APIName } { $_.ResetPass -eq $true } { - Set-CIPPResetPassword -tenantFilter $tenantFilter -userid $username -Headers $Headers -APIName $APIName + Set-CIPPResetPassword -tenantFilter $tenantFilter -UserID $username -Headers $Headers -APIName $APIName } { $_.RemoveGroups -eq $true } { Remove-CIPPGroups -userid $userid -tenantFilter $Tenantfilter -Headers $Headers -APIName $APIName -Username "$Username" } { $_.'HideFromGAL' -eq $true } { - Set-CIPPHideFromGAL -tenantFilter $tenantFilter -userid $username -HideFromGAL $true -Headers $Headers -APIName $APIName + Set-CIPPHideFromGAL -tenantFilter $tenantFilter -UserID $username -hidefromgal $true -Headers $Headers -APIName $APIName } { $_.'DisableSignIn' -eq $true } { Set-CIPPSignInState -TenantFilter $tenantFilter -userid $username -AccountEnabled $false -Headers $Headers -APIName $APIName @@ -96,6 +96,9 @@ function Invoke-CIPPOffboardingJob { { $_.'RemoveMFADevices' } { Remove-CIPPUserMFA -UserPrincipalName $Username -TenantFilter $TenantFilter -Headers $Headers } + { $_.'ClearImmutableId' -eq $true } { + Clear-CIPPImmutableId -userid $userid -TenantFilter $TenantFilter -Headers $Headers -APIName $APIName + } } return $Return From 1a18f18d41946a20c866192e41f7aa339356ad18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Mon, 10 Feb 2025 22:19:43 +0100 Subject: [PATCH 098/138] Add AuthMethodsSettings standard and copy standards from frontend to backend --- Config/standards.json | 1163 ++++++++++++++--- ...Invoke-CIPPStandardAuthMethodsSettings.ps1 | 98 ++ 2 files changed, 1089 insertions(+), 172 deletions(-) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsSettings.ps1 diff --git a/Config/standards.json b/Config/standards.json index 4b12a7181b10..70d9710628db 100644 --- a/Config/standards.json +++ b/Config/standards.json @@ -7,24 +7,28 @@ "docsDescription": "", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.MailContacts.GeneralContact", - "label": "General Contact" + "label": "General Contact", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.MailContacts.SecurityContact", - "label": "Security Contact" + "label": "Security Contact", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.MailContacts.MarketingContact", - "label": "Marketing Contact" + "label": "Marketing Contact", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.MailContacts.TechContact", - "label": "Technical Contact" + "label": "Technical Contact", + "required": false } ], "label": "Set contact e-mails", @@ -45,6 +49,37 @@ "powershellEquivalent": "Enable-OrganizationCustomization", "recommendedBy": ["CIS"] }, + { + "name": "standards.ProfilePhotos", + "cat": "Global Standards", + "tag": ["lowimpact"], + "helpText": "Controls whether users can set their own profile photos in Microsoft 365.", + "docsDescription": "Controls whether users can set their own profile photos in Microsoft 365. When disabled, only User and Global administrators can update profile photos for users.", + "addedComponent": [ + { + "type": "select", + "multiple": false, + "creatable": false, + "label": "Select value", + "name": "standards.ProfilePhotos.state", + "options": [ + { + "label": "Enabled", + "value": "enabled" + }, + { + "label": "Disabled", + "value": "disabled" + } + ] + } + ], + "label": "Allow users to set profile photos", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "Set-OrganizationConfig -ProfilePhotoOptions EnablePhotos and Update-MgBetaAdminPeople", + "recommendedBy": [] + }, { "name": "standards.PhishProtection", "cat": "Global Standards", @@ -69,25 +104,28 @@ "helpText": "Sets the branding for the tenant. This includes the login page, and the Office 365 portal.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.Branding.signInPageText", - "label": "Sign-in page text" + "label": "Sign-in page text", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.Branding.usernameHintText", - "label": "Username hint Text" + "label": "Username hint Text", + "required": false }, { - "type": "boolean", + "type": "switch", "name": "standards.Branding.hideAccountResetCredentials", "label": "Hide self-service password reset" }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "Visual Template", "name": "standards.Branding.layoutTemplateType", - "values": [ + "options": [ { "label": "Full-screen background", "value": "default" @@ -99,12 +137,12 @@ ] }, { - "type": "boolean", + "type": "switch", "name": "standards.Branding.isHeaderShown", "label": "Show header" }, { - "type": "boolean", + "type": "switch", "name": "standards.Branding.isFooterShown", "label": "Show footer" } @@ -186,10 +224,12 @@ "helpText": "Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, + "creatable": false, "label": "Select value", "name": "standards.ActivityBasedTimeout.timeout", - "values": [ + "options": [ { "label": "1 Hour", "value": "01:00:00" @@ -219,6 +259,64 @@ "powershellEquivalent": "Portal or Graph API", "recommendedBy": ["CIS"] }, + { + "name": "standards.AuthMethodsSettings", + "cat": "Entra (AAD) Standards", + "tag": ["lowimpact"], + "helpText": "Configures the report suspicious activity settings and system credential preferences in the authentication methods policy.", + "docsDescription": "Controls the authentication methods policy settings for reporting suspicious activity and system credential preferences. These settings help enhance the security of authentication in your organization.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": false, + "creatable": false, + "required": false, + "name": "standards.AuthMethodsSettings.ReportSuspiciousActivity", + "label": "Report Suspicious Activity Settings", + "options": [ + { + "label": "Microsoft managed", + "value": "default" + }, + { + "label": "Enabled", + "value": "enabled" + }, + { + "label": "Disabled", + "value": "disabled" + } + ] + }, + { + "type": "autoComplete", + "multiple": false, + "creatable": false, + "required": false, + "name": "standards.AuthMethodsSettings.SystemCredential", + "label": "System Credential Preferences", + "options": [ + { + "label": "Microsoft managed", + "value": "default" + }, + { + "label": "Enabled", + "value": "enabled" + }, + { + "label": "Disabled", + "value": "disabled" + } + ] + } + ], + "label": "Configure Authentication Methods Policy Settings", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicy", + "recommendedBy": [] + }, { "name": "standards.AppDeploy", "cat": "Entra (AAD) Standards", @@ -227,7 +325,7 @@ "docsDescription": "Uses the CIPP functionality that deploys applications across an entire tenant base as a standard.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.AppDeploy.appids", "label": "Application IDs, comma separated" } @@ -285,10 +383,12 @@ "docsDescription": "Sets the Authenticator Lite state to enabled. This allows users to use the Authenticator Lite built into the Outlook app instead of the full Authenticator app.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, + "creatable": false, "label": "Select value", "name": "standards.PWcompanionAppAllowedState.state", - "values": [ + "options": [ { "label": "Enabled", "value": "enabled" @@ -353,10 +453,12 @@ "docsDescription": "Enables Temporary Password generation for the tenant.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, + "creatable": false, "label": "Select TAP Lifetime", "name": "standards.TAP.config", - "values": [ + "options": [ { "label": "Only Once", "value": "true" @@ -394,10 +496,12 @@ "helpText": "Sets the state of the Cross-tenant access setting to trust external MFA. This allows guest users to use their home tenant MFA to access your tenant.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, + "creatable": false, "label": "Select value", "name": "standards.ExternalMFATrusted.state", - "values": [ + "options": [ { "label": "Enabled", "value": "true" @@ -455,10 +559,12 @@ "docsDescription": "Sets the state of the registration campaign for the tenant. If enabled nudges users to set up the Microsoft Authenticator during sign-in.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, + "creatable": false, "label": "Select value", "name": "standards.NudgeMFA.state", - "values": [ + "options": [ { "label": "Enabled", "value": "enabled" @@ -486,7 +592,7 @@ "name": "standards.DisableM365GroupUsers", "cat": "Entra (AAD) Standards", "tag": ["lowimpact"], - "helpText": "Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, Sharepoint sites, Planner, etc", + "helpText": "Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc", "docsDescription": "Users by default are allowed to create M365 groups. This restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc", "addedComponent": [], "label": "Disable M365 Group creation by users", @@ -539,9 +645,10 @@ "helpText": "This standard disables all self service licenses and enables all exclusions", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.DisableSelfServiceLicenses.Exclusions", - "label": "License Ids to exclude from this standard" + "label": "License Ids to exclude from this standard", + "required": false } ], "label": "Disable Self Service Licensing", @@ -570,9 +677,10 @@ "docsDescription": "Requires users to get administrator consent before sharing data with applications. You can preapprove specific applications.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.OauthConsent.AllowedApps", - "label": "Allowed application IDs, comma separated" + "label": "Allowed application IDs, comma separated", + "required": false } ], "label": "Require admin consent for applications (Prevent OAuth phishing)", @@ -593,6 +701,69 @@ "powershellEquivalent": "Update-MgPolicyAuthorizationPolicy", "recommendedBy": [] }, + { + "name": "standards.GuestInvite", + "cat": "Entra (AAD) Standards", + "tag": ["mediumimpact"], + "helpText": "This setting controls who can invite guests to your directory to collaborate on resources secured by your company, such as SharePoint sites or Azure resources.", + "addedComponent": [ + { + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, + "label": "Who can send invites?", + "name": "standards.GuestInvite.allowInvitesFrom", + "options": [ + { + "label": "Everyone", + "value": "everyone" + }, + { + "label": "Admins, Guest inviters and All Members", + "value": "adminsGuestInvitersAndAllMembers" + }, + { + "label": "Admins and Guest inviters", + "value": "adminsAndGuestInviters" + }, + { + "label": "None", + "value": "none" + } + ] + } + ], + "label": "Guest Invite setting", + "impact": "Medium Impact", + "impactColour": "warning", + "powershellEquivalent": "", + "recommendedBy": [] + }, + { + "name": "standards.StaleEntraDevices", + "cat": "Entra (AAD) Standards", + "tag": ["highimpact", "CIS"], + "helpText": "Cleans up Entra devices that have not connected/signed in for the specified number of days.", + "docsDescription": "Cleans up Entra devices that have not connected/signed in for the specified number of days. First disables and later deletes the devices. More info can be found in the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices)", + "addedComponent": [ + { + "type": "number", + "name": "standards.StaleEntraDevices.deviceAgeThreshold", + "label": "Days before stale(Dont set below 30)" + } + ], + "disabledFeatures": { + "report": false, + "warn": false, + "remediate": true + }, + "label": "Cleanup stale Entra devices", + "impact": "High Impact", + "impactColour": "danger", + "powershellEquivalent": "Remove-MgDevice, Update-MgDevice or Graph API", + "recommendedBy": [] + }, { "name": "standards.UndoOauth", "cat": "Entra (AAD) Standards", @@ -689,7 +860,7 @@ "docsDescription": "Sets the e-mail address to which outbound spam alerts are sent.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.OutBoundSpamAlert.OutboundSpamContact", "label": "Outbound spam contact" } @@ -721,10 +892,11 @@ "docsDescription": "Sets the global quarantine notification interval for the tenant. This is the time between the quarantine notification emails are sent out to users. Default is 24 hours.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.GlobalQuarantineNotifications.NotificationInterval", - "values": [ + "options": [ { "label": "4 hours", "value": "04:00:00" @@ -767,10 +939,11 @@ "docsDescription": "Sets the default Focused Inbox state for the tenant. This can be overridden by the user in their Outlook settings. For more information, see [Microsoft's documentation.](https://support.microsoft.com/en-us/office/focused-inbox-for-outlook-f445ad7f-02f4-4294-a82e-71d8964e3978)", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.FocusedInbox.state", - "values": [ + "options": [ { "label": "Enabled", "value": "enabled" @@ -796,10 +969,11 @@ "docsDescription": "Sets the default state for Cloud Message Recall for the tenant. By default this is enabled. You can read more about the feature [here.](https://techcommunity.microsoft.com/t5/exchange-team-blog/cloud-based-message-recall-in-exchange-online/ba-p/3744714)", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.CloudMessageRecall.state", - "values": [ + "options": [ { "label": "Enabled", "value": "true" @@ -862,10 +1036,11 @@ "docsDescription": "Adds or removes indicators to e-mail messages received from external senders in Outlook. You can read more about this feature on [Microsoft's Exchange Team Blog.](https://techcommunity.microsoft.com/t5/exchange-team-blog/native-external-sender-callouts-on-email-in-outlook/ba-p/2250098)", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.SpoofWarn.state", - "values": [ + "options": [ { "label": "Enabled", "value": "enabled" @@ -880,7 +1055,7 @@ "label": "Enable or disable 'external' warning in Outlook", "impact": "Low Impact", "impactColour": "info", - "powershellEquivalent": "et-ExternalInOutlook –Enabled $true or $false", + "powershellEquivalent": "et-ExternalInOutlook \u2013Enabled $true or $false", "recommendedBy": ["CIS"] }, { @@ -910,10 +1085,11 @@ "helpText": "Sets the default state for automatically turning meetings into Teams meetings for the tenant. This can be overridden by the user in Outlook.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.TeamsMeetingsByDefault.state", - "values": [ + "options": [ { "label": "Enabled", "value": "true" @@ -1019,10 +1195,11 @@ }, "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select Sharing Level", "name": "standards.calDefault.permissionlevel", - "values": [ + "options": [ { "label": "Owner - The user can create, read, edit, and delete all items in the folder, and create subfolders. The user is both folder owner and folder contact.", "value": "Owner" @@ -1089,6 +1266,18 @@ "powershellEquivalent": "Get-SharingPolicy | Set-SharingPolicy -Enabled $False", "recommendedBy": ["CIS"] }, + { + "name": "standardsAutoAddProxy", + "cat": "Exchange Standards", + "tag": ["lowimpact", "CIS"], + "helpText": "Automatically adds all available domains as a proxy address.", + "docsDescription": "Automatically finds all available domain names in the tenant, and tries to add proxyaddresses based on the users UPN to each of these.", + "addedComponent": [], + "label": "Automatically deploy proxy addresses", + "impact": "Medium Impact", + "impactColour": "warning", + "powershellEquivalent": "set-mailbox -emailaddresses @{add=$emailaddress}" + }, { "name": "standards.DisableAdditionalStorageProviders", "cat": "Exchange Standards", @@ -1109,10 +1298,11 @@ "helpText": "Sets the shorten meetings settings on a tenant level. This will shorten meetings by the selected amount of minutes. Valid values are 0 to 29. Short meetings are under 60 minutes, long meetings are over 60 minutes.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.ShortenMeetings.ShortenEventScopeDefault", - "values": [ + "options": [ { "label": "Disabled/None", "value": "None" @@ -1154,10 +1344,11 @@ "docsDescription": "", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.Bookings.state", - "values": [ + "options": [ { "label": "Enabled", "value": "true" @@ -1211,7 +1402,13 @@ "tag": ["mediumimpact"], "helpText": "Sets emails sent as and on behalf of shared mailboxes to also be stored in the shared mailbox sent items folder", "docsDescription": "This makes sure that e-mails sent from shared mailboxes or delegate mailboxes, end up in the mailbox of the shared/delegate mailbox instead of the sender, allowing you to keep replies in the same mailbox as the original e-mail.", - "addedComponent": [], + "addedComponent": [ + { + "type": "switch", + "label": "Include user mailboxes", + "name": "standards.DelegateSentItems.IncludeUserMailboxes" + } + ], "label": "Set mailbox Sent Items delegation (Sent items for shared mailboxes)", "impact": "Medium Impact", "impactColour": "warning", @@ -1239,10 +1436,11 @@ "docsDescription": "Set the state of the built-in Report button in Outlook. This gives the users the ability to report emails as spam or phish.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select value", "name": "standards.UserSubmissions.state", - "values": [ + "options": [ { "label": "Enabled", "value": "enable" @@ -1254,8 +1452,9 @@ ] }, { - "type": "input", + "type": "textField", "name": "standards.UserSubmissions.email", + "required": false, "label": "Destination email address" } ], @@ -1281,7 +1480,12 @@ { "name": "standards.EXODisableAutoForwarding", "cat": "Exchange Standards", - "tag": ["highimpact", "CIS", "mdo_autoforwardingmode", "mdo_blockmailforward"], + "tag": [ + "highimpact", + "CIS", + "mdo_autoforwardingmode", + "mdo_blockmailforward" + ], "helpText": "Disables the ability for users to automatically forward e-mails to external recipients.", "docsDescription": "Disables the ability for users to automatically forward e-mails to external recipients. This is to prevent data exfiltration. Please check if there are any legitimate use cases for this feature before implementing, like forwarding invoices and such.", "addedComponent": [], @@ -1291,6 +1495,26 @@ "powershellEquivalent": "Set-HostedOutboundSpamFilterPolicy -AutoForwardingMode 'Off'", "recommendedBy": ["CIS"] }, + { + "name": "standards.RetentionPolicyTag", + "cat": "Exchange Standards", + "tag": ["highimpact"], + "helpText": "Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.", + "docsDescription": "Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.", + "addedComponent": [ + { + "type": "number", + "name": "standards.RetentionPolicyTag.AgeLimitForRetention", + "label": "Retention Days", + "required": true + } + ], + "label": "Retention Policy, permanently delete items in Deleted Items after X days", + "impact": "High Impact", + "impactColour": "danger", + "powershellEquivalent": "Set-RetentionPolicyTag", + "recommendedBy": [] + }, { "name": "standards.QuarantineRequestAlert", "cat": "Defender Standards", @@ -1299,7 +1523,7 @@ "docsDescription": "Sets a e-mail address to alert when a User requests to release a quarantined message. This is useful for monitoring and ensuring that the correct messages are released.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.QuarantineRequestAlert.NotifyUser", "label": "E-mail to receive the alert" } @@ -1313,21 +1537,26 @@ { "name": "standards.SafeLinksPolicy", "cat": "Defender Standards", - "tag": ["lowimpact", "CIS", "mdo_safelinksforemail", "mdo_safelinksforOfficeApps"], + "tag": [ + "lowimpact", + "CIS", + "mdo_safelinksforemail", + "mdo_safelinksforOfficeApps" + ], "helpText": "This creates a safelink policy that automatically scans, tracks, and and enables safe links for Email, Office, and Teams for both external and internal senders", "addedComponent": [ { - "type": "boolean", + "type": "switch", "label": "AllowClickThrough", "name": "standards.SafeLinksPolicy.AllowClickThrough" }, { - "type": "boolean", + "type": "switch", "label": "DisableUrlRewrite", "name": "standards.SafeLinksPolicy.DisableUrlRewrite" }, { - "type": "boolean", + "type": "switch", "label": "EnableOrganizationBranding", "name": "standards.SafeLinksPolicy.EnableOrganizationBranding" } @@ -1361,34 +1590,35 @@ "default": 1 }, { - "type": "boolean", + "type": "switch", "label": "Show first contact safety tip", "name": "standards.AntiPhishPolicy.EnableFirstContactSafetyTips", "default": true }, { - "type": "boolean", + "type": "switch", "label": "Show user impersonation safety tip", "name": "standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips", "default": true }, { - "type": "boolean", + "type": "switch", "label": "Show domain impersonation safety tip", "name": "standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips", "default": true }, { - "type": "boolean", + "type": "switch", "label": "Show user impersonation unusual characters safety tip", "name": "standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips", "default": true }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "If the message is detected as spoof by spoof intelligence", "name": "standards.AntiPhishPolicy.AuthenticationFailAction", - "values": [ + "options": [ { "label": "Quarantine the message", "value": "Quarantine" @@ -1400,10 +1630,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "Quarantine policy for Spoof", "name": "standards.AntiPhishPolicy.SpoofQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1419,10 +1650,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "If a message is detected as user impersonation", "name": "standards.AntiPhishPolicy.TargetedUserProtectionAction", - "values": [ + "options": [ { "label": "Move to Junk Folder", "value": "MoveToJmf" @@ -1438,10 +1670,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "Quarantine policy for user impersonation", "name": "standards.AntiPhishPolicy.TargetedUserQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1457,10 +1690,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "If a message is detected as domain impersonation", "name": "standards.AntiPhishPolicy.TargetedDomainProtectionAction", - "values": [ + "options": [ { "label": "Move to Junk Folder", "value": "MoveToJmf" @@ -1476,10 +1710,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "Quarantine policy for domain impersonation", "name": "standards.AntiPhishPolicy.TargetedDomainQuarantineTag", - "values": [ + "options": [ { "label": "DefaultFullAccessWithNotificationPolicy", "value": "DefaultFullAccessWithNotificationPolicy" @@ -1495,10 +1730,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "If Mailbox Intelligence detects an impersonated user", "name": "standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction", - "values": [ + "options": [ { "label": "Move to Junk Folder", "value": "MoveToJmf" @@ -1514,10 +1750,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "Apply quarantine policy", "name": "standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1552,10 +1789,11 @@ "helpText": "This creates a Safe Attachment policy", "addedComponent": [ { - "type": "Select", - "label": "Action", - "name": "standards.SafeAttachmentPolicy.Action", - "values": [ + "type": "select", + "multiple": false, + "label": "Safe Attachment Action", + "name": "standards.SafeAttachmentPolicy.SafeAttachmentAction", + "options": [ { "label": "Allow", "value": "Allow" @@ -1571,10 +1809,11 @@ ] }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "QuarantineTag", "name": "standards.SafeAttachmentPolicy.QuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1590,14 +1829,15 @@ ] }, { - "type": "boolean", + "type": "switch", "label": "Redirect", "name": "standards.SafeAttachmentPolicy.Redirect" }, { - "type": "input", + "type": "textField", "name": "standards.SafeAttachmentPolicy.RedirectAddress", - "label": "Redirect Address" + "label": "Redirect Address", + "required": false } ], "label": "Default Safe Attachment Policy", @@ -1610,13 +1850,14 @@ "name": "standards.AtpPolicyForO365", "cat": "Defender Standards", "tag": ["lowimpact", "CIS"], - "helpText": "This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams.", + "helpText": "This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams.", "addedComponent": [ { - "type": "boolean", + "type": "switch", "label": "Allow people to click through Protected View even if Safe Documents identified the file as malicious", "name": "standards.AtpPolicyForO365.AllowSafeDocsOpen", - "default": false + "default": false, + "required": false } ], "label": "Default Atp Policy For O365", @@ -1628,14 +1869,21 @@ { "name": "standards.MalwareFilterPolicy", "cat": "Defender Standards", - "tag": ["lowimpact", "CIS", "mdo_zapspam", "mdo_zapphish", "mdo_zapmalware"], + "tag": [ + "lowimpact", + "CIS", + "mdo_zapspam", + "mdo_zapphish", + "mdo_zapmalware" + ], "helpText": "This creates a Malware filter policy that enables the default File filter and Zero-hour auto purge for malware.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "FileTypeAction", "name": "standards.MalwareFilterPolicy.FileTypeAction", - "values": [ + "options": [ { "label": "Reject", "value": "Reject" @@ -1647,15 +1895,17 @@ ] }, { - "type": "input", + "type": "textField", "name": "standards.MalwareFilterPolicy.OptionalFileTypes", + "required": false, "label": "Optional File Types, Comma separated" }, { - "type": "Select", + "type": "select", + "multiple": false, "label": "QuarantineTag", "name": "standards.MalwareFilterPolicy.QuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1671,23 +1921,27 @@ ] }, { - "type": "boolean", + "type": "switch", "label": "Enable Internal Sender Admin Notifications", + "required": false, "name": "standards.MalwareFilterPolicy.EnableInternalSenderAdminNotifications" }, { - "type": "input", + "type": "textField", "name": "standards.MalwareFilterPolicy.InternalSenderAdminAddress", + "required": false, "label": "Internal Sender Admin Address" }, { - "type": "boolean", + "type": "switch", "label": "Enable External Sender Admin Notifications", + "required": false, "name": "standards.MalwareFilterPolicy.EnableExternalSenderAdminNotifications" }, { - "type": "input", + "type": "textField", "name": "standards.MalwareFilterPolicy.ExternalSenderAdminAddress", + "required": false, "label": "External Sender Admin Address" } ], @@ -1710,10 +1964,13 @@ "default": 7 }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "Spam Action", "name": "standards.SpamFilterPolicy.SpamAction", - "values": [ + "options": [ { "label": "Quarantine the message", "value": "Quarantine" @@ -1725,10 +1982,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "Spam Quarantine Tag", "name": "standards.SpamFilterPolicy.SpamQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1744,10 +2004,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "High Confidence Spam Action", "name": "standards.SpamFilterPolicy.HighConfidenceSpamAction", - "values": [ + "options": [ { "label": "Quarantine the message", "value": "Quarantine" @@ -1759,10 +2022,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "High Confidence Spam Quarantine Tag", "name": "standards.SpamFilterPolicy.HighConfidenceSpamQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1778,10 +2044,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "Bulk Spam Action", "name": "standards.SpamFilterPolicy.BulkSpamAction", - "values": [ + "options": [ { "label": "Quarantine the message", "value": "Quarantine" @@ -1793,10 +2062,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "Bulk Quarantine Tag", "name": "standards.SpamFilterPolicy.BulkQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1812,10 +2084,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "Phish Spam Action", "name": "standards.SpamFilterPolicy.PhishSpamAction", - "values": [ + "options": [ { "label": "Quarantine the message", "value": "Quarantine" @@ -1827,10 +2102,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "Phish Quarantine Tag", "name": "standards.SpamFilterPolicy.PhishQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1846,10 +2124,13 @@ ] }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "label": "High Confidence Phish Quarantine Tag", "name": "standards.SpamFilterPolicy.HighConfidencePhishQuarantineTag", - "values": [ + "options": [ { "label": "AdminOnlyAccessPolicy", "value": "AdminOnlyAccessPolicy" @@ -1896,54 +2177,63 @@ "helpText": "Sets the branding profile for the Intune Company Portal app. This is a tenant wide setting and overrules any settings set on the app level.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.displayName", - "label": "Organization name" + "label": "Organization name", + "required": false }, { - "type": "boolean", + "type": "switch", "name": "standards.intuneBrandingProfile.showLogo", "label": "Show logo" }, { - "type": "boolean", + "type": "switch", "name": "standards.intuneBrandingProfile.showDisplayNameNextToLogo", - "label": "Show organization name next to logo" + "label": "Show organization name next to logo", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.contactITName", - "label": "Contact IT name" + "label": "Contact IT name", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.contactITPhoneNumber", - "label": "Contact IT phone number" + "label": "Contact IT phone number", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.contactITEmailAddress", - "label": "Contact IT email address" + "label": "Contact IT email address", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.contactITNotes", - "label": "Contact IT notes" + "label": "Contact IT notes", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.onlineSupportSiteName", - "label": "Online support site name" + "label": "Online support site name", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.onlineSupportSiteUrl", - "label": "Online support site URL" + "label": "Online support site URL", + "required": false }, { - "type": "input", + "type": "textField", "name": "standards.intuneBrandingProfile.privacyUrl", - "label": "Privacy statement URL" + "label": "Privacy statement URL", + "required": false } ], "label": "Set Intune Company Portal branding profile", @@ -1952,6 +2242,42 @@ "powershellEquivalent": "Graph API", "recommendedBy": [] }, + { + "name": "standards.IntuneComplianceSettings", + "cat": "Intune Standards", + "tag": ["lowimpact"], + "helpText": "Sets the mark devices with no compliance policy assigned as compliance/non compliant and Compliance status validity period.", + "addedComponent": [ + { + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, + "name": "standards.IntuneComplianceSettings.secureByDefault", + "label": "Mark devices with no compliance policy as", + "options": [ + { + "label": "Compliant", + "value": "false" + }, + { + "label": "Non-Compliant", + "value": "true" + } + ] + }, + { + "type": "number", + "name": "standards.IntuneComplianceSettings.deviceComplianceCheckinThresholdDays", + "label": "Compliance status validity period (days)" + } + ], + "label": "Set Intune Compliance Settings", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "", + "recommendedBy": [] + }, { "name": "standards.intuneDeviceReg", "cat": "Intune Standards", @@ -1989,10 +2315,11 @@ "docsDescription": "When a OneDrive user gets deleted, the personal SharePoint site is saved for selected amount of time that data can be retrieved from it.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "name": "standards.DeletedUserRentention.Days", "label": "Retention time (Default 30 days)", - "values": [ + "options": [ { "label": "30 days", "value": "30" @@ -2159,10 +2486,12 @@ "helpText": "If disabled, the button Add shortcut to OneDrive will be removed and users in the tenant will no longer be able to add new shortcuts to their OneDrive. Existing shortcuts will remain functional", "addedComponent": [ { - "type": "Select", + "type": "autoComplete", + "multiple": false, + "creatable": false, "label": "Add Shortcuts To OneDrive button state", "name": "standards.DisableAddShortcutsToOneDrive.state", - "values": [ + "options": [ { "label": "Disabled", "value": "true" @@ -2187,10 +2516,12 @@ "helpText": "If disabled, users in the tenant will no longer be able to use the Sync button to sync SharePoint content on all sites. However, existing synced content will remain functional on the user's computer.", "addedComponent": [ { - "type": "Select", + "type": "autoComplete", + "multiple": false, + "creatable": false, "label": "SharePoint Sync Button state", "name": "standards.SPSyncButtonState.state", - "values": [ + "options": [ { "label": "Disabled", "value": "true" @@ -2225,13 +2556,14 @@ "name": "standards.sharingCapability", "cat": "SharePoint Standards", "tag": ["highimpact", "CIS"], - "helpText": "Sets the default sharing level for OneDrive and Sharepoint. This is a tenant wide setting and overrules any settings set on the site level", + "helpText": "Sets the default sharing level for OneDrive and SharePoint. This is a tenant wide setting and overrules any settings set on the site level", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "label": "Select Sharing Level", "name": "standards.sharingCapability.Level", - "values": [ + "options": [ { "label": "Users can share only with people in the organization. No external sharing is allowed.", "value": "disabled" @@ -2251,7 +2583,7 @@ ] } ], - "label": "Set Sharing Level for OneDrive and Sharepoint", + "label": "Set Sharing Level for OneDrive and SharePoint", "impact": "High Impact", "impactColour": "danger", "powershellEquivalent": "Update-MgBetaAdminSharepointSetting", @@ -2290,7 +2622,7 @@ "helpText": "Sets the file extensions that are excluded from syncing with OneDrive. These files will be blocked from upload. '*.' is automatically added to the extension and can be omitted.", "addedComponent": [ { - "type": "input", + "type": "textField", "name": "standards.ExcludedfileExt.ext", "label": "Extensions, Comma separated" } @@ -2332,10 +2664,11 @@ "helpText": "Restricts sharing to only users with the specified domain. This is useful for organizations that only want to share with their own domain.", "addedComponent": [ { - "type": "Select", + "type": "select", + "multiple": false, "name": "standards.sharingDomainRestriction.Mode", "label": "Limit external sharing by domains", - "values": [ + "options": [ { "label": "Off", "value": "none" @@ -2351,9 +2684,10 @@ ] }, { - "type": "input", + "type": "textField", "name": "standards.sharingDomainRestriction.Domains", - "label": "Domains to allow/block, comma separated" + "label": "Domains to allow/block, comma separated", + "required": false } ], "label": "Restrict sharing to a specific domain", @@ -2369,10 +2703,13 @@ "helpText": "Defines the CIS recommended global meeting policy for Teams. This includes AllowAnonymousUsersToJoinMeeting, AllowAnonymousUsersToStartMeeting, AutoAdmittedUsers, AllowPSTNUsersToBypassLobby, MeetingChatEnabledType, DesignatedPresenterRoleMode, AllowExternalParticipantGiveRequestControl", "addedComponent": [ { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "name": "standards.TeamsGlobalMeetingPolicy.DesignatedPresenterRoleMode", "label": "Default value of the `Who can present?`", - "values": [ + "options": [ { "label": "EveryoneUserOverride", "value": "EveryoneUserOverride" @@ -2390,6 +2727,33 @@ "value": "OrganizerOnlyUserOverride" } ] + }, + { + "type": "switch", + "name": "standards.TeamsGlobalMeetingPolicy.AllowAnonymousUsersToJoinMeeting", + "label": "Allow anonymous users to join meeting" + }, + { + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, + "name": "standards.TeamsGlobalMeetingPolicy.MeetingChatEnabledType", + "label": "Meeting chat policy", + "options": [ + { + "label": "On for everyone", + "value": "Enabled" + }, + { + "label": "On for everyone but anonymous users", + "value": "EnabledExceptAnonymous" + }, + { + "label": "Off for everyone", + "value": "Disabled" + } + ] } ], "label": "Define Global Meeting Policy for Teams", @@ -2406,7 +2770,7 @@ "docsDescription": "Teams channel email addresses are an optional feature that allows users to email the Teams channel directly.", "addedComponent": [ { - "type": "boolean", + "type": "switch", "name": "standards.TeamsEmailIntegration.AllowEmailIntoChannel", "label": "Allow channel emails" } @@ -2424,27 +2788,27 @@ "helpText": "Ensure external file sharing in Teams is enabled for only approved cloud storage services.", "addedComponent": [ { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalFileSharing.AllowGoogleDrive", "label": "Allow Google Drive" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalFileSharing.AllowShareFile", "label": "Allow ShareFile" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalFileSharing.AllowBox", "label": "Allow Box" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalFileSharing.AllowDropBox", "label": "Allow Dropbox" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalFileSharing.AllowEgnyte", "label": "Allow Egnyte" } @@ -2455,6 +2819,38 @@ "powershellEquivalent": "Set-CsTeamsClientConfiguration -AllowGoogleDrive $false -AllowShareFile $false -AllowBox $false -AllowDropBox $false -AllowEgnyte $false", "recommendedBy": ["CIS 3.0"] }, + { + "name": "standards.TeamsEnrollUser", + "cat": "Teams Standards", + "tag": ["lowimpact"], + "helpText": "Controls whether users with this policy can set the voice profile capture and enrollment through the Recognition tab in their Teams client settings.", + "docsDescription": "Controls whether users with this policy can set the voice profile capture and enrollment through the Recognition tab in their Teams client settings.", + "addedComponent": [ + { + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, + "name": "standards.TeamsEnrollUser.EnrollUserOverride", + "label": "Voice and Face Enrollment", + "options": [ + { + "label": "Disabled", + "value": "Disabled" + }, + { + "label": "Enabled", + "value": "Enabled" + } + ] + } + ], + "label": "Default voice and face enrollment", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "Set-CsTeamsMeetingPolicy -Identity Global -EnrollUserOverride $false", + "recommendedBy": [] + }, { "name": "standards.TeamsExternalAccessPolicy", "cat": "Teams Standards", @@ -2463,17 +2859,17 @@ "docsDescription": "Sets the properties of the Global external access policy. External access policies determine whether or not your users can: 1) communicate with users who have Session Initiation Protocol (SIP) accounts with a federated organization; 2) communicate with users who are using custom applications built with Azure Communication Services; 3) access Skype for Business Server over the Internet, without having to log on to your internal network; 4) communicate with users who have SIP accounts with a public instant messaging (IM) provider such as Skype; and, 5) communicate with people who are using Teams with an account that's not managed by an organization.", "addedComponent": [ { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalAccessPolicy.EnableFederationAccess", "label": "Allow communication from trusted organizations" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalAccessPolicy.EnablePublicCloudAccess", "label": "Allow user to communicate with Skype users" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsExternalAccessPolicy.EnableTeamsConsumerAccess", "label": "Allow communication with unmanaged Teams accounts" } @@ -2492,20 +2888,23 @@ "docsDescription": "Sets the properties of the Global federation configuration. Federation configuration settings determine whether or not your users can communicate with users who have SIP accounts with a federated organization.", "addedComponent": [ { - "type": "boolean", + "type": "switch", "name": "standards.TeamsFederationConfiguration.AllowTeamsConsumer", "label": "Allow users to communicate with other organizations" }, { - "type": "boolean", + "type": "switch", "name": "standards.TeamsFederationConfiguration.AllowPublicUsers", "label": "Allow users to communicate with Skype Users" }, { - "type": "Select", + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, "name": "standards.TeamsFederationConfiguration.DomainControl", "label": "Communication Mode", - "values": [ + "options": [ { "label": "Allow all external domains", "value": "AllowAllExternal" @@ -2525,9 +2924,10 @@ ] }, { - "type": "input", + "type": "textField", "name": "standards.TeamsFederationConfiguration.DomainList", - "label": "Domains, Comma separated" + "label": "Domains, Comma separated", + "required": false } ], "label": "Federation Configuration for Microsoft Teams", @@ -2535,5 +2935,424 @@ "impactColour": "warning", "powershellEquivalent": "Set-CsTenantFederationConfiguration", "recommendedBy": [] + }, + { + "name": "standards.TeamsMessagingPolicy", + "cat": "Teams Standards", + "tag": ["mediumimpact"], + "helpText": "Sets the properties of the Global messaging policy.", + "docsDescription": "Sets the properties of the Global messaging policy. Messaging policies control which chat and channel messaging features are available to users in Teams.", + "addedComponent": [ + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.AllowOwnerDeleteMessage", + "label": "Allow Owner to Delete Messages", + "default": false + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.AllowUserDeleteMessage", + "label": "Allow User to Delete Messages", + "default": true + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.AllowUserEditMessage", + "label": "Allow User to Edit Messages", + "default": true + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.AllowUserDeleteChat", + "label": "Allow User to Delete Chats", + "default": true + }, + { + "type": "autoComplete", + "required": true, + "multiple": false, + "creatable": false, + "name": "standards.TeamsMessagingPolicy.ReadReceiptsEnabledType", + "label": "Read Receipts Enabled Type", + "options": [ + { + "label": "User controlled", + "value": "UserPreference" + }, + { + "label": "Turned on for everyone", + "value": "Everyone" + }, + { + "label": "Turned off for everyone", + "value": "None" + } + ] + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.CreateCustomEmojis", + "label": "Allow Creating Custom Emojis", + "default": true + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.DeleteCustomEmojis", + "label": "Allow Deleting Custom Emojis", + "default": false + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.AllowSecurityEndUserReporting", + "label": "Allow reporting message as security concern", + "default": true + }, + { + "type": "switch", + "name": "standards.TeamsMessagingPolicy.AllowCommunicationComplianceEndUserReporting", + "label": "Allow reporting message as inappropriate content", + "default": true + } + ], + "label": "Global Messaging Policy for Microsoft Teams", + "impact": "Medium Impact", + "impactColour": "warning", + "powershellEquivalent": "Set-CsTeamsMessagingPolicy", + "recommendedBy": [] + }, + { + "name": "standards.AutopilotStatusPage", + "cat": "Device Management Standards", + "tag": ["lowimpact"], + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "helpText": "Deploy the Autopilot Status Page, which shows progress during device setup through Autopilot.", + "docsDescription": "This standard allows configuration of the Autopilot Status Page, providing users with a visual representation of the progress during device setup. It includes options like timeout, logging, and retry settings.", + "addedComponent": [ + { + "type": "number", + "name": "standards.AutopilotStatusPage.TimeOutInMinutes", + "label": "Timeout in minutes", + "default": 60 + }, + { + "type": "textField", + "name": "standards.AutopilotStatusPage.ErrorMessage", + "label": "Custom Error Message" + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.ShowProgress", + "label": "Show progress to users", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.EnableLog", + "label": "Turn on log collection", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.OBEEOnly", + "label": "Show status page only with OOBE setup", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.BlockDevice", + "label": "Block device usage during setup", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.AllowRetry", + "label": "Allow retry", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.AllowReset", + "label": "Allow reset", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotStatusPage.AllowFail", + "label": "Allow users to use device if setup fails", + "default": true + } + ], + "label": "Enable Autopilot Status Page", + "impact": "Low Impact", + "impactColour": "info", + "recommendedBy": [] + }, + { + "name": "standards.AutopilotProfile", + "cat": "Device Management Standards", + "tag": ["lowimpact"], + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "helpText": "Assign the appropriate Autopilot profile to streamline device deployment.", + "docsDescription": "This standard allows the deployment of Autopilot profiles to devices, including settings such as unique name templates, language options, and local admin privileges.", + "addedComponent": [ + { + "type": "textField", + "name": "standards.AutopilotProfile.DisplayName", + "label": "Profile Display Name" + }, + { + "type": "textField", + "name": "standards.AutopilotProfile.Description", + "label": "Profile Description" + }, + { + "type": "textField", + "name": "standards.AutopilotProfile.DeviceNameTemplate", + "label": "Unique Device Name Template" + }, + { + "type": "autoComplete", + "multiple": false, + "creatable": false, + "name": "standards.AutopilotProfile.Languages", + "label": "Languages", + "api": { + "url": "/languageList.json", + "labelField": "language", + "valueField": "tag" + } + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.CollectHash", + "label": "Convert all targeted devices to Autopilot", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.AssignToAllDevices", + "label": "Assign to all devices", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.SelfDeployingMode", + "label": "Enable Self-deploying Mode", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.HideTerms", + "label": "Hide Terms and Conditions", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.HidePrivacy", + "label": "Hide Privacy Settings", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.HideChangeAccount", + "label": "Hide Change Account Options", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.NotLocalAdmin", + "label": "Setup user as a standard user (not local admin)", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.AllowWhiteGlove", + "label": "Allow White Glove OOBE", + "default": true + }, + { + "type": "switch", + "name": "standards.AutopilotProfile.AutoKeyboard", + "label": "Automatically configure keyboard", + "default": true + } + ], + "label": "Enable Autopilot Profile", + "impact": "Low Impact", + "impactColour": "info", + "recommendedBy": [] + }, + { + "name": "standards.IntuneTemplate", + "cat": "Templates", + "label": "Intune Template", + "multiple": true, + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "impact": "High", + "helpText": "Deploy and manage Intune templates across devices.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": false, + "creatable": false, + "name": "TemplateList", + "label": "Select Intune Template", + "api": { + "url": "/api/ListIntuneTemplates", + "labelField": "Displayname", + "valueField": "GUID", + "queryKey": "languages" + } + }, + { + "name": "AssignTo", + "label": "Who should this template be assigned to?", + "type": "radio", + "options": [ + { "label": "Do not assign", "value": "On" }, + { "label": "Assign to all users", "value": "allLicensedUsers" }, + { "label": "Assign to all devices", "value": "AllDevices" }, + { + "label": "Assign to all users and devices", + "value": "AllDevicesAndUsers" + }, + { "label": "Assign to Custom Group", "value": "customGroup" } + ] + }, + { + "type": "textField", + "required": false, + "name": "customGroup", + "label": "Enter the custom group name if you selected 'Assign to Custom Group'. Wildcards are allowed." + } + ] + }, + { + "name": "standards.TransportRuleTemplate", + "label": "Transport Rule Template", + "cat": "Templates", + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "impact": "Medium", + "helpText": "Deploy transport rules to manage email flow.", + "addedComponent": [ + { + "type": "autoComplete", + "name": "transportRuleTemplate", + "label": "Select Transport Rule Template", + "api": { + "url": "/api/ListTransportRulesTemplates", + "labelField": "name", + "valueField": "GUID", + "queryKey": "ListTransportRulesTemplates" + } + } + ] + }, + { + "name": "standards.ConditionalAccessTemplate", + "label": "Conditional Access Template", + "cat": "Templates", + "multiple": true, + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "impact": "High", + "helpText": "Manage conditional access policies for better security.", + "addedComponent": [ + { + "type": "autoComplete", + "name": "TemplateList", + "multiple": false, + "label": "Select Conditional Access Template", + "api": { + "url": "/api/ListCATemplates", + "labelField": "displayName", + "valueField": "GUID", + "queryKey": "ListCATemplates" + } + }, + { + "name": "state", + "label": "What state should we deploy this template in?", + "type": "radio", + "options": [ + { "value": "donotchange", "label": "Do not change state" }, + { "value": "Enabled", "label": "Set to enabled" }, + { "value": "Disabled", "label": "Set to disabled" }, + { + "value": "enabledForReportingButNotEnforced", + "label": "Set to report only" + } + ] + } + ] + }, + { + "name": "standards.ExchangeConnectorTemplate", + "label": "Exchange Connector Template", + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "impact": "Medium", + "helpText": "Deploy and manage Exchange connectors.", + "addedComponent": [ + { + "type": "autoComplete", + "name": "exConnectorTemplate", + "label": "Select Exchange Connector Template", + "api": { + "url": "/api/ListExConnectorTemplates", + "labelField": "name", + "valueField": "GUID", + "queryKey": "ListExConnectorTemplates" + } + } + ] + }, + { + "name": "standards.GroupTemplate", + "label": "Group Template", + "multi": true, + "cat": "Templates", + "disabledFeatures": { + "report": true, + "warn": true, + "remediate": false + }, + "impact": "Medium", + "helpText": "Deploy and manage group templates.", + "addedComponent": [ + { + "type": "autoComplete", + "name": "groupTemplate", + "label": "Select Group Template", + "api": { + "url": "/api/ListGroupTemplates", + "labelField": "Displayname", + "valueField": "GUID", + "queryKey": "ListGroupTemplates" + } + } + ] } ] diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsSettings.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsSettings.ps1 new file mode 100644 index 000000000000..b379d603c4b4 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsSettings.ps1 @@ -0,0 +1,98 @@ +function Invoke-CIPPStandardAuthMethodsSettings { + <# + .FUNCTIONALITY + Internal + .COMPONENT + (APIName) AuthMethodsSettings + .SYNOPSIS + (Label) Configure Authentication Methods Policy Settings + .DESCRIPTION + (Helptext) Configures the report suspicious activity settings and system credential preferences in the authentication methods policy + (DocsDescription) This standard allows you to configure the reportSuspiciousActivitySettings and systemCredentialPreferences properties within the authentication methods policy. + .NOTES + CAT + Entra Standards + TAG + "lowimpact" + ADDEDCOMPONENT + {"type":"autoComplete","multiple":false,"name":"standards.AuthMethodsSettings.ReportSuspiciousActivity","label":"Report Suspicious Activity Settings","options":[{"label":"Default","value":"default"},{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + {"type":"autoComplete","multiple":false,"name":"standards.AuthMethodsSettings.SystemCredential","label":"System Credential Preferences","options":[{"label":"Default","value":"default"},{"label":"Enabled","value":"enabled"},{"label":"Disabled","value":"disabled"}]} + IMPACT + Low Impact + POWERSHELLEQUIVALENT + Update-MgBetaPolicyAuthenticationMethodPolicy + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/global-standards#low-impact + #> + + param($Tenant, $Settings) + + Write-Host 'Time to run' + # Get current authentication methods policy + try { + $CurrentPolicy = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -tenantid $Tenant -AsApp $true + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Failed to get authentication methods policy' -sev Error -LogData $ErrorMessage + return + } + + if ($Settings.report -eq $true) { + Add-CIPPBPAField -FieldName 'ReportSuspiciousActivity' -FieldValue $CurrentPolicy.reportSuspiciousActivitySettings.state -StoreAs string -Tenant $tenant + Add-CIPPBPAField -FieldName 'SystemCredential' -FieldValue $CurrentPolicy.systemCredentialPreferences.state -StoreAs string -Tenant $tenant + } + # Set wanted states + $ReportSuspiciousActivityState = $Settings.ReportSuspiciousActivity.value ?? $Settings.ReportSuspiciousActivity + $SystemCredentialState = $Settings.SystemCredential.value ?? $Settings.SystemCredential + + # Input validation + $ValidStates = @('default', 'enabled', 'disabled') + if (($Settings.remediate -eq $true -or $Settings.alert -eq $true) -and + ($ReportSuspiciousActivityState -notin $ValidStates -or $SystemCredentialState -notin $ValidStates)) { + Write-Host "ReportSuspiciousActivity: $($ReportSuspiciousActivityState)" + Write-Host "SystemCredential: $($SystemCredentialState)" + Write-LogMessage -API 'Standards' -tenant $tenant -message 'AuthMethodsPolicy: Invalid state parameter set' -sev Error + return + } + + + + # Check if states are set correctly + $ReportSuspiciousActivityCorrect = if ($CurrentPolicy.reportSuspiciousActivitySettings.state -eq $ReportSuspiciousActivityState) { $true } else { $false } + $SystemCredentialCorrect = if ($CurrentPolicy.systemCredentialPreferences.state -eq $SystemCredentialState) { $true } else { $false } + $StateSetCorrectly = $ReportSuspiciousActivityCorrect -and $SystemCredentialCorrect + + if ($Settings.remediate -eq $true) { + Write-Host 'Time to remediate' + if ($StateSetCorrectly -eq $false) { + try { + $body = [PSCustomObject]@{ + reportSuspiciousActivitySettings = $CurrentPolicy.reportSuspiciousActivitySettings + systemCredentialPreferences = $CurrentPolicy.systemCredentialPreferences + } + $body.reportSuspiciousActivitySettings.state = $ReportSuspiciousActivityState + $body.systemCredentialPreferences.state = $SystemCredentialState + + Write-Host "Body: $($body | ConvertTo-Json -Depth 10 -Compress)" + # Update settings + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -AsApp $true -Type PATCH -Body ($body | ConvertTo-Json -Depth 10 -Compress) -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully configured authentication methods policy settings: Report Suspicious Activity ($ReportSuspiciousActivityState), System Credential Preferences ($SystemCredentialState)" -sev Info + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Failed to configure authentication methods policy settings' -sev Error -LogData $ErrorMessage + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Authentication methods policy settings are already configured correctly' -sev Info + } + } + + if ($Settings.alert -eq $true) { + if ($StateSetCorrectly -eq $true) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Authentication methods policy settings are correctly configured: Report Suspicious Activity ($ReportSuspiciousActivityState), System Credential Preferences ($SystemCredentialState)" -sev Info + } else { + $CurrentReportState = $CurrentPolicy.reportSuspiciousActivitySettings.state + $CurrentSystemState = $CurrentPolicy.systemCredentialPreferences.state + Write-LogMessage -API 'Standards' -tenant $tenant -message "Authentication methods policy settings are not configured correctly. Current values: Report Suspicious Activity ($CurrentReportState), System Credential Preferences ($CurrentSystemState)" -sev Alert + } + } +} From 94b082c874dfbd8c1301ec53c8ef03327d8c9ed7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 10 Feb 2025 18:31:40 -0500 Subject: [PATCH 099/138] github updates adding default repositories --- CommunityRepos.json | 53 +++++++++++++++++++ .../GitHub/Invoke-ListCommunityRepos.ps1 | 33 +++++++++++- .../Public/GitHub/Invoke-GitHubApiRequest.ps1 | 16 +++--- .../Public/GitHub/Search-GitHub.ps1 | 16 +++--- 4 files changed, 100 insertions(+), 18 deletions(-) create mode 100644 CommunityRepos.json diff --git a/CommunityRepos.json b/CommunityRepos.json new file mode 100644 index 000000000000..0d76fe4a39f9 --- /dev/null +++ b/CommunityRepos.json @@ -0,0 +1,53 @@ +[ + { + "Id": "930523724", + "Name": "CIPP-Templates", + "Description": "CIPP Community Templates", + "URL": "https://github.com/CyberDrain/CIPP-Templates", + "FullName": "CyberDrain/CIPP-Templates", + "Owner": "CyberDrain", + "Visibility": "public", + "WriteAccess": false, + "RepoPermissions": { + "admin": false, + "maintain": false, + "push": false, + "triage": false, + "pull": true + } + }, + { + "Id": "784230225", + "Name": "ConditionalAccessBaseline", + "Description": "", + "URL": "https://github.com/j0eyv/ConditionalAccessBaseline", + "FullName": "j0eyv/ConditionalAccessBaseline", + "Owner": "j0eyv", + "Visibility": "public", + "WriteAccess": false, + "RepoPermissions": { + "admin": false, + "maintain": false, + "push": false, + "triage": false, + "pull": true + } + }, + { + "Id": "493403016", + "Name": "OpenIntuneBaseline", + "Description": "Community-driven baseline to accelerate Intune adoption and learning.", + "URL": "https://github.com/SkipToTheEndpoint/OpenIntuneBaseline", + "FullName": "SkipToTheEndpoint/OpenIntuneBaseline", + "Owner": "SkipToTheEndpoint", + "Visibility": "public", + "WriteAccess": false, + "RepoPermissions": { + "admin": false, + "maintain": false, + "push": false, + "triage": false, + "pull": true + } + } +] diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 index 44b5087a2ff0..58e03e6b196a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -13,7 +13,36 @@ function Invoke-ListCommunityRepos { param($Request, $TriggerMetadata) $Table = Get-CIPPTable -TableName CommunityRepos - $Repos = Get-CIPPAzDataTableEntity @Table | ForEach-Object { + $Repos = Get-CIPPAzDataTableEntity @Table + + $CIPPRoot = (Get-Item (Get-Module -Name CIPPCore).ModuleBase).Parent.Parent.FullName + $CommunityRepos = Join-Path -Path $CIPPRoot -ChildPath 'CommunityRepos.json' + $DefaultCommunityRepos = Get-Content -Path $CommunityRepos -Raw | ConvertFrom-Json + + $DefaultsMissing = $false + foreach ($Repo in $DefaultCommunityRepos) { + if ($Repos.Url -notcontains $Repo.Url) { + $Entity = [PSCustomObject]@{ + PartitionKey = 'CommunityRepos' + RowKey = $Repo.Id + Name = $Repo.Name + Description = $Repo.Description + URL = $Repo.URL + FullName = $Repo.FullName + Owner = $Repo.Owner + Visibility = $Repo.Visibility + WriteAccess = $Repo.WriteAccess + Permissions = [string]($Repo.RepoPermissions | ConvertTo-Json) + } + Add-CIPPAzDataTableEntity @Table -Entity $Entity + $DefaultsMissing = $true + } + } + if ($DefaultsMissing) { + $Repos = Get-CIPPAzDataTableEntity @Table + } + + $Repos = $Repos | ForEach-Object { [pscustomobject]@{ Id = $_.RowKey Name = $_.Name @@ -28,7 +57,7 @@ function Invoke-ListCommunityRepos { } $Body = @{ - Results = @($Repos) + Results = @($Repos | Sort-Object -Property FullName) } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 index 1ae9c28e6e8d..9f5b433caccd 100644 --- a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 @@ -34,12 +34,16 @@ function Invoke-GitHubApiRequest { $RestMethod.ResponseHeadersVariable = 'ResponseHeaders' } - $Response = Invoke-RestMethod @RestMethod - if ($ReturnHeaders.IsPresent) { - $ResponseHeaders - } else { - $Response - } + try { + $Response = Invoke-RestMethod @RestMethod + if ($ReturnHeaders.IsPresent) { + $ResponseHeaders + } else { + $Response + } + } catch { + Write-Error $_.Exception.Message + } } else { throw 'GitHub API is not enabled' } diff --git a/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 b/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 index 4d2ce0e02b60..c630d524c149 100644 --- a/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Search-GitHub.ps1 @@ -2,7 +2,8 @@ function Search-GitHub { [CmdletBinding()] Param ( [string[]]$Repository, - [string[]]$User, + [string]$User, + [string]$Org, [string]$Path, [string[]]$SearchTerm, [string]$Language, @@ -34,15 +35,10 @@ function Search-GitHub { } } if ($User) { - $UserParts = [System.Collections.Generic.List[string]]::new() - foreach ($U in $User) { - $UserParts.Add("user:$U") - } - if (($UserParts | Measure-Object).Count -gt 1) { - $QueryParts.Add('(' + ($UserParts -join ' OR ') + ')') - } else { - $QueryParts.Add($UserParts[0]) - } + $QueryParts.Add("user:$User") + } + if ($Org) { + $QueryParts.Add("org:$Org") } if ($Path) { $QueryParts.Add("path:$Path") From 4a82f31919107adcef757391044b2f1277c5e174 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 10 Feb 2025 22:59:55 -0500 Subject: [PATCH 100/138] more github functions --- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 26 +++++++++++++------ .../Public/GitHub/Get-GitHubBranch.ps1 | 16 ++++++++++++ .../Public/GitHub/Get-GitHubFileTree.ps1 | 18 +++++++++++++ 3 files changed, 52 insertions(+), 8 deletions(-) create mode 100644 Modules/CippExtensions/Public/GitHub/Get-GitHubBranch.ps1 create mode 100644 Modules/CippExtensions/Public/GitHub/Get-GitHubFileTree.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 615de22f3e9d..960c1af67a04 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -12,14 +12,24 @@ function Invoke-ExecGitHubAction { [CmdletBinding()] param($Request, $TriggerMetadata) - if ($Request.Body.Search) { - $Search = $Request.Body.Search | ConvertTo-Json | ConvertFrom-Json -AsHashtable - $SearchResults = Search-GitHub @Search - $Results = $SearchResults.items - $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results - } elseif ($Request.Body.GetFileContents) { - $Url = $Request.Body.GetFileContents.Url - $Results = Get-GitHubFileContents -Url $Url + $Action = $Request.Query.Action ?? $Request.Body.Action + $SplatParams = ($Request.Query ?? $Request.Body) | Select-Object -ExcludeProperty Action | ConvertTo-Json | ConvertFrom-Json -AsHashtable + + switch ($Action) { + 'Search' { + $Results = (Search-GitHub @SplatParams).items + $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results + } + 'GetFileContents' { + $Results = Get-GitHubFileContents @SplatParams + } + 'GetBranches' { + $Results = @(Get-GitHubBranch @SplatParams) + } + 'GetFileTree' { + $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($Request.Body.GetFileTree.FullName)/tree/$($Request.Body.GetFileTree.Branch)/$($_.path)" } } + $Results = @($Files) + } } $Body = @{ diff --git a/Modules/CippExtensions/Public/GitHub/Get-GitHubBranch.ps1 b/Modules/CippExtensions/Public/GitHub/Get-GitHubBranch.ps1 new file mode 100644 index 000000000000..53581eaea498 --- /dev/null +++ b/Modules/CippExtensions/Public/GitHub/Get-GitHubBranch.ps1 @@ -0,0 +1,16 @@ +function Get-GitHubBranch { + <# + .SYNOPSIS + Get GitHub Branch + .DESCRIPTION + Get GitHub Branch + . + #> + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [string]$FullName + ) + + Invoke-GitHubApiRequest -Path "repos/$FullName/branches" -Method GET +} diff --git a/Modules/CippExtensions/Public/GitHub/Get-GitHubFileTree.ps1 b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileTree.ps1 new file mode 100644 index 000000000000..951a364c7408 --- /dev/null +++ b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileTree.ps1 @@ -0,0 +1,18 @@ +function Get-GitHubFileTree { + <# + .SYNOPSIS + Get GitHub File Tree + .DESCRIPTION + Get GitHub File Tree + . + #> + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [string]$FullName, + [Parameter(Mandatory = $true)] + [string]$Branch + ) + + Invoke-GitHubApiRequest -Path "repos/$FullName/git/trees/$($Branch)?recursive=1" -Method GET +} From 94698ca9b94bdc3dcddf732e577801a4e1dddd18 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 10 Feb 2025 23:02:50 -0500 Subject: [PATCH 101/138] Update Invoke-ExecGitHubAction.ps1 --- .../HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 960c1af67a04..521c7359fd9f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -27,7 +27,7 @@ function Invoke-ExecGitHubAction { $Results = @(Get-GitHubBranch @SplatParams) } 'GetFileTree' { - $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($Request.Body.GetFileTree.FullName)/tree/$($Request.Body.GetFileTree.Branch)/$($_.path)" } } + $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } } $Results = @($Files) } } From 2d81e069dac6d1a00dedd62fcd921b579edc3318 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 10 Feb 2025 23:28:44 -0500 Subject: [PATCH 102/138] Update Invoke-ExecGitHubAction.ps1 --- .../HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 521c7359fd9f..8b8aba3381f1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -13,7 +13,7 @@ function Invoke-ExecGitHubAction { param($Request, $TriggerMetadata) $Action = $Request.Query.Action ?? $Request.Body.Action - $SplatParams = ($Request.Query ?? $Request.Body) | Select-Object -ExcludeProperty Action | ConvertTo-Json | ConvertFrom-Json -AsHashtable + $SplatParams = ($Request.Query ?? $Request.Body) | Select-Object -ExcludeProperty Action, TenantFilter | ConvertTo-Json | ConvertFrom-Json -AsHashtable switch ($Action) { 'Search' { From f52da7f794d327b2a7fd9f9f1aee7f15f4caff51 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 09:05:47 -0500 Subject: [PATCH 103/138] fix search query Add default branch to repo list Adjust table object for community repo to include default branch --- CommunityRepos.json | 3 ++ .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 44 ++++++++++--------- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 14 +++++- .../GitHub/Invoke-ListCommunityRepos.ps1 | 22 +++++----- 4 files changed, 50 insertions(+), 33 deletions(-) diff --git a/CommunityRepos.json b/CommunityRepos.json index 0d76fe4a39f9..e34aafb8c821 100644 --- a/CommunityRepos.json +++ b/CommunityRepos.json @@ -8,6 +8,7 @@ "Owner": "CyberDrain", "Visibility": "public", "WriteAccess": false, + "DefaultBranch": "main", "RepoPermissions": { "admin": false, "maintain": false, @@ -25,6 +26,7 @@ "Owner": "j0eyv", "Visibility": "public", "WriteAccess": false, + "DefaultBranch": "main", "RepoPermissions": { "admin": false, "maintain": false, @@ -42,6 +44,7 @@ "Owner": "SkipToTheEndpoint", "Visibility": "public", "WriteAccess": false, + "DefaultBranch": "main", "RepoPermissions": { "admin": false, "maintain": false, diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index 174254ddbb4b..ddd63ce66e32 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -23,16 +23,17 @@ function Invoke-ExecCommunityRepo { 'Add' { $Repo = Invoke-GitHubApiRequest -Path "repositories/$($Id)" $RepoEntity = @{ - PartitionKey = 'CommunityRepos' - RowKey = [string]$Repo.id - Name = [string]$Repo.name - Description = [string]$Repo.description - URL = [string]$Repo.html_url - FullName = [string]$Repo.full_name - Owner = [string]$Repo.owner.login - Visibility = [string]$Repo.visibility - WriteAccess = [bool]$Repo.permissions.push - Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) + PartitionKey = 'CommunityRepos' + RowKey = [string]$Repo.id + Name = [string]$Repo.name + Description = [string]$Repo.description + URL = [string]$Repo.html_url + FullName = [string]$Repo.full_name + Owner = [string]$Repo.owner.login + Visibility = [string]$Repo.visibility + WriteAccess = [bool]$Repo.permissions.push + DefaultBranch = [string]$Repo.default_branch + Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) } Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force | Out-Null @@ -46,17 +47,18 @@ function Invoke-ExecCommunityRepo { if ($RepoEntity) { $Repo = Invoke-GitHubApiRequest -Path "repositories/$($Id)" $Update = @{ - PartitionKey = 'CommunityRepos' - RowKey = [string]$Repo.id - Name = [string]$Repo.name - Description = [string]$Repo.description - URL = [string]$Repo.html_url - FullName = [string]$Repo.full_name - Owner = [string]$Repo.owner.login - Visibility = [string]$Repo.visibility - WriteAccess = [bool]$Repo.permissions.push - Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) - ETag = $RepoEntity.ETag + PartitionKey = 'CommunityRepos' + RowKey = [string]$Repo.id + Name = [string]$Repo.name + Description = [string]$Repo.description + URL = [string]$Repo.html_url + FullName = [string]$Repo.full_name + Owner = [string]$Repo.owner.login + Visibility = [string]$Repo.visibility + WriteAccess = [bool]$Repo.permissions.push + DefaultBranch = [string]$Repo.default_branch + Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) + ETag = $RepoEntity.ETag } Update-CIPPAzDataTableEntity @Table -Entity $Update diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 8b8aba3381f1..c84bd7d91ab7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -13,11 +13,21 @@ function Invoke-ExecGitHubAction { param($Request, $TriggerMetadata) $Action = $Request.Query.Action ?? $Request.Body.Action - $SplatParams = ($Request.Query ?? $Request.Body) | Select-Object -ExcludeProperty Action, TenantFilter | ConvertTo-Json | ConvertFrom-Json -AsHashtable + + if ($Request.Query.Action) { + $Parameters = $Request.Query + } else { + $Parameters = $Request.Body + } + + $SplatParams = $Parameters | Select-Object -ExcludeProperty Action, TenantFilter | ConvertTo-Json | ConvertFrom-Json -AsHashtable + + Write-Information ($SplatParams | ConvertTo-Json) switch ($Action) { 'Search' { - $Results = (Search-GitHub @SplatParams).items + $SearchResults = Search-GitHub @SplatParams + $Results = @($SearchResults.items) $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results } 'GetFileContents' { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 index 58e03e6b196a..4053ee48a676 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -23,16 +23,17 @@ function Invoke-ListCommunityRepos { foreach ($Repo in $DefaultCommunityRepos) { if ($Repos.Url -notcontains $Repo.Url) { $Entity = [PSCustomObject]@{ - PartitionKey = 'CommunityRepos' - RowKey = $Repo.Id - Name = $Repo.Name - Description = $Repo.Description - URL = $Repo.URL - FullName = $Repo.FullName - Owner = $Repo.Owner - Visibility = $Repo.Visibility - WriteAccess = $Repo.WriteAccess - Permissions = [string]($Repo.RepoPermissions | ConvertTo-Json) + PartitionKey = 'CommunityRepos' + RowKey = $Repo.Id + Name = $Repo.Name + Description = $Repo.Description + URL = $Repo.URL + FullName = $Repo.FullName + Owner = $Repo.Owner + Visibility = $Repo.Visibility + WriteAccess = $Repo.WriteAccess + DefaultBranch = $Repo.DefaultBranch + Permissions = [string]($Repo.RepoPermissions | ConvertTo-Json) } Add-CIPPAzDataTableEntity @Table -Entity $Entity $DefaultsMissing = $true @@ -52,6 +53,7 @@ function Invoke-ListCommunityRepos { Owner = $_.Owner Visibility = $_.Visibility WriteAccess = $_.WriteAccess + DefaultBranch = $_.DefaultBranch RepoPermissions = $_.Permissions | ConvertFrom-Json } } From 22bd3560dfc64be6e763142be839fce4e5064577 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 09:28:14 -0500 Subject: [PATCH 104/138] clean up comments --- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 2 +- .../Public/GitHub/Get-GitHubFileContents.ps1 | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index c84bd7d91ab7..cf0d810d921a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -22,7 +22,7 @@ function Invoke-ExecGitHubAction { $SplatParams = $Parameters | Select-Object -ExcludeProperty Action, TenantFilter | ConvertTo-Json | ConvertFrom-Json -AsHashtable - Write-Information ($SplatParams | ConvertTo-Json) + #Write-Information ($SplatParams | ConvertTo-Json) switch ($Action) { 'Search' { diff --git a/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 index aee61b0c69f0..684bf99927ba 100644 --- a/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 @@ -1,14 +1,20 @@ function Get-GitHubFileContents { [CmdletBinding()] param ( - [Parameter(ValueFromPipelineByPropertyName = $true)] - $Url + [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory = $true)] + $FullName, + + [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory = $true)] + $Path, + + [Parameter(ValueFromPipelineByPropertyName = $true, Mandatory = $true)] + $Branch ) process { - [uri]$Uri = $Url - $Path = $Uri.PathAndQuery.TrimStart('/') - $File = Invoke-GitHubApiRequest -Path "$Path" -Method GET + $Path = "repos/$($FullName)/contents/$($Path)?ref=$($Branch)" + #Write-Information $Path + $File = Invoke-GitHubApiRequest -Path $Path -Method GET return [PSCustomObject]@{ name = $File.name From dd9643f534e91773ae8a0ad0cba999219de3d449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 11 Feb 2025 18:56:06 +0100 Subject: [PATCH 105/138] Add support for QR code and fix headers param --- .../Administration/Invoke-SetAuthMethod.ps1 | 23 ++++++++----------- .../Public/Set-CIPPAuthenticationPolicy.ps1 | 16 ++++++++++--- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-SetAuthMethod.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-SetAuthMethod.ps1 index 2b00af589c58..26653bf43648 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-SetAuthMethod.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-SetAuthMethod.ps1 @@ -5,28 +5,23 @@ function Invoke-SetAuthMethod { .ROLE Tenant.Administration.ReadWrite #> - Param( - $Request, - $TriggerMetadata - ) + Param($Request, $TriggerMetadata) - $APIName = "Set Authentication Policy" - $state = if ($Request.Body.state -eq 'enabled') { $true } else { $false } - $Tenantfilter = $Request.Body.TenantFilter + $APIName = $Request.Params.CIPPEndpoint + $State = if ($Request.Body.state -eq 'enabled') { $true } else { $false } + $TenantFilter = $Request.Body.tenantFilter try { - Set-CIPPAuthenticationPolicy -Tenant $Tenantfilter -APIName $APIName -AuthenticationMethodId $($Request.Body.Id) -Enabled $state + $Result = Set-CIPPAuthenticationPolicy -Tenant $TenantFilter -APIName $APIName -AuthenticationMethodId $($Request.Body.Id) -Enabled $State -Headers $Request.Headers $StatusCode = [HttpStatusCode]::OK - $SuccessMessage = "Authentication Policy for $($Request.Body.Id) has been set to $state" } catch { - $ErrorMsg = Get-NormalizedError -message $($_.Exception.Message) - $SuccessMessage = "Function Error: $($_.InvocationInfo.ScriptLineNumber) - $ErrorMsg" - $StatusCode = [HttpStatusCode]::BadRequest + $Result = $_ + $StatusCode = [HttpStatusCode]::Forbidden } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = [pscustomobject]@{'Results' = "$SuccessMessage" } + Body = [pscustomobject]@{'Results' = "$Result" } }) -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 index be7e126de826..3b6e62d51ed4 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 @@ -2,7 +2,7 @@ function Set-CIPPAuthenticationPolicy { [CmdletBinding(SupportsShouldProcess = $true)] param( [Parameter(Mandatory = $true)]$Tenant, - [Parameter(Mandatory = $true)][ValidateSet('FIDO2', 'MicrosoftAuthenticator', 'SMS', 'TemporaryAccessPass', 'HardwareOATH', 'softwareOath', 'Voice', 'Email', 'x509Certificate')]$AuthenticationMethodId, + [Parameter(Mandatory = $true)][ValidateSet('FIDO2', 'MicrosoftAuthenticator', 'SMS', 'TemporaryAccessPass', 'HardwareOATH', 'softwareOath', 'Voice', 'Email', 'x509Certificate', 'QRCodePin')]$AuthenticationMethodId, [Parameter(Mandatory = $true)][bool]$Enabled, # true = enabled or false = disabled $MicrosoftAuthenticatorSoftwareOathEnabled, $TAPMinimumLifetime = 60, #Minutes @@ -10,6 +10,8 @@ function Set-CIPPAuthenticationPolicy { $TAPDefaultLifeTime = 60, #minutes $TAPDefaultLength = 8, #TAP password generated length in chars $TAPisUsableOnce = $true, + [Parameter()][ValidateRange(1, 395)]$QRCodeLifetimeInDays = 365, + [Parameter()][ValidateRange(8, 20)]$QRCodePinLength = 8, $APIName = 'Set Authentication Policy', $Headers ) @@ -103,6 +105,14 @@ function Set-CIPPAuthenticationPolicy { 'x509Certificate' { # Nothing special to do here } + + # QR code + 'QRCodePin' { + if ($State -eq 'enabled') { + $CurrentInfo.pinLength = $QRCodePinLength + $CurrentInfo.standardQRCodeLifetimeInDays = $QRCodeLifetimeInDays + } + } Default { Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error return "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." @@ -112,7 +122,7 @@ function Set-CIPPAuthenticationPolicy { try { if ($PSCmdlet.ShouldProcess($AuthenticationMethodId, "Set state to $State $OptionalLogMessage")) { # Convert body to JSON and send request - $null = New-GraphPostRequest -tenantid $Tenant -Uri "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/$AuthenticationMethodId" -Type patch -Body ($CurrentInfo | ConvertTo-Json -Compress -Depth 10) -ContentType 'application/json' + $null = New-GraphPostRequest -tenantid $Tenant -Uri "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/$AuthenticationMethodId" -Type PATCH -Body (ConvertTo-Json -InputObject $CurrentInfo -Compress -Depth 10) -ContentType 'application/json' Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Set $AuthenticationMethodId state to $State $OptionalLogMessage" -sev Info } return "Set $AuthenticationMethodId state to $State $OptionalLogMessage" @@ -120,6 +130,6 @@ function Set-CIPPAuthenticationPolicy { } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Failed to $State $AuthenticationMethodId Support: $ErrorMessage" -sev Error -LogData $ErrorMessage - return "Failed to $State $AuthenticationMethodId Support. Error: $($ErrorMessage.NormalizedError)" + throw "Failed to $State $AuthenticationMethodId Support. Error: $($ErrorMessage.NormalizedError)" } } From e156ea947320dbb371c1cc48ba0c9e9e08d2d312 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 11 Feb 2025 18:59:20 +0100 Subject: [PATCH 106/138] add support for throwing change in Set-CIPPAuthenticationPolicy --- .../Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 | 5 ++++- .../Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 | 5 ++++- .../Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 | 5 ++++- .../Invoke-CIPPStandardDisablex509Certificate.ps1 | 5 ++++- .../Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 | 5 ++++- .../Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 | 5 ++++- ...ke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 | 5 ++++- .../CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 | 7 +++++-- .../Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 | 5 ++++- .../Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 | 5 ++++- 10 files changed, 41 insertions(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 index 1f9d537a015e..42ae78c7a734 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardDisableEmail { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Email authentication method is already disabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Email' -Enabled $false + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Email' -Enabled $false + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 index a948d1d13213..a9a6e9deeff3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardDisableSMS { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMS authentication method is already disabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'SMS' -Enabled $false + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'SMS' -Enabled $false + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 index 619b3e11c50b..d52dd3afedd0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardDisableVoice { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Voice authentication method is already disabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Voice' -Enabled $false + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Voice' -Enabled $false + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 index 8d1d0ae0b990..9c3ab1093e0f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardDisablex509Certificate { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'x509Certificate authentication method is already disabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'x509Certificate' -Enabled $false + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'x509Certificate' -Enabled $false + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 index 8b71a8f1963a..d76014e535dc 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardEnableFIDO2 { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'FIDO2 Support is already enabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Fido2' -Enabled $true + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Fido2' -Enabled $true + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 index a55d5410612d..4394cf0740cd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardEnableHardwareOAuth { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'HardwareOAuth Support is already enabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'HardwareOath' -Enabled $true + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'HardwareOath' -Enabled $true + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 index 1c7005cb470f..8ddea0115551 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 @@ -38,7 +38,10 @@ function Invoke-CIPPStandardPWdisplayAppInformationRequiredState { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Passwordless with Information and Number Matching is already enabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 index 925916f948e8..23f6ae97a643 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 @@ -32,7 +32,7 @@ function Invoke-CIPPStandardTAP { $CurrentState = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass' -tenantid $Tenant if ($null -eq $Settings.config) { $Settings.config = $True } - $StateIsCorrect = ($CurrentState.state -eq 'enabled') -and + $StateIsCorrect = ($CurrentState.state -eq 'enabled') -and ([System.Convert]::ToBoolean($CurrentState.isUsableOnce) -eq [System.Convert]::ToBoolean($Settings.config)) if ($Settings.report -eq $true) { @@ -43,7 +43,10 @@ function Invoke-CIPPStandardTAP { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Temporary Access Passwords is already enabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'TemporaryAccessPass' -Enabled $true -TAPisUsableOnce $Settings.config + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'TemporaryAccessPass' -Enabled $true -TAPisUsableOnce $Settings.config + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 index 6035ca8d04dc..b621e3e85ea6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 @@ -36,7 +36,10 @@ function Invoke-CIPPStandardallowOAuthTokens { if ($StateIsCorrect -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Software OTP/oAuth tokens is already enabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'softwareOath' -Enabled $true + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'softwareOath' -Enabled $true + } catch { + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 index 9b9441b9e951..fb07572ffb32 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 @@ -35,7 +35,10 @@ function Invoke-CIPPStandardallowOTPTokens { if ($CurrentInfo.isSoftwareOathEnabled) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'MS authenticator OTP/oAuth tokens is already enabled.' -sev Info } else { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true -MicrosoftAuthenticatorSoftwareOathEnabled $true + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true -MicrosoftAuthenticatorSoftwareOathEnabled $true + } catch { + } } } From 7ad53d39c49ad0f9326456ca6f41e4df0d719fe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 11 Feb 2025 20:25:00 +0100 Subject: [PATCH 107/138] throw errors instead of returning messages for invalid authentication method states --- Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 index 3b6e62d51ed4..950d0ba7207d 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 @@ -58,7 +58,7 @@ function Set-CIPPAuthenticationPolicy { 'SMS' { if ($State -eq 'enabled') { Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error - return "Setting $AuthenticationMethodId to enabled is not allowed" + throw "Setting $AuthenticationMethodId to enabled is not allowed" } } @@ -89,7 +89,7 @@ function Set-CIPPAuthenticationPolicy { # Disallow enabling voice if ($State -eq 'enabled') { Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error - return "Setting $AuthenticationMethodId to enabled is not allowed" + throw "Setting $AuthenticationMethodId to enabled is not allowed" } } @@ -97,7 +97,7 @@ function Set-CIPPAuthenticationPolicy { 'Email' { if ($State -eq 'enabled') { Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error - return "Setting $AuthenticationMethodId to enabled is not allowed" + throw "Setting $AuthenticationMethodId to enabled is not allowed" } } @@ -115,7 +115,7 @@ function Set-CIPPAuthenticationPolicy { } Default { Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error - return "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." + throw "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." } } # Set state of the authentication method From 792d5719f9a604d29479ea5482f0de0712c4cb11 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Tue, 11 Feb 2025 21:28:54 +0100 Subject: [PATCH 108/138] fix odata stuff --- .../Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 | 3 ++- .../Public/New-CIPPIntuneTemplate.ps1 | 26 ++++++++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 index 30dc61dd9c32..24c00cf0adff 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 @@ -41,7 +41,8 @@ Function Invoke-AddIntuneTemplate { $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter $URLName = $Request.Body.URLName ?? $Request.Query.URLName $ID = $Request.Body.ID ?? $Request.Query.ID - $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $ID + $ODataType = $Request.Body.ODataType ?? $Request.Query.ODataType + $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $ID -ODataType $ODataType Write-Host "Template: $Template" $object = [PSCustomObject]@{ Displayname = $Template.DisplayName diff --git a/Modules/CIPPCore/Public/New-CIPPIntuneTemplate.ps1 b/Modules/CIPPCore/Public/New-CIPPIntuneTemplate.ps1 index 0707b9824400..25595a59eb51 100644 --- a/Modules/CIPPCore/Public/New-CIPPIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPIntuneTemplate.ps1 @@ -4,8 +4,32 @@ function New-CIPPIntuneTemplate { $id, $TenantFilter, $ActionResults, - $CIPPURL + $CIPPURL, + $ODataType ) + Write-Host "These are all bound params: $urlname, $id, $TenantFilter, $ActionResults, $CIPPURL, $ODataType" + if ($ODataType) { + switch -wildcard ($ODataType) { + '*CompliancePolicy' { + $URLName = 'deviceCompliancePolicies' + } + '*managedAppPolicies' { + $URLName = 'managedAppPolicies' + } + '*configurationPolicies' { + $URLName = 'configurationPolicies' + } + '*windowsDriverUpdateProfiles' { + $URLName = 'windowsDriverUpdateProfiles' + } + '*deviceConfigurations' { + $URLName = 'deviceConfigurations' + } + '*groupPolicyConfigurations' { + $URLName = 'groupPolicyConfigurations' + } + } + } switch ($URLName) { 'deviceCompliancePolicies' { $Type = 'deviceCompliancePolicies' From 5b8079ba76b2e681ff7d12c359f6c59e32cee041 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 15:46:29 -0500 Subject: [PATCH 109/138] add cippy proxy for GitHub --- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 43 ++++++++++++------- .../Public/GitHub/Invoke-GitHubApiRequest.ps1 | 11 ++++- 2 files changed, 36 insertions(+), 18 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index cf0d810d921a..32ce53fc085f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -22,23 +22,34 @@ function Invoke-ExecGitHubAction { $SplatParams = $Parameters | Select-Object -ExcludeProperty Action, TenantFilter | ConvertTo-Json | ConvertFrom-Json -AsHashtable - #Write-Information ($SplatParams | ConvertTo-Json) + $Extensionsconfig = Get-CippTable -tablename 'Extensionsconfig' + $Extensions = $Extensionsconfig | Where-Object { $_.PartitionKey -eq 'Extensionsconfig' } | Select-Object -ExpandProperty JSON | ConvertFrom-Json + $GitHubEnabled = $Extensions.GitHub.enabled - switch ($Action) { - 'Search' { - $SearchResults = Search-GitHub @SplatParams - $Results = @($SearchResults.items) - $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results - } - 'GetFileContents' { - $Results = Get-GitHubFileContents @SplatParams - } - 'GetBranches' { - $Results = @(Get-GitHubBranch @SplatParams) - } - 'GetFileTree' { - $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } } - $Results = @($Files) + if (-not $GitHubEnabled) { + $Response = Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body ($Action | ConvertTo-Json -Depth 10) -ContentType 'application/json' + $Results = $Response.Results + $Metadata = $Response.Metadata + } else { + switch ($Action) { + 'Search' { + $SearchResults = Search-GitHub @SplatParams + $Results = @($SearchResults.items) + $Metadata = $SearchResults | Select-Object -Property total_count, incomplete_results + } + 'GetFileContents' { + $Results = Get-GitHubFileContents @SplatParams + } + 'GetBranches' { + $Results = @(Get-GitHubBranch @SplatParams) + } + 'GetFileTree' { + $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } } + $Results = @($Files) + } + 'ImportTemplate' { + $Results = Import-CommunityTemplate @SplatParams + } } } diff --git a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 index 9f5b433caccd..a8f48d598af3 100644 --- a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 @@ -43,8 +43,15 @@ function Invoke-GitHubApiRequest { } } catch { Write-Error $_.Exception.Message - } + } } else { - throw 'GitHub API is not enabled' + $Action = @{ + Action = 'ApiCall' + Path = $Path + Method = $Method + Body = $Body + Accept = $Accept + } + (Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body ($Action | ConvertTo-Json -Depth 10) -ContentType 'application/json').Results } } From fdcb3f3682443b4bb182caa2ca9d81d7002a6028 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 15:47:09 -0500 Subject: [PATCH 110/138] community templates --- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 7 ++++ .../CIPPCore/Public/New-CIPPTemplateRun.ps1 | 21 +++++++++- .../Public/Tools/Import-CommunityTemplate.ps1 | 24 +++++++++++ .../Public/GitHub/Push-GitHubContent.ps1 | 41 +++++++++++++++++++ 4 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 create mode 100644 Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index ddd63ce66e32..c1cfafd764fe 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -84,6 +84,13 @@ function Invoke-ExecCommunityRepo { state = 'success' } } + 'ImportTemplate' { + $Path = $Request.Body.Path + $FullName = $Request.Body.FullName + $Branch = $Request.Body.Branch + $Template = Get-GitHubFileContents -FullName $FullName -Path $Path -Branch $Branch + Import-CommunityTemplate -Template $Template + } default { $Results = @{ resultText = "Action $Action not supported" diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 index 96e68e4ac909..9950c3d40772 100644 --- a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 @@ -19,8 +19,8 @@ function New-CIPPTemplateRun { } } if ($TemplateSettings.templateRepo) { - Write-Host 'Grabbing data from required template repo' - $RepoURI = "https://geoipdb.azurewebsites.net/api/GetTemplateRepo?repo=$($TemplateSettings.templateRepo.value)" + Write-Host 'Grabbing data from required community repo' + <#$RepoURI = "https://geoipdb.azurewebsites.net/api/GetTemplateRepo?repo=$($TemplateSettings.templateRepo.value)" $RepoData = Invoke-RestMethod -Uri $RepoURI -Method GET -ContentType 'application/json' $ImportTemplates = foreach ($task in $Tasks) { switch ($Task) { @@ -29,6 +29,23 @@ function New-CIPPTemplateRun { 'groupTemplates' { $RepoData.groupTemplates } 'standardTemplates' { $RepoData.standardTemplates } } + }#> + $Files = (Get-GitHubFileTree -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepo.branch).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } } + + foreach ($File in $Files) { + # find file.name in existing templates + $ExistingTemplate = $ExistingTemplates | Where-Object { $_.displayName -eq $File.name } | Select-Object -First 1 + if ($ExistingTemplate) { + # check the sha hash of the file against the existing template + $UpdateNeeded = $false + if ($ExistingTemplate.sha -ne $File.sha -or !$ExistingTemplate.sha) { + $UpdateNeeded = $true + } + + if ($UpdateNeeded) { + + } + } } } else { diff --git a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 new file mode 100644 index 000000000000..3b72795eddd8 --- /dev/null +++ b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 @@ -0,0 +1,24 @@ +function Import-CommunityTemplate { + <# + + #> + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + $Template, + [switch]$Force + ) + + $Table = Get-CippTable -TableName 'templates' + $Filter = "PartitionKey eq '$Type'" + + $CippTemplates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { + $GUID = $_.RowKey + $data = $_.JSON | ConvertFrom-Json + $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $GUID -Force + $data + } + + $Contents = $Template.content + Write-Host ($Contents) +} diff --git a/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 b/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 new file mode 100644 index 000000000000..6b0eebf5ce23 --- /dev/null +++ b/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 @@ -0,0 +1,41 @@ +function Push-GitHubContent { + <# + .SYNOPSIS + Update file content in GitHub repository + .DESCRIPTION + Update file content in GitHub repository + .PARAMETER FullName + The full name of the repository (e.g. 'octocat/Hello-World') + .PARAMETER Path + The path to the file in the repository + .PARAMETER Branch + The branch to update the file in (default: 'main') + .PARAMETER Content + The new content of the file + .PARAMETER Message + The commit message + .EXAMPLE + Push-GitHubContent -FullName 'octocat/Hello-World' -Path 'README.md' -Content 'Hello, World!' -Message 'Update README.md' + #> + [CmdletBinding()] + param ( + [string]$FullName, + [string]$Path, + [string]$Branch = 'main', + [string]$Content, + [string]$Message + ) + + $ContentBase64 = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Content)) + $ContentSha = (Invoke-GitHubApiRequest -Path "repos/$($FullName)/contents/$($Path)?ref=$($Branch)" -Method GET).sha + $Filename = Split-Path $Path -Leaf + + $Body = @{ + message = $Message ?? "Update $($Filename)" + content = $ContentBase64 + sha = $ContentSha + branch = $Branch + } + + Invoke-GitHubApiRequest -Path "repos/$($FullName)/contents/$($Path)" -Method PUT -Body $Body +} From a550ec703331f865ca9667995d7b84e65cd8b2a2 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 17:13:22 -0500 Subject: [PATCH 111/138] fix github exec function --- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 32ce53fc085f..4ad24158815b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -22,11 +22,10 @@ function Invoke-ExecGitHubAction { $SplatParams = $Parameters | Select-Object -ExcludeProperty Action, TenantFilter | ConvertTo-Json | ConvertFrom-Json -AsHashtable - $Extensionsconfig = Get-CippTable -tablename 'Extensionsconfig' - $Extensions = $Extensionsconfig | Where-Object { $_.PartitionKey -eq 'Extensionsconfig' } | Select-Object -ExpandProperty JSON | ConvertFrom-Json - $GitHubEnabled = $Extensions.GitHub.enabled + $Table = Get-CIPPTable -TableName Extensionsconfig + $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub - if (-not $GitHubEnabled) { + if (!$Configuration.Enabled) { $Response = Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body ($Action | ConvertTo-Json -Depth 10) -ContentType 'application/json' $Results = $Response.Results $Metadata = $Response.Metadata @@ -43,6 +42,10 @@ function Invoke-ExecGitHubAction { 'GetBranches' { $Results = @(Get-GitHubBranch @SplatParams) } + 'GetOrgs' { + $Orgs = Invoke-GitHubApiRequest -Path 'user/orgs' + $Results = @($Orgs) + } 'GetFileTree' { $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } } $Results = @($Files) @@ -50,6 +53,9 @@ function Invoke-ExecGitHubAction { 'ImportTemplate' { $Results = Import-CommunityTemplate @SplatParams } + default { + $Results = "Error: Unknown action '$Action'" + } } } From 97991e14e25c67f75c9a9c4c590738c1978d7eae Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 19:17:09 -0500 Subject: [PATCH 112/138] github tasks add create repo handle saving templates --- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 22 +++++++ .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 25 ++++++++ .../GitHub/Invoke-ListCommunityRepos.ps1 | 57 +++++++++++-------- .../Public/GitHub/Invoke-GitHubApiRequest.ps1 | 14 +++-- .../Public/GitHub/New-GitHubRepo.ps1 | 49 ++++++++++++++++ .../Public/GitHub/Push-GitHubContent.ps1 | 10 +++- 6 files changed, 147 insertions(+), 30 deletions(-) create mode 100644 Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index c1cfafd764fe..573cb275f16f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -84,6 +84,28 @@ function Invoke-ExecCommunityRepo { state = 'success' } } + 'UploadTemplate' { + $GUID = $Request.Body.GUID + $TemplateTable = Get-CIPPTable -TableName templates + $TemplateEntity = Get-CIPPAzDataTableEntity @TemplateTable -Filter "RowKey eq '$($GUID)'" + if ($TemplateEntity) { + $Template = $TemplateEntity.JSON | ConvertFrom-Json + $DisplayName = $Template.Displayname ?? $Template.templateName ?? $Template.name + $Basename = $DisplayName -replace '\s', '_' -replace '[^\w\d_]', '' + $Path = '{0}/{1}.json' -f $TemplateEntity.PartitionKey, $Basename + $Results = Push-GitHubContent -FullName $Request.Body.FullName -Path $Path -Content ($TemplateEntity | ConvertTo-Json -Compress) -Message $Request.Body.Message + + $Results = @{ + resultText = "Template '$($DisplayName)' uploaded" + state = 'success' + } + } else { + $Results = @{ + resultText = "Template '$($GUID)' not found" + state = 'error' + } + } + } 'ImportTemplate' { $Path = $Request.Body.Path $FullName = $Request.Body.FullName diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 4ad24158815b..cba461e61906 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -53,6 +53,31 @@ function Invoke-ExecGitHubAction { 'ImportTemplate' { $Results = Import-CommunityTemplate @SplatParams } + 'CreateRepo' { + $Repo = New-GitHubRepo @SplatParams + if ($Results.id) { + $Table = Get-CIPPTable -TableName CommunityRepos + $RepoEntity = @{ + PartitionKey = 'CommunityRepos' + RowKey = [string]$Repo.id + Name = [string]$Repo.name + Description = [string]$Repo.description + URL = [string]$Repo.html_url + FullName = [string]$Repo.full_name + Owner = [string]$Repo.owner.login + Visibility = [string]$Repo.visibility + WriteAccess = [bool]$Repo.permissions.push + DefaultBranch = [string]$Repo.default_branch + Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) + } + Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force | Out-Null + + $Results = @{ + resultText = "Repository '$($Results.name)' created" + state = 'success' + } + } + } default { $Results = "Error: Unknown action '$Action'" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 index 4053ee48a676..0b8d54094286 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -13,34 +13,43 @@ function Invoke-ListCommunityRepos { param($Request, $TriggerMetadata) $Table = Get-CIPPTable -TableName CommunityRepos - $Repos = Get-CIPPAzDataTableEntity @Table - $CIPPRoot = (Get-Item (Get-Module -Name CIPPCore).ModuleBase).Parent.Parent.FullName - $CommunityRepos = Join-Path -Path $CIPPRoot -ChildPath 'CommunityRepos.json' - $DefaultCommunityRepos = Get-Content -Path $CommunityRepos -Raw | ConvertFrom-Json + if ($Request.Query.WriteAccess -eq 'true') { + $Filter = "PartitionKey eq 'CommunityRepos' and WriteAccess eq true" + } else { + $Filter = '' + } + + $Repos = Get-CIPPAzDataTableEntity @Table -Filter $Filter + + if (!$Request.Query.WriteAccess) { + $CIPPRoot = (Get-Item (Get-Module -Name CIPPCore).ModuleBase).Parent.Parent.FullName + $CommunityRepos = Join-Path -Path $CIPPRoot -ChildPath 'CommunityRepos.json' + $DefaultCommunityRepos = Get-Content -Path $CommunityRepos -Raw | ConvertFrom-Json - $DefaultsMissing = $false - foreach ($Repo in $DefaultCommunityRepos) { - if ($Repos.Url -notcontains $Repo.Url) { - $Entity = [PSCustomObject]@{ - PartitionKey = 'CommunityRepos' - RowKey = $Repo.Id - Name = $Repo.Name - Description = $Repo.Description - URL = $Repo.URL - FullName = $Repo.FullName - Owner = $Repo.Owner - Visibility = $Repo.Visibility - WriteAccess = $Repo.WriteAccess - DefaultBranch = $Repo.DefaultBranch - Permissions = [string]($Repo.RepoPermissions | ConvertTo-Json) + $DefaultsMissing = $false + foreach ($Repo in $DefaultCommunityRepos) { + if ($Repos.Url -notcontains $Repo.Url) { + $Entity = [PSCustomObject]@{ + PartitionKey = 'CommunityRepos' + RowKey = $Repo.Id + Name = $Repo.Name + Description = $Repo.Description + URL = $Repo.URL + FullName = $Repo.FullName + Owner = $Repo.Owner + Visibility = $Repo.Visibility + WriteAccess = $Repo.WriteAccess + DefaultBranch = $Repo.DefaultBranch + Permissions = [string]($Repo.RepoPermissions | ConvertTo-Json) + } + Add-CIPPAzDataTableEntity @Table -Entity $Entity + $DefaultsMissing = $true } - Add-CIPPAzDataTableEntity @Table -Entity $Entity - $DefaultsMissing = $true } - } - if ($DefaultsMissing) { - $Repos = Get-CIPPAzDataTableEntity @Table + if ($DefaultsMissing) { + $Repos = Get-CIPPAzDataTableEntity @Table + } } $Repos = $Repos | ForEach-Object { diff --git a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 index a8f48d598af3..4cb649260d26 100644 --- a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 @@ -17,9 +17,10 @@ function Invoke-GitHubApiRequest { if ($Configuration.Enabled) { $APIKey = Get-ExtensionAPIKey -Extension 'GitHub' $Headers = @{ - Authorization = "Bearer $($APIKey)" - 'User-Agent' = 'CIPP' - Accept = $Accept + Authorization = "Bearer $($APIKey)" + 'User-Agent' = 'CIPP' + Accept = $Accept + 'X-GitHub-API-Version' = '2022-11-28' } $FullUri = "https://api.github.com/$Path" @@ -34,6 +35,11 @@ function Invoke-GitHubApiRequest { $RestMethod.ResponseHeadersVariable = 'ResponseHeaders' } + if ($Body) { + $RestMethod.Body = $Body | ConvertTo-Json -Depth 10 + $RestMethod.ContentType = 'application/json' + } + try { $Response = Invoke-RestMethod @RestMethod if ($ReturnHeaders.IsPresent) { @@ -42,7 +48,7 @@ function Invoke-GitHubApiRequest { $Response } } catch { - Write-Error $_.Exception.Message + throw $_.Exception.Message } } else { $Action = @{ diff --git a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 new file mode 100644 index 000000000000..069271db0dd7 --- /dev/null +++ b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 @@ -0,0 +1,49 @@ +function New-GitHubRepo { + <# + .SYNOPSIS + Create a new GitHub repository + + .DESCRIPTION + This function creates a new GitHub repository + + .PARAMETER Name + The name of the repository + + .PARAMETER Description + The description of the repository + + .PARAMETER Private + Whether the repository is private + + .PARAMETER Type + + #> + [CmdletBinding(SupportsShouldProcess = $true)] + param ( + [Parameter(Mandatory = $true)] + [string]$Name, + [string]$Description, + [switch]$Private, + [ValidateSet('User', 'Org')] + [string]$Type = 'User', + [string]$Org, + [string]$License = 'agpl-3.0' + ) + + $Body = @{ + name = $Name + description = $Description + private = $Private + license_template = $License + } + + if ($Type -eq 'Org') { + $Path = "orgs/$Org/repos" + } else { + $Path = 'user/repos' + } + + if ($PSCmdlet.ShouldProcess("Create repository '$Name'")) { + Invoke-GitHubApiRequest -Path $Path -Method POST -Body $Body + } +} diff --git a/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 b/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 index 6b0eebf5ce23..ca7282fffa5e 100644 --- a/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Push-GitHubContent.ps1 @@ -27,15 +27,21 @@ function Push-GitHubContent { ) $ContentBase64 = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Content)) - $ContentSha = (Invoke-GitHubApiRequest -Path "repos/$($FullName)/contents/$($Path)?ref=$($Branch)" -Method GET).sha + try { + $ContentSha = (Invoke-GitHubApiRequest -Path "repos/$($FullName)/contents/$($Path)?ref=$($Branch)").sha + } catch { + $ContentSha = $null + } $Filename = Split-Path $Path -Leaf $Body = @{ message = $Message ?? "Update $($Filename)" content = $ContentBase64 - sha = $ContentSha branch = $Branch } + if ($ContentSha) { + $Body.sha = $ContentSha + } Invoke-GitHubApiRequest -Path "repos/$($FullName)/contents/$($Path)" -Method PUT -Body $Body } From f529ea5ea9fb39ed26e0105566e5c7f103db1085 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 11 Feb 2025 21:09:32 -0500 Subject: [PATCH 113/138] upload template tweaks --- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 24 ++++++++++++++++++- .../GitHub/Invoke-ListCommunityRepos.ps1 | 2 ++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index 573cb275f16f..845dc1e6906c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -88,12 +88,13 @@ function Invoke-ExecCommunityRepo { $GUID = $Request.Body.GUID $TemplateTable = Get-CIPPTable -TableName templates $TemplateEntity = Get-CIPPAzDataTableEntity @TemplateTable -Filter "RowKey eq '$($GUID)'" + $Branch = $RepoEntity.UploadBranch ?? $RepoEntity.DefaultBranch if ($TemplateEntity) { $Template = $TemplateEntity.JSON | ConvertFrom-Json $DisplayName = $Template.Displayname ?? $Template.templateName ?? $Template.name $Basename = $DisplayName -replace '\s', '_' -replace '[^\w\d_]', '' $Path = '{0}/{1}.json' -f $TemplateEntity.PartitionKey, $Basename - $Results = Push-GitHubContent -FullName $Request.Body.FullName -Path $Path -Content ($TemplateEntity | ConvertTo-Json -Compress) -Message $Request.Body.Message + $Results = Push-GitHubContent -FullName $Request.Body.FullName -Path $Path -Content ($TemplateEntity | ConvertTo-Json -Compress) -Message $Request.Body.Message -Branch $Branch $Results = @{ resultText = "Template '$($DisplayName)' uploaded" @@ -106,6 +107,27 @@ function Invoke-ExecCommunityRepo { } } } + 'SetBranch' { + if (!$RepoEntity) { + $Results = @{ + resultText = "Repository $($Id) not found" + state = 'error' + } + } else { + $Branch = $Request.Body.Branch + if (!$RepoEntity.UploadBranch) { + $RepoEntity | Add-Member -NotePropertyName 'UploadBranch' -NotePropertyValue $Branch + } else { + $RepoEntity.UploadBranch = $Branch + } + $null = Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force + + $Results = @{ + resultText = "Branch set to $Branch" + state = 'success' + } + } + } 'ImportTemplate' { $Path = $Request.Body.Path $FullName = $Request.Body.FullName diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 index 0b8d54094286..b1e33a877336 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -41,6 +41,7 @@ function Invoke-ListCommunityRepos { Visibility = $Repo.Visibility WriteAccess = $Repo.WriteAccess DefaultBranch = $Repo.DefaultBranch + UploadBranch = $Repo.DefaultBranch Permissions = [string]($Repo.RepoPermissions | ConvertTo-Json) } Add-CIPPAzDataTableEntity @Table -Entity $Entity @@ -63,6 +64,7 @@ function Invoke-ListCommunityRepos { Visibility = $_.Visibility WriteAccess = $_.WriteAccess DefaultBranch = $_.DefaultBranch + UploadBranch = $_.UploadBranch ?? $_.DefaultBranch RepoPermissions = $_.Permissions | ConvertFrom-Json } } From 1aba62e6854914406a377513fc003908f5126f66 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 00:10:38 -0500 Subject: [PATCH 114/138] Update Invoke-ListGraphExplorerPresets.ps1 --- .../Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 index d899116de6b1..86153e7e1fc9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphExplorerPresets.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListGraphExplorerPresets { $APIName = $Request.Params.CIPPEndpoint Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Request.Headers)) | ConvertFrom-Json).userDetails + $Username = $Request.Headers['x-ms-client-principal-name'] try { $Table = Get-CIPPTable -TableName 'GraphPresets' From bc714f4deec41239d96816c4cb253faeb9139dba Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 00:50:18 -0500 Subject: [PATCH 115/138] fix community repo table lookup --- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index 845dc1e6906c..169f700987de 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -14,9 +14,29 @@ function Invoke-ExecCommunityRepo { $Action = $Request.Body.Action $Id = $Request.Body.Id + if ($Request.Body.Id) { + $Filter = "PartitionKey eq 'CommunityRepos' and RowKey eq '$($Id)'" + } elseif ($Request.Body.FullName) { + $Filter = "PartitionKey eq 'CommunityRepos' and FullName eq '$($Request.Body.FullName)'" + } else { + $Results = @( + @{ + resultText = 'Id or FullName required' + state = 'error' + } + ) + $Body = @{ + Results = $Results + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) + return + } $Table = Get-CIPPTable -TableName CommunityRepos - $Filter = "PartitionKey eq 'CommunityRepos' and RowKey eq '$($Id)'" $RepoEntity = Get-CIPPAzDataTableEntity @Table -Filter $Filter switch ($Action) { @@ -92,6 +112,14 @@ function Invoke-ExecCommunityRepo { if ($TemplateEntity) { $Template = $TemplateEntity.JSON | ConvertFrom-Json $DisplayName = $Template.Displayname ?? $Template.templateName ?? $Template.name + if ($Template.tenantFilter) { + $Template.tenantFilter = @(@{ label = 'Template Tenant'; value = 'Template Tenant' }) + } + if ($Template.excludedTenants) { + $Template.excludedTenants = @() + } + $TemplateEntity.JSON = $Template | ConvertTo-Json -Compress -Depth 100 + $Basename = $DisplayName -replace '\s', '_' -replace '[^\w\d_]', '' $Path = '{0}/{1}.json' -f $TemplateEntity.PartitionKey, $Basename $Results = Push-GitHubContent -FullName $Request.Body.FullName -Path $Path -Content ($TemplateEntity | ConvertTo-Json -Compress) -Message $Request.Body.Message -Branch $Branch From 16f226f07d53210b97659f64e19b499dfa62d42d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 10:43:27 -0500 Subject: [PATCH 116/138] add error messages --- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index cba461e61906..8b0f635eb146 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -43,8 +43,12 @@ function Invoke-ExecGitHubAction { $Results = @(Get-GitHubBranch @SplatParams) } 'GetOrgs' { - $Orgs = Invoke-GitHubApiRequest -Path 'user/orgs' - $Results = @($Orgs) + try { + $Orgs = Invoke-GitHubApiRequest -Path 'user/orgs' + $Results = @($Orgs) + } catch { + $Results = 'You may not have permission to view organizations, check your PAT scopes and try again - {0}' -f $_.Exception.Message + } } 'GetFileTree' { $Files = (Get-GitHubFileTree @SplatParams).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } } @@ -54,7 +58,12 @@ function Invoke-ExecGitHubAction { $Results = Import-CommunityTemplate @SplatParams } 'CreateRepo' { - $Repo = New-GitHubRepo @SplatParams + try { + $Repo = New-GitHubRepo @SplatParams + } catch { + $Results = 'You may not have permission to create repositories, check your PAT scopes and try again - {0}' -f $_.Exception.Message + break + } if ($Results.id) { $Table = Get-CIPPTable -TableName CommunityRepos $RepoEntity = @{ From 282623e8669fae2e38dc927a6f5998ab07e5a4d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Wed, 12 Feb 2025 17:57:16 +0100 Subject: [PATCH 117/138] New standard for QR code auth method disablement --- .../Public/Set-CIPPAuthenticationPolicy.ps1 | 4 +- .../Invoke-CIPPStandardDisableQRCodePin.ps1 | 56 +++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableQRCodePin.ps1 diff --git a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 index 950d0ba7207d..d3335cc89f35 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1 @@ -109,8 +109,8 @@ function Set-CIPPAuthenticationPolicy { # QR code 'QRCodePin' { if ($State -eq 'enabled') { - $CurrentInfo.pinLength = $QRCodePinLength - $CurrentInfo.standardQRCodeLifetimeInDays = $QRCodeLifetimeInDays + Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Setting $AuthenticationMethodId to enabled is not allowed" -sev Error + throw "Setting $AuthenticationMethodId to enabled is not allowed" } } Default { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableQRCodePin.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableQRCodePin.ps1 new file mode 100644 index 000000000000..98c05fc3c90e --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableQRCodePin.ps1 @@ -0,0 +1,56 @@ +function Invoke-CIPPStandardDisableQRCodePin { + <# + .FUNCTIONALITY + Internal + .COMPONENT + (APIName) DisableQRCodePin + .SYNOPSIS + (Label) Disables QR Code Pin as an MFA method + .DESCRIPTION + (Helptext) This blocks users from using QR Code Pin as an MFA method. If a user only has QR Code Pin as a MFA method, they will be unable to log in. + (DocsDescription) Disables QR Code Pin as an MFA method for the tenant. If a user only has QR Code Pin as a MFA method, they will be unable to sign in. + .NOTES + CAT + Entra (AAD) Standards + TAG + "highimpact" + ADDEDCOMPONENT + IMPACT + High Impact + POWERSHELLEQUIVALENT + Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration + RECOMMENDEDBY + UPDATECOMMENTBLOCK + Run the Tools\Update-StandardsComments.ps1 script to update this comment block + .LINK + https://docs.cipp.app/user-documentation/tenant/standards/list-standards/entra-aad-standards#high-impact + #> + + param($Tenant, $Settings) + + $CurrentState = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/QRCodePin' -tenantid $Tenant + $StateIsCorrect = ($CurrentState.state -eq 'disabled') + + If ($Settings.remediate -eq $true) { + if ($StateIsCorrect -eq $true) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'QR Code Pin authentication method is already disabled.' -sev Info + } else { + try { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'QRCodePin' -Enabled $false + } catch { + } + } + } + + if ($Settings.alert -eq $true) { + if ($StateIsCorrect -eq $true) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'QR Code Pin authentication method is not enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'QR Code Pin authentication method is enabled' -sev Alert + } + } + + if ($Settings.report -eq $true) { + Add-CIPPBPAField -FieldName 'DisableQRCodePin' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant + } +} From 2ff87c120d75eddafebf19b51eeefc316116c367 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 12:30:31 -0500 Subject: [PATCH 118/138] github tweaks add GUID to BPA --- .../Standards/Invoke-ListBPATemplates.ps1 | 5 +- .../Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 56 +++++++++++-------- 2 files changed, 35 insertions(+), 26 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 index 25ef55b55f8c..26d39d4773c9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 @@ -28,14 +28,15 @@ Function Invoke-ListBPATemplates { } $Filter = "PartitionKey eq 'BPATemplate'" - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter).JSON | ConvertFrom-Json + $Templates = Get-CIPPAzDataTableEntity @Table -Filter $Filter if ($Request.Query.RawJson) { $Templates } else { $Templates = $Templates | ForEach-Object { - $Template = $_ + $Template = $_.JSON | ConvertFrom-Json @{ + GUID = $_.GUID Data = $Template.fields Name = $Template.Name Style = $Template.Style diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 8b0f635eb146..76c6c9e26bf6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -47,7 +47,10 @@ function Invoke-ExecGitHubAction { $Orgs = Invoke-GitHubApiRequest -Path 'user/orgs' $Results = @($Orgs) } catch { - $Results = 'You may not have permission to view organizations, check your PAT scopes and try again - {0}' -f $_.Exception.Message + $Results = @{ + resultText = 'You may not have permission to view organizations, check your PAT scopes and try again - {0}' -f $_.Exception.Message + state = 'error' + } } } 'GetFileTree' { @@ -60,35 +63,40 @@ function Invoke-ExecGitHubAction { 'CreateRepo' { try { $Repo = New-GitHubRepo @SplatParams - } catch { - $Results = 'You may not have permission to create repositories, check your PAT scopes and try again - {0}' -f $_.Exception.Message - break - } - if ($Results.id) { - $Table = Get-CIPPTable -TableName CommunityRepos - $RepoEntity = @{ - PartitionKey = 'CommunityRepos' - RowKey = [string]$Repo.id - Name = [string]$Repo.name - Description = [string]$Repo.description - URL = [string]$Repo.html_url - FullName = [string]$Repo.full_name - Owner = [string]$Repo.owner.login - Visibility = [string]$Repo.visibility - WriteAccess = [bool]$Repo.permissions.push - DefaultBranch = [string]$Repo.default_branch - Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) - } - Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force | Out-Null + if ($Results.id) { + $Table = Get-CIPPTable -TableName CommunityRepos + $RepoEntity = @{ + PartitionKey = 'CommunityRepos' + RowKey = [string]$Repo.id + Name = [string]$Repo.name + Description = [string]$Repo.description + URL = [string]$Repo.html_url + FullName = [string]$Repo.full_name + Owner = [string]$Repo.owner.login + Visibility = [string]$Repo.visibility + WriteAccess = [bool]$Repo.permissions.push + DefaultBranch = [string]$Repo.default_branch + Permissions = [string]($Repo.permissions | ConvertTo-Json -Compress) + } + Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force | Out-Null + $Results = @{ + resultText = "Repository '$($Results.name)' created" + state = 'success' + } + } + } catch { $Results = @{ - resultText = "Repository '$($Results.name)' created" - state = 'success' + resultText = 'You may not have permission to create repositories, check your PAT scopes and try again - {0}' -f $_.Exception.Message + state = 'error' } } } default { - $Results = "Error: Unknown action '$Action'" + $Results = @{ + resultText = "Unknown action '$Action'" + state = 'error' + } } } } From 693f43af45c2cf4dcf5ce2ef975523be654896b7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 13:08:36 -0500 Subject: [PATCH 119/138] add scopes to extension test --- .../CIPP/Extensions/Invoke-ExecExtensionTest.ps1 | 8 ++++++-- .../Public/GitHub/Invoke-GitHubApiRequest.ps1 | 5 +++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 index cd71c2024660..a0c36e11d199 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionTest.ps1 @@ -83,9 +83,13 @@ Function Invoke-ExecExtensionTest { $Results = [pscustomobject]@{'Results' = 'Successfully Connected to HIBP' } } 'GitHub' { - $GitHubResponse = Invoke-GitHubApiRequest -Method 'GET' -Path 'user' + $GitHubResponse = Invoke-GitHubApiRequest -Method 'GET' -Path 'user' -ReturnHeaders if ($GitHubResponse.login) { - $Results = [pscustomobject]@{ 'Results' = "Successfully connected to GitHub user: $($GitHubResponse.login)" } + if ($GitHubResponse.Headers.'x-oauth-scopes') { + $Results = [pscustomobject]@{ 'Results' = "Successfully connected to GitHub user: $($GitHubResponse.login) with scopes: $($GitHubResponse.Headers.'x-oauth-scopes')" } + } else { + $Results = [pscustomobject]@{ 'Results' = "Successfully connected to GitHub user: $($GitHubResponse.login) using a Fine Grained PAT" } + } } else { $Results = [pscustomobject]@{ 'Results' = 'Failed to connect to GitHub. Check your API credentials and try again.' } } diff --git a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 index 4cb649260d26..28c114d3d968 100644 --- a/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Invoke-GitHubApiRequest.ps1 @@ -43,9 +43,10 @@ function Invoke-GitHubApiRequest { try { $Response = Invoke-RestMethod @RestMethod if ($ReturnHeaders.IsPresent) { - $ResponseHeaders + $Response | Add-Member -MemberType NoteProperty -Name Headers -Value $ResponseHeaders + return $Response } else { - $Response + return $Response } } catch { throw $_.Exception.Message From c722aee50dc977258878879be864341dc63d15c0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:05:04 -0500 Subject: [PATCH 120/138] Update Invoke-ExecGitHubAction.ps1 --- .../HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index 76c6c9e26bf6..a8f2bef11dd5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -62,6 +62,8 @@ function Invoke-ExecGitHubAction { } 'CreateRepo' { try { + Write-Information "Creating repository '$($SplatParams.Name)'" + Write-Information ($SplatParams | ConvertTo-Json -Depth 10) $Repo = New-GitHubRepo @SplatParams if ($Results.id) { $Table = Get-CIPPTable -TableName CommunityRepos From 353409c4d4fbe8f4ce72b6679b38961e07829da0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:05:44 -0500 Subject: [PATCH 121/138] Update Invoke-ExecGitHubAction.ps1 --- .../HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index a8f2bef11dd5..a906a2154e55 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -88,6 +88,7 @@ function Invoke-ExecGitHubAction { } } } catch { + Write-Information (Get-CippException -Exception $_ | ConvertTo-Json) $Results = @{ resultText = 'You may not have permission to create repositories, check your PAT scopes and try again - {0}' -f $_.Exception.Message state = 'error' From f53725f0c68bd56e045e18a00817e32d26f1e04f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:09:29 -0500 Subject: [PATCH 122/138] Update Invoke-ExecGitHubAction.ps1 --- .../HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index a906a2154e55..ec95816e02ff 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -70,7 +70,7 @@ function Invoke-ExecGitHubAction { $RepoEntity = @{ PartitionKey = 'CommunityRepos' RowKey = [string]$Repo.id - Name = [string]$Repo.name + Name = [string]($Repo.name -replace ' ', '-') Description = [string]$Repo.description URL = [string]$Repo.html_url FullName = [string]$Repo.full_name From a517b9b0e6669634b10c54bdfb824ff448d04acb Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:14:39 -0500 Subject: [PATCH 123/138] add existing check --- Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 index 069271db0dd7..600bc2631ef7 100644 --- a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 +++ b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 @@ -43,7 +43,13 @@ function New-GitHubRepo { $Path = 'user/repos' } + # Check if repo exists + $Existing = Invoke-GitHubApiRequest -Path "$Path/$Name" + if ($Existing.id) { + return $Existing + } + if ($PSCmdlet.ShouldProcess("Create repository '$Name'")) { - Invoke-GitHubApiRequest -Path $Path -Method POST -Body $Body + return (Invoke-GitHubApiRequest -Path $Path -Method POST -Body $Body) } } From ec47a15ba84d30731a9317faa17f694334ed68a8 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:20:39 -0500 Subject: [PATCH 124/138] Update New-GitHubRepo.ps1 --- Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 index 600bc2631ef7..1940a2c30861 100644 --- a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 +++ b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 @@ -44,7 +44,7 @@ function New-GitHubRepo { } # Check if repo exists - $Existing = Invoke-GitHubApiRequest -Path "$Path/$Name" + $Existing = Invoke-GitHubApiRequest -Path "$Path/$Name" -ErrorAction SilentlyContinue if ($Existing.id) { return $Existing } From 785e3ccddfaee2bc3db579d43cfd72dfca063eec Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:22:24 -0500 Subject: [PATCH 125/138] Update New-GitHubRepo.ps1 --- .../CippExtensions/Public/GitHub/New-GitHubRepo.ps1 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 index 1940a2c30861..5d8f06094d74 100644 --- a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 +++ b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 @@ -44,11 +44,12 @@ function New-GitHubRepo { } # Check if repo exists - $Existing = Invoke-GitHubApiRequest -Path "$Path/$Name" -ErrorAction SilentlyContinue - if ($Existing.id) { - return $Existing - } - + try { + $Existing = Invoke-GitHubApiRequest -Path "$Path/$Name" + if ($Existing.id) { + return $Existing + } + } catch { } if ($PSCmdlet.ShouldProcess("Create repository '$Name'")) { return (Invoke-GitHubApiRequest -Path $Path -Method POST -Body $Body) } From 516830011c06980f9b6e15dd57ed5a12be82fb21 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:29:58 -0500 Subject: [PATCH 126/138] create repo tweaks --- Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 index 5d8f06094d74..37cada47fb2f 100644 --- a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 +++ b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 @@ -33,19 +33,21 @@ function New-GitHubRepo { $Body = @{ name = $Name description = $Description - private = $Private + private = $Private.IsPresent license_template = $License } if ($Type -eq 'Org') { $Path = "orgs/$Org/repos" + $Owner = $Org } else { $Path = 'user/repos' + $Owner = (Invoke-GitHubApiRequest -Path 'user').login } # Check if repo exists try { - $Existing = Invoke-GitHubApiRequest -Path "$Path/$Name" + $Existing = Invoke-GitHubApiRequest -Path "repos/$Owner/$Name" if ($Existing.id) { return $Existing } From a743f7fe29c5695d51d6398bea18f95e78c8fbd2 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 15:35:22 -0500 Subject: [PATCH 127/138] fix outputs --- .../HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index 169f700987de..281c85f90adf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -100,7 +100,7 @@ function Invoke-ExecCommunityRepo { Remove-AzDataTableEntity @Table -Entity $Delete } $Results = @{ - resultText = "Repository $($Repo.name) deleted" + resultText = "Repository $($RepoEntity.Name) deleted" state = 'success' } } From 26112367ed24ce4e8ec0ac19bc0dc86f3d64968b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Wed, 12 Feb 2025 22:23:54 +0100 Subject: [PATCH 128/138] template changes --- .../CIPPCore/Public/New-CIPPTemplateRun.ps1 | 19 +--- .../Public/Tools/Import-CommunityTemplate.ps1 | 66 +++++++++++-- .../Public/Tools/Remove-ODataProperties.ps1 | 94 +++++++++++++++++++ 3 files changed, 155 insertions(+), 24 deletions(-) create mode 100644 Modules/CIPPCore/Public/Tools/Remove-ODataProperties.ps1 diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 index 9950c3d40772..cefb1161dc86 100644 --- a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 @@ -6,7 +6,7 @@ function New-CIPPTemplateRun { ) $Table = Get-CippTable -tablename 'templates' $ExistingTemplates = (Get-CIPPAzDataTableEntity @Table) | ForEach-Object { - $data = $_.JSON | ConvertFrom-Json -Depth 100 + $data = $_.JSON | ConvertFrom-Json -ErrorAction SilentlyContinue -Depth 100 $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force $data | Add-Member -NotePropertyName 'PartitionKey' -NotePropertyValue $_.PartitionKey -Force $data @@ -20,30 +20,17 @@ function New-CIPPTemplateRun { } if ($TemplateSettings.templateRepo) { Write-Host 'Grabbing data from required community repo' - <#$RepoURI = "https://geoipdb.azurewebsites.net/api/GetTemplateRepo?repo=$($TemplateSettings.templateRepo.value)" - $RepoData = Invoke-RestMethod -Uri $RepoURI -Method GET -ContentType 'application/json' - $ImportTemplates = foreach ($task in $Tasks) { - switch ($Task) { - 'caTemplates' { $RepoData.ca } - 'policyTemplates' { $RepoData.policyTemplates } - 'groupTemplates' { $RepoData.groupTemplates } - 'standardTemplates' { $RepoData.standardTemplates } - } - }#> $Files = (Get-GitHubFileTree -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepo.branch).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } } - foreach ($File in $Files) { - # find file.name in existing templates $ExistingTemplate = $ExistingTemplates | Where-Object { $_.displayName -eq $File.name } | Select-Object -First 1 if ($ExistingTemplate) { - # check the sha hash of the file against the existing template $UpdateNeeded = $false if ($ExistingTemplate.sha -ne $File.sha -or !$ExistingTemplate.sha) { $UpdateNeeded = $true } - if ($UpdateNeeded) { - + $Template = Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepo.branch -Path $File.path | ConvertFrom-Json + Import-CommunityTemplate -Template $Template -SHA $File.sha } } } diff --git a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 index 3b72795eddd8..077c6265c9bf 100644 --- a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 +++ b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 @@ -6,19 +6,69 @@ function Import-CommunityTemplate { param( [Parameter(Mandatory = $true)] $Template, + $SHA, [switch]$Force ) $Table = Get-CippTable -TableName 'templates' - $Filter = "PartitionKey eq '$Type'" - $CippTemplates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { - $GUID = $_.RowKey - $data = $_.JSON | ConvertFrom-Json - $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $GUID -Force - $data + + if ($Template.RowKey) { + Write-Host "This is going to be a direct write to table, it's a CIPP template. We're writing $($Template.RowKey)" + Add-CIPPAzDataTableEntity @Table -Entity $Template -Force + } else { + switch -Wildcard ($Template.'@odata.type') { + '*conditionalAccessPolicy*' { + $Template = ([pscustomobject]$Template) | ForEach-Object { + $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name + $_ | Select-Object -Property $NonEmptyProperties + } + $id = $Template.id + $Template = $Template | Select-Object * -ExcludeProperty lastModifiedDateTime, 'assignments', '#microsoft*', '*@odata.navigationLink', '*@odata.associationLink', '*@odata.context', 'ScopeTagIds', 'supportsScopeTags', 'createdDateTime', '@odata.id', '@odata.editLink', '*odata.type', 'roleScopeTagIds@odata.type', createdDateTime, 'createdDateTime@odata.type' + Remove-ODataProperties -Object $Template + $RawJson = ConvertTo-Json -InputObject $Template -Depth 100 -Compress + $entity = @{ + JSON = "$RawJson" + PartitionKey = 'CATemplate' + SHA = $SHA + GUID = $ID + RowKey = $ID + } + Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + } + default { + $URLName = switch -Wildcard ($Template.'@odata.id') { + '*CompliancePolicies*' { 'DeviceCompliancePolicies' } + '*deviceConfigurations*' { 'Device' } + '*DriverUpdateProfiles*' { 'windowsDriverUpdateProfiles' } + '*SettingsCatalog*' { 'Catalog' } + '*configurationPolicies*' { 'Catalog' } + } + $id = $Template.id + $RawJson = $Template | Select-Object * -ExcludeProperty id, lastModifiedDateTime, 'assignments', '#microsoft*', '*@odata.navigationLink', '*@odata.associationLink', '*@odata.context', 'ScopeTagIds', 'supportsScopeTags', 'createdDateTime', '@odata.id', '@odata.editLink', 'lastModifiedDateTime@odata.type', 'roleScopeTagIds@odata.type', createdDateTime, 'createdDateTime@odata.type' + Remove-ODataProperties -Object $RawJson + $RawJson = $RawJson | ConvertTo-Json -Depth 100 -Compress + + #create a new template + $RawJsonObj = [PSCustomObject]@{ + Displayname = $Template.displayName ?? $template.Name + Description = $Template.Description + RAWJson = $RawJson + Type = $URLName + GUID = $ID + } | ConvertTo-Json -Depth 100 -Compress + + $entity = @{ + JSON = "$RawJsonObj" + PartitionKey = 'IntuneTemplate' + SHA = $SHA + GUID = $ID + RowKey = $ID + } + Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + + } + } } - $Contents = $Template.content - Write-Host ($Contents) } diff --git a/Modules/CIPPCore/Public/Tools/Remove-ODataProperties.ps1 b/Modules/CIPPCore/Public/Tools/Remove-ODataProperties.ps1 new file mode 100644 index 000000000000..7a098d2732ea --- /dev/null +++ b/Modules/CIPPCore/Public/Tools/Remove-ODataProperties.ps1 @@ -0,0 +1,94 @@ +function Remove-ODataProperties { + [CmdletBinding()] + param( + [Parameter(Mandatory)] + $Object, + [switch]$SkipRemovingProperties, + [string[]]$PropertiesToRemove = @(), + [string[]]$SkipRemoveProperties = @(), + [switch]$SkipRemoveDefaultProperties, + [switch]$SkipRemovingChildProperties + ) + if ($SkipRemovingProperties) { + return + } + $defaultProperties = @( + 'id', + 'createdDateTime', + 'lastModifiedDateTime', + 'supportsScopeTags', + 'modifiedDateTime' + ) + if (-not $Object) { + return + } + $removeProps = New-Object System.Collections.Generic.List[string] + if ($PropertiesToRemove) { + $removeProps.AddRange($PropertiesToRemove) + } + if (-not $SkipRemoveDefaultProperties) { + foreach ($defProp in $defaultProperties) { + if (-not $removeProps.Contains($defProp)) { + $removeProps.Add($defProp) + } + } + } + function Remove-PropertyIfPresent { + param( + [Parameter(Mandatory)] + $psObject, + [Parameter(Mandatory)] + [string]$propName + ) + $propExists = $psObject.PSObject.Properties | Where-Object { $_.Name -eq $propName } + if ($propExists) { + $psObject.PSObject.Properties.Remove($propName) | Out-Null + } + } + + if ($Object -is [System.Collections.IEnumerable] -and -not ($Object -is [string])) { + foreach ($element in $Object) { + Remove-ODataProperties -Object $element -SkipRemovingProperties:$SkipRemovingProperties -PropertiesToRemove $PropertiesToRemove -SkipRemoveProperties $SkipRemoveProperties -SkipRemoveDefaultProperties:$SkipRemoveDefaultProperties -SkipRemovingChildProperties:$SkipRemovingChildProperties + } + return + } + if ($Object -is [PSCustomObject]) { + $odataProps = $Object.PSObject.Properties | Where-Object { + $_.Name -like '*@odata*Link' -or + $_.Name -like '*@odata.context' -or + $_.Name -like '*@odata.id' -or + ($_.Name -like '*@odata.type' -and $_.Name -ne '@odata.type') + } + + foreach ($oProp in $odataProps) { + if (-not $removeProps.Contains($oProp.Name)) { + $removeProps.Add($oProp.Name) + } + } + + foreach ($propName in $removeProps) { + if ($SkipRemoveProperties -notcontains $propName) { + Remove-PropertyIfPresent -psObject $Object -propName $propName + } + } + + if (-not $SkipRemovingChildProperties) { + foreach ($prop in $Object.PSObject.Properties) { + $val = $prop.Value + + if ($val -is [System.Collections.IEnumerable] -and -not ($val -is [string])) { + foreach ($child in $val) { + + if ($child -is [PSCustomObject]) { + Remove-ODataProperties -Object $child -SkipRemovingProperties:$SkipRemovingProperties -PropertiesToRemove $PropertiesToRemove -SkipRemoveProperties $SkipRemoveProperties -SkipRemoveDefaultProperties:$SkipRemoveDefaultProperties -SkipRemovingChildProperties:$SkipRemovingChildProperties + } + } + } + # If $val is a single PSCustomObject, recurse into it as well. + elseif ($val -is [PSCustomObject]) { + Remove-ODataProperties -Object $val -SkipRemovingProperties:$SkipRemovingProperties -PropertiesToRemove $PropertiesToRemove -SkipRemoveProperties $SkipRemoveProperties -SkipRemoveDefaultProperties:$SkipRemoveDefaultProperties -SkipRemovingChildProperties:$SkipRemovingChildProperties + } + } + } + } +} From d0a85ed72dbe7effc7e7f997f13439e415cfd88d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 16:28:27 -0500 Subject: [PATCH 129/138] fix create repo --- .../HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 | 5 ++--- Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 index ec95816e02ff..16e4ec6202b1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1 @@ -63,9 +63,8 @@ function Invoke-ExecGitHubAction { 'CreateRepo' { try { Write-Information "Creating repository '$($SplatParams.Name)'" - Write-Information ($SplatParams | ConvertTo-Json -Depth 10) $Repo = New-GitHubRepo @SplatParams - if ($Results.id) { + if ($Repo.id) { $Table = Get-CIPPTable -TableName CommunityRepos $RepoEntity = @{ PartitionKey = 'CommunityRepos' @@ -83,7 +82,7 @@ function Invoke-ExecGitHubAction { Add-CIPPAzDataTableEntity @Table -Entity $RepoEntity -Force | Out-Null $Results = @{ - resultText = "Repository '$($Results.name)' created" + resultText = "Repository '$($Repo.name)' created" state = 'success' } } diff --git a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 index 37cada47fb2f..27d975d9bcf3 100644 --- a/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 +++ b/Modules/CippExtensions/Public/GitHub/New-GitHubRepo.ps1 @@ -53,6 +53,6 @@ function New-GitHubRepo { } } catch { } if ($PSCmdlet.ShouldProcess("Create repository '$Name'")) { - return (Invoke-GitHubApiRequest -Path $Path -Method POST -Body $Body) + Invoke-GitHubApiRequest -Path $Path -Method POST -Body $Body } } From 238883ad7bb3b61b995dfbdb1eec20983d8a7673 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 16:56:32 -0500 Subject: [PATCH 130/138] remove condition to add missing groups always add missing groups --- .../Push-ExecOnboardTenantQueue.ps1 | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 index 7f9e54f72637..2806f3f9de4b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 @@ -229,25 +229,24 @@ Function Push-ExecOnboardTenantQueue { if ($AccessAssignments.status -notcontains 'pending') { $OnboardingSteps.Step3.Message = 'Group check: Access assignments are mapped and active' $OnboardingSteps.Step3.Status = 'succeeded' - if ($Item.AddMissingGroups -eq $true) { - $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = 'Checking for missing groups for SAM user' }) - $SamUserId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me?`$select=id").id - $CurrentMemberships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/transitiveMemberOf?`$select=id,displayName" - foreach ($Role in $Item.Roles) { - if ($CurrentMemberships.id -notcontains $Role.GroupId) { - $PostBody = @{ - '@odata.id' = 'https://graph.microsoft.com/v1.0/directoryObjects/{0}' -f $SamUserId - } | ConvertTo-Json -Compress - try { - New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($Role.GroupId)/members/`$ref" -body $PostBody -AsApp $true -NoAuthCheck $true - $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = "Added SAM user to $($Role.GroupName)" }) - } catch { - $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = "Failed to add SAM user to $($Role.GroupName) - $($_.Exception.Message)" }) - } + + $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = 'Checking for missing groups for SAM user' }) + $SamUserId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me?`$select=id" -NoAuthCheck $true).id + $CurrentMemberships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/transitiveMemberOf?`$select=id,displayName" -NoAuthCheck $true + foreach ($Role in $Item.Roles) { + if ($CurrentMemberships.id -notcontains $Role.GroupId) { + $PostBody = @{ + '@odata.id' = 'https://graph.microsoft.com/v1.0/directoryObjects/{0}' -f $SamUserId + } | ConvertTo-Json -Compress + try { + New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($Role.GroupId)/members/`$ref" -body $PostBody -AsApp $true -NoAuthCheck $true + $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = "Added SAM user to $($Role.GroupName)" }) + } catch { + $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = "Failed to add SAM user to $($Role.GroupName) - $($_.Exception.Message)" }) } } - $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = 'SAM user group check completed' }) } + $Logs.Add([PSCustomObject]@{ Date = (Get-Date).ToUniversalTime(); Log = 'SAM user group check completed' }) } else { $OnboardingSteps.Step3.Message = 'Group check: Access assignments are still pending, try again later' $OnboardingSteps.Step3.Status = 'failed' From 0cce88a310d537efdd21aaf513faeaff791481c7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 17:25:29 -0500 Subject: [PATCH 131/138] fix one off import option --- .../HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index 281c85f90adf..9c960cfc1cec 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -161,7 +161,7 @@ function Invoke-ExecCommunityRepo { $FullName = $Request.Body.FullName $Branch = $Request.Body.Branch $Template = Get-GitHubFileContents -FullName $FullName -Path $Path -Branch $Branch - Import-CommunityTemplate -Template $Template + Import-CommunityTemplate -Template $Template.content -SHA $Template.sha } default { $Results = @{ From f2e3478515b8bb47837b36ab176a9768db610a51 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Wed, 12 Feb 2025 23:31:29 +0100 Subject: [PATCH 132/138] group imports --- .../CIPPCore/Public/New-CIPPTemplateRun.ps1 | 11 ++++++--- .../Public/Tools/Import-CommunityTemplate.ps1 | 23 ++++++++++++++++++- .../Public/GitHub/Get-GitHubFileContents.ps1 | 6 +++-- 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 index cefb1161dc86..d07833a661c8 100644 --- a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 @@ -9,6 +9,7 @@ function New-CIPPTemplateRun { $data = $_.JSON | ConvertFrom-Json -ErrorAction SilentlyContinue -Depth 100 $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force $data | Add-Member -NotePropertyName 'PartitionKey' -NotePropertyValue $_.PartitionKey -Force + $data | Add-Member -NotePropertyName 'SHA' -NotePropertyValue $_.SHA -Force $data } | Sort-Object -Property displayName @@ -20,21 +21,25 @@ function New-CIPPTemplateRun { } if ($TemplateSettings.templateRepo) { Write-Host 'Grabbing data from required community repo' - $Files = (Get-GitHubFileTree -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepo.branch).tree | Where-Object { $_.path -match '.json$' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } } + $Files = (Get-GitHubFileTree -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value).tree | Where-Object { $_.path -match '.json$' -and $_.path -notmatch 'NativeImport' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } } foreach ($File in $Files) { $ExistingTemplate = $ExistingTemplates | Where-Object { $_.displayName -eq $File.name } | Select-Object -First 1 + $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json if ($ExistingTemplate) { $UpdateNeeded = $false if ($ExistingTemplate.sha -ne $File.sha -or !$ExistingTemplate.sha) { $UpdateNeeded = $true } if ($UpdateNeeded) { - $Template = Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepo.branch -Path $File.path | ConvertFrom-Json + Write-Host "Template $($File.name) needs to be updated as the SHA is different" Import-CommunityTemplate -Template $Template -SHA $File.sha } + } else { + Write-Host "Template $($File.name) needs to be created" + Import-CommunityTemplate -Template $Template -SHA $File.sha + } } - } else { foreach ($Task in $Tasks) { Write-Host "Working on task $Task" diff --git a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 index 077c6265c9bf..eb25562f754c 100644 --- a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 +++ b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 @@ -17,7 +17,28 @@ function Import-CommunityTemplate { Write-Host "This is going to be a direct write to table, it's a CIPP template. We're writing $($Template.RowKey)" Add-CIPPAzDataTableEntity @Table -Entity $Template -Force } else { - switch -Wildcard ($Template.'@odata.type') { + if ($Template.groupTypes) { $Type = 'Group' } + if ($Template.'@odata.type' -like '*conditionalAccessPolicy*') { $Type = 'ConditionalAccessPolicy' } + + switch -Wildcard ($Type) { + '*Group*' { + $RawJsonObj = [PSCustomObject]@{ + Displayname = $Template.displayName + Description = $Template.Description + MembershipRules = $Template.membershipRule + username = $Template.mailNickname + GUID = $Template.id + groupType = 'generic' + } | ConvertTo-Json -Depth 100 -Compress + $entity = @{ + JSON = "$RawJsonObj" + PartitionKey = 'GroupTemplate' + SHA = $SHA + GUID = $Template.id + RowKey = $Template.id + } + Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + } '*conditionalAccessPolicy*' { $Template = ([pscustomobject]$Template) | ForEach-Object { $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name diff --git a/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 index 684bf99927ba..489bc89a8833 100644 --- a/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 +++ b/Modules/CippExtensions/Public/GitHub/Get-GitHubFileContents.ps1 @@ -15,11 +15,13 @@ function Get-GitHubFileContents { $Path = "repos/$($FullName)/contents/$($Path)?ref=$($Branch)" #Write-Information $Path $File = Invoke-GitHubApiRequest -Path $Path -Method GET - + $content = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($File.content)) + #If the first character is a BOM, remove it + if ($content[0] -eq [char]65279) { $content = $content.Substring(1) } return [PSCustomObject]@{ name = $File.name path = $File.path - content = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($File.content)) + content = $content sha = $File.sha size = $File.size } From 5193fa24713f52694e1046cedef145974e73053c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Wed, 12 Feb 2025 23:31:28 +0100 Subject: [PATCH 133/138] Casing and a bit of cleanup --- .../Administration/Groups/Invoke-AddGroup.ps1 | 96 +++++++++---------- 1 file changed, 46 insertions(+), 50 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 index 5030d5be235c..c43275d2167e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 @@ -11,80 +11,76 @@ Function Invoke-AddGroup { param($Request, $TriggerMetadata) $APIName = $Request.Params.CIPPEndpoint - Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $SelectedTenants = if ('AllTenants' -in $SelectedTenants) { (Get-Tenants).defaultDomainName } else { $Request.body.tenantFilter.value ? $Request.body.tenantFilter.value : $Request.body.tenantFilter } + Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev Debug - $groupobj = $Request.body - $SelectedTenants = $request.body.tenantfilter.value ? $request.body.tenantfilter.value : $request.body.tenantfilter - if ('AllTenants' -in $SelectedTenants) { $SelectedTenants = (Get-Tenants).defaultDomainName } - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - $results = foreach ($tenant in $SelectedTenants) { + $GroupObject = $Request.body + + $Results = foreach ($tenant in $SelectedTenants) { try { - $email = if ($groupobj.primDomain.value) { "$($groupobj.username)@$($groupobj.primDomain.value)" } else { "$($groupobj.username)@$($tenant)" } - if ($groupobj.groupType -in 'Generic', 'azurerole', 'dynamic', 'm365') { + $Email = if ($GroupObject.primDomain.value) { "$($GroupObject.username)@$($GroupObject.primDomain.value)" } else { "$($GroupObject.username)@$($tenant)" } + if ($GroupObject.groupType -in 'Generic', 'azurerole', 'dynamic', 'm365') { - $BodyToship = [pscustomobject] @{ - 'displayName' = $groupobj.Displayname - 'description' = $groupobj.Description - 'mailNickname' = $groupobj.username + $BodyParams = [pscustomobject] @{ + 'displayName' = $GroupObject.displayName + 'description' = $GroupObject.description + 'mailNickname' = $GroupObject.username mailEnabled = [bool]$false securityEnabled = [bool]$true - isAssignableToRole = [bool]($groupobj | Where-Object -Property groupType -EQ 'AzureRole') + isAssignableToRole = [bool]($GroupObject | Where-Object -Property groupType -EQ 'AzureRole') } - if ($groupobj.membershipRules) { - $BodyToship | Add-Member -NotePropertyName 'membershipRule' -NotePropertyValue ($groupobj.membershipRules) - $BodyToship | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('DynamicMembership') - $BodyToship | Add-Member -NotePropertyName 'membershipRuleProcessingState' -NotePropertyValue 'On' + if ($GroupObject.membershipRules) { + $BodyParams | Add-Member -NotePropertyName 'membershipRule' -NotePropertyValue ($GroupObject.membershipRules) + $BodyParams | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('DynamicMembership') + $BodyParams | Add-Member -NotePropertyName 'membershipRuleProcessingState' -NotePropertyValue 'On' } - if ($groupobj.groupType -eq 'm365') { - $BodyToship | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('Unified') + if ($GroupObject.groupType -eq 'm365') { + $BodyParams | Add-Member -NotePropertyName 'groupTypes' -NotePropertyValue @('Unified') } - if ($groupobj.owners -AND $groupobj.groupType -in 'generic', 'azurerole', 'security') { - $BodyToship | Add-Member -NotePropertyName 'owners@odata.bind' -NotePropertyValue (($groupobj.AddOwner) | ForEach-Object { "https://graph.microsoft.com/v1.0/users/$($_.value)" }) - $bodytoship.'owners@odata.bind' = @($bodytoship.'owners@odata.bind') + if ($GroupObject.owners -AND $GroupObject.groupType -in 'generic', 'azurerole', 'security') { + $BodyParams | Add-Member -NotePropertyName 'owners@odata.bind' -NotePropertyValue (($GroupObject.AddOwner) | ForEach-Object { "https://graph.microsoft.com/v1.0/users/$($_.value)" }) + $BodyParams.'owners@odata.bind' = @($BodyParams.'owners@odata.bind') } - if ($groupobj.members -AND $groupobj.groupType -in 'generic', 'azurerole', 'security') { - $BodyToship | Add-Member -NotePropertyName 'members@odata.bind' -NotePropertyValue (($groupobj.AddMember) | ForEach-Object { "https://graph.microsoft.com/v1.0/users/$($_.value)" }) - $BodyToship.'members@odata.bind' = @($BodyToship.'members@odata.bind') + if ($GroupObject.members -AND $GroupObject.groupType -in 'generic', 'azurerole', 'security') { + $BodyParams | Add-Member -NotePropertyName 'members@odata.bind' -NotePropertyValue (($GroupObject.AddMember) | ForEach-Object { "https://graph.microsoft.com/v1.0/users/$($_.value)" }) + $BodyParams.'members@odata.bind' = @($BodyParams.'members@odata.bind') } - $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyToship -Depth 10) -verbose + $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyParams -Depth 10) -Verbose } else { - if ($groupobj.groupType -eq 'dynamicdistribution') { - $Params = @{ - Name = $groupobj.Displayname - RecipientFilter = $groupobj.membershipRules - PrimarySmtpAddress = $email + if ($GroupObject.groupType -eq 'dynamicDistribution') { + $ExoParams = @{ + Name = $GroupObject.displayName + RecipientFilter = $GroupObject.membershipRules + PrimarySmtpAddress = $Email } - $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $params + $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $ExoParams } else { - $Params = @{ - Name = $groupobj.Displayname - Alias = $groupobj.username - Description = $groupobj.Description - PrimarySmtpAddress = $email - Type = $groupobj.groupType - RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal + $ExoParams = @{ + Name = $GroupObject.displayName + Alias = $GroupObject.username + Description = $GroupObject.description + PrimarySmtpAddress = $Email + Type = $GroupObject.groupType + RequireSenderAuthenticationEnabled = [bool]!$GroupObject.allowExternal } - $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params + $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $ExoParams } - #$GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params - # At some point add logic to use AddOwner/AddMember for New-DistributionGroup, but idk how we're going to brr that - rvdwegen } - "Successfully created group $($groupobj.displayname) for $($tenant)" - Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id)" -Sev 'Info' + "Successfully created group $($GroupObject.displayName) for $($tenant)" + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $tenant -message "Created group $($GroupObject.displayName) with id $($GraphRequest.id)" -Sev Info } catch { - Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $tenant -message "Group creation API failed. $($_.Exception.Message)" -Sev 'Error' - "Failed to create group. $($groupobj.displayname) for $($tenant) $($_.Exception.Message)" + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -headers $Request.Headers -API $APIName -tenant $tenant -message "Group creation API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + "Failed to create group. $($GroupObject.displayName) for $($tenant) $($ErrorMessage.NormalizedError)" } } - $body = [pscustomobject]@{'Results' = @($results) } + $ResponseBody = [pscustomobject]@{'Results' = @($Results) } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = $Body + Body = $ResponseBody }) - } From c64a5e9fd5a5addbbd10362f611a8f9e4f7d328c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 17:43:40 -0500 Subject: [PATCH 134/138] add import error handling and output --- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index 9c960cfc1cec..dd6c3d81ca26 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -160,8 +160,20 @@ function Invoke-ExecCommunityRepo { $Path = $Request.Body.Path $FullName = $Request.Body.FullName $Branch = $Request.Body.Branch - $Template = Get-GitHubFileContents -FullName $FullName -Path $Path -Branch $Branch - Import-CommunityTemplate -Template $Template.content -SHA $Template.sha + try { + $Template = Get-GitHubFileContents -FullName $FullName -Path $Path -Branch $Branch + $Content = $Template.content | ConvertFrom-Json + Import-CommunityTemplate -Template $Content -SHA $Template.sha + $Results = @{ + resultText = 'Template imported' + state = 'success' + } + } catch { + $Results = @{ + resultText = "Error importing template: $($_.Exception.Message)" + state = 'error' + } + } } default { $Results = @{ From 634c0bca8213af773063dd4c67b45ac6968f834a Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 13 Feb 2025 00:20:21 +0100 Subject: [PATCH 135/138] CA and groups --- .../CIPPCore/Public/New-CIPPTemplateRun.ps1 | 10 ++++++++-- .../Public/Tools/Import-CommunityTemplate.ps1 | 18 +++++++++++++++--- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 index d07833a661c8..4f91cf17fae2 100644 --- a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 @@ -22,7 +22,13 @@ function New-CIPPTemplateRun { if ($TemplateSettings.templateRepo) { Write-Host 'Grabbing data from required community repo' $Files = (Get-GitHubFileTree -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value).tree | Where-Object { $_.path -match '.json$' -and $_.path -notmatch 'NativeImport' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } } + #if there is a migration table file, file the file. Store the file contents in $migrationtable + $MigrationTable = $Files | Where-Object { $_.name -eq 'MigrationTable' } | Select-Object -Last 1 + if ($MigrationTable) { + $MigrationTable = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $MigrationTable.path).content | ConvertFrom-Json + } foreach ($File in $Files) { + if ($File.name -eq 'MigrationTable') { continue } $ExistingTemplate = $ExistingTemplates | Where-Object { $_.displayName -eq $File.name } | Select-Object -First 1 $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json if ($ExistingTemplate) { @@ -32,11 +38,11 @@ function New-CIPPTemplateRun { } if ($UpdateNeeded) { Write-Host "Template $($File.name) needs to be updated as the SHA is different" - Import-CommunityTemplate -Template $Template -SHA $File.sha + Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable } } else { Write-Host "Template $($File.name) needs to be created" - Import-CommunityTemplate -Template $Template -SHA $File.sha + Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable } } diff --git a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 index eb25562f754c..396757529a9f 100644 --- a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 +++ b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 @@ -7,6 +7,7 @@ function Import-CommunityTemplate { [Parameter(Mandatory = $true)] $Template, $SHA, + $MigrationTable, [switch]$Force ) @@ -15,12 +16,14 @@ function Import-CommunityTemplate { if ($Template.RowKey) { Write-Host "This is going to be a direct write to table, it's a CIPP template. We're writing $($Template.RowKey)" + $Template = $Template | Select-Object * -ExcludeProperty timestamp Add-CIPPAzDataTableEntity @Table -Entity $Template -Force } else { - if ($Template.groupTypes) { $Type = 'Group' } + if ($Template.mailNickname) { $Type = 'Group' } if ($Template.'@odata.type' -like '*conditionalAccessPolicy*') { $Type = 'ConditionalAccessPolicy' } - + Write-Host "The type is $Type" switch -Wildcard ($Type) { + '*Group*' { $RawJsonObj = [PSCustomObject]@{ Displayname = $Template.displayName @@ -29,7 +32,7 @@ function Import-CommunityTemplate { username = $Template.mailNickname GUID = $Template.id groupType = 'generic' - } | ConvertTo-Json -Depth 100 -Compress + } | ConvertTo-Json -Depth 100 $entity = @{ JSON = "$RawJsonObj" PartitionKey = 'GroupTemplate' @@ -38,8 +41,10 @@ function Import-CommunityTemplate { RowKey = $Template.id } Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + break } '*conditionalAccessPolicy*' { + Write-Host $MigrationTable $Template = ([pscustomobject]$Template) | ForEach-Object { $NonEmptyProperties = $_.psobject.Properties | Where-Object { $null -ne $_.Value } | Select-Object -ExpandProperty Name $_ | Select-Object -Property $NonEmptyProperties @@ -48,6 +53,12 @@ function Import-CommunityTemplate { $Template = $Template | Select-Object * -ExcludeProperty lastModifiedDateTime, 'assignments', '#microsoft*', '*@odata.navigationLink', '*@odata.associationLink', '*@odata.context', 'ScopeTagIds', 'supportsScopeTags', 'createdDateTime', '@odata.id', '@odata.editLink', '*odata.type', 'roleScopeTagIds@odata.type', createdDateTime, 'createdDateTime@odata.type' Remove-ODataProperties -Object $Template $RawJson = ConvertTo-Json -InputObject $Template -Depth 100 -Compress + #Replace the ids with the displayname by using the migration table, this is a simple find and replace each instance in the JSON. + $MigrationTable.objects | ForEach-Object { + if ($RawJson -match $_.ID) { + $RawJson = $RawJson.Replace($_.ID, $($_.DisplayName)) + } + } $entity = @{ JSON = "$RawJson" PartitionKey = 'CATemplate' @@ -56,6 +67,7 @@ function Import-CommunityTemplate { RowKey = $ID } Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + break } default { $URLName = switch -Wildcard ($Template.'@odata.id') { From f06235477a9146253c5bf49b944a3e2476327f6f Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 13 Feb 2025 00:21:11 +0100 Subject: [PATCH 136/138] update template run --- Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 index 4f91cf17fae2..ba6144f6b69d 100644 --- a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 @@ -28,7 +28,7 @@ function New-CIPPTemplateRun { $MigrationTable = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $MigrationTable.path).content | ConvertFrom-Json } foreach ($File in $Files) { - if ($File.name -eq 'MigrationTable') { continue } + if ($File.name -eq 'MigrationTable' -or $file.name -eq 'ALLOWED COUNTRIES') { continue } $ExistingTemplate = $ExistingTemplates | Where-Object { $_.displayName -eq $File.name } | Select-Object -First 1 $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json if ($ExistingTemplate) { From fdae6f36f64e70c5f6193c6c3c59254fb5fe5feb Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 13 Feb 2025 00:32:24 +0100 Subject: [PATCH 137/138] migration table edit --- .../Tools/GitHub/Invoke-ExecCommunityRepo.ps1 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 index dd6c3d81ca26..d3ecd953afef 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecCommunityRepo.ps1 @@ -162,8 +162,18 @@ function Invoke-ExecCommunityRepo { $Branch = $Request.Body.Branch try { $Template = Get-GitHubFileContents -FullName $FullName -Path $Path -Branch $Branch + $Content = $Template.content | ConvertFrom-Json - Import-CommunityTemplate -Template $Content -SHA $Template.sha + if ($Content.'@odata.type' -like '*conditionalAccessPolicy*') { + $Files = (Get-GitHubFileTree -FullName $FullName -Branch $Branch).tree | Where-Object { $_.path -match '.json$' -and $_.path -notmatch 'NativeImport' } | Select-Object *, @{n = 'html_url'; e = { "https://github.com/$($SplatParams.FullName)/tree/$($SplatParams.Branch)/$($_.path)" } }, @{n = 'name'; e = { ($_.path -split '/')[ -1 ] -replace '\.json$', '' } } + + $MigrationTable = $Files | Where-Object { $_.name -eq 'MigrationTable' } | Select-Object -Last 1 + if ($MigrationTable) { + Write-Host 'Found a migration table, getting contents' + $MigrationTable = (Get-GitHubFileContents -FullName $FullName -Branch $Branch -Path $MigrationTable.path).content | ConvertFrom-Json + } + } + Import-CommunityTemplate -Template $Content -SHA $Template.sha -MigrationTable $MigrationTable $Results = @{ resultText = 'Template imported' state = 'success' From e30aaa9e1a850a03fa0b493013262fff83da98a5 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Feb 2025 18:44:57 -0500 Subject: [PATCH 138/138] up version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 1996c504476f..0ee843cc6046 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -7.1.3 +7.2.0