Merge pull request #2076 from microsoft/main

Release 4-24-24
microsoft · Apr 24, 2024 · 0a0ec62 · 0a0ec62
2 parents 568069f + 58886df
commit 0a0ec62
Show file tree

Hide file tree

Showing 10 changed files with 241 additions and 39 deletions.
diff --git a/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1 b/Calendar/CalLogHelpers/ShortClientNameFunctions.ps1
@@ -6,15 +6,41 @@
 # ===================================================================================================
 function FindMatch {
     param(
-        [HashTable] $PassedHash
+        #  [HashTable] $ShortClientNameProcessor,
+        [string] $KeyInput
     )
-    foreach ($Val in $PassedHash.keys) {
+    foreach ($Val in $ShortClientNameProcessor.keys) {
         if ($KeyInput -like "*$Val*") {
-            return $PassedHash[$Val]
+            return $ShortClientNameProcessor[$Val]
         }
     }
 }
 
+$ShortClientNameProcessor = @{
+    'Client=Hub Transport'                       = "Transport"
+    'Client=MSExchangeRPC'                       = "Outlook : Desktop"
+    'OneOutlook'                                 = "OneOutlook"
+    'Lync for Mac'                               = "LyncMac"
+    'AppId=00000004-0000-0ff1-ce00-000000000000' = "SkypeMMS"
+    'MicrosoftNinja'                             = "Teams"
+    'SkypeSpaces'                                = "Teams"
+    'Remove-CalendarEvents'                      = "RemoveCalendarEvent"
+    'Client=POP3/IMAP4'                          = "PopImap"
+    'Client=OWA'                                 = "OWA"
+    'PublishedBookingCalendar'                   = "BookingAgent"
+    'LocationAssistantProcessor'                 = "LocationProcessor"
+    'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d' = "CalendarReplication"
+    'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0' = "CiscoWebex"
+    'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f' = "Time Service"
+    'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086' = "RestConnector"
+    'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419' = "Bookings B2 Service"
+    'GriffinRestClient'                          = "GriffinRestClient"
+    'MacOutlook'                                 = "MacOutlookRest"
+    'Outlook-iOS-Android'                        = "OutlookMobile"
+    'Client=OutlookService;Outlook-Android'      = "OutlookAndroid"
+    'Client=OutlookService;Outlook-iOS'          = "OutlookiOS"
+}
+
 <#
 .SYNOPSIS
 Creates friendly / short client names from the ClientInfoString
@@ -23,11 +49,12 @@ function CreateShortClientName {
     param(
         $ClientInfoString
     )
-    $ShortClientName= @()
+    $ShortClientName= ""
 
     # Map ClientInfoString to ShortClientName
-    if (!$ClientInfoString) {
+    if ([string]::IsNullOrEmpty($ClientInfoString)) {
         $ShortClientName = "NotFound"
+        return $ShortClientName
     }
 
     if ($ClientInfoString -like "Client=EBA*" -or $ClientInfoString -like "Client=TBA*") {
@@ -82,8 +109,8 @@ function CreateShortClientName {
             $ShortClientName = "[Unknown Rest Client]"
         }
         #    Client=WebServices;Mozilla/5.0 (ZoomPresence.Android 8.1.0 x86);
-    } else {
-        $ShortClientName = findMatch -PassedHash $ShortClientNameProcessor
+    } elseif ($ShortClientName -eq "") {
+        $ShortClientName = findMatch -KeyInput $ClientInfoString
     }
 
     if ($ShortClientName -eq "" -And $ClientInfoString -like "Client=WebServices*") {
@@ -117,28 +144,3 @@ function CreateShortClientName {
 
     return $ShortClientName
 }
-
-$ShortClientNameProcessor = @{
-    'Client=Hub Transport'                       = "Transport"
-    'Client=MSExchangeRPC'                       = "Outlook-MAPI"
-    'OneOutlook'                                 = "OneOutlook"
-    'Lync for Mac'                               = "LyncMac"
-    'AppId=00000004-0000-0ff1-ce00-000000000000' = "SkypeMMS"
-    'MicrosoftNinja'                             = "Teams"
-    'SkypeSpaces'                                = "Teams"
-    'Remove-CalendarEvents'                      = "RemoveCalendarEvent"
-    'Client=POP3/IMAP4'                          = "PopImap"
-    'Client=OWA'                                 = "OWA"
-    'PublishedBookingCalendar'                   = "BookingAgent"
-    'LocationAssistantProcessor'                 = "LocationProcessor"
-    'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d' = "CalendarReplication"
-    'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0' = "CiscoWebex"
-    'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f' = "Time Service"
-    'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086' = "RestConnector"
-    'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419' = "Bookings B2 Service"
-    'GriffinRestClient'                          = "GriffinRestClient"
-    'MacOutlook'                                 = "MacOutlookRest"
-    'Outlook-iOS-Android'                        = "OutlookMobile"
-    'Client=OutlookService;Outlook-Android'      = "OutlookAndroid"
-    'Client=OutlookService;Outlook-iOS'          = "OutlookiOS"
-}
diff --git a/Calendar/Tests/ShortClientNameFunctions.Tests.ps1 b/Calendar/Tests/ShortClientNameFunctions.Tests.ps1
@@ -0,0 +1,183 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+[CmdletBinding()]
+param()
+
+Describe "CreateShortClientName" {
+    BeforeAll {
+        . $PSScriptRoot\..\CalLogHelpers\ShortClientNameFunctions.ps1
+    }
+
+    Context "When ClientInfoString is empty" {
+        It "Should return 'NotFound'" {
+            $result = CreateShortClientName -ClientInfoString ""
+            $result | Should -Be "NotFound"
+        }
+    }
+
+    Context "When ClientInfoString is Client=MSExchangeRPC" {
+        It "Should return 'Outlook : Desktop'" {
+            $result = CreateShortClientName -ClientInfoString "Client=MSExchangeRPC"
+            $result | Should -Be "Outlook : Desktop"
+        }
+    }
+
+    Context "When ClientInfoString is Client=Hub Transport" {
+        It "Should return 'Outlook : Desktop'" {
+            $result = CreateShortClientName -ClientInfoString "Client=Hub Transport"
+            $result | Should -Be "Transport"
+        }
+    }
+
+    Context "When ClientInfoString is Client=OutlookService;Outlook-iOS/2.0;;Outlook-iOS/2.0" {
+        It "Should return 'Outlook : Desktop'" {
+            $result = CreateShortClientName -ClientInfoString "Client=OutlookService;Outlook-iOS/2.0;;Outlook-iOS/2.0"
+            $result | Should -Be "OutlookiOS"
+        }
+    }
+
+    Context "When ClientInfoString FileContentMatch 'Client=EBA' or 'Client=TBA'" {
+        It "Should return 'ResourceBookingAssistant' if ClientInfoString FileContentMatch 'ResourceBookingAssistant'" {
+            $result = CreateShortClientName "Client=EBA;Action=FreeBusyPublishingAssistant;ResourceBookingAssistant"
+            $result | Should -Be "ResourceBookingAssistant"
+        }
+
+        It "Should return 'CalendarRepairAssistant' if ClientInfoString FileContentMatch 'CalendarRepairAssistant'" {
+            $result = CreateShortClientName "Client=TBA;Service=MSExchangeMailboxAssistants;Action=CalendarRepairAssistant"
+            $result | Should -Be "CalendarRepairAssistant"
+        }
+
+        It "Should return the concatenated client, action, and data if ClientInfoString does not contain 'ResourceBookingAssistant' or 'CalendarRepairAssistant'" {
+            $result = CreateShortClientName "Client=EBA;Action=Delete;Data=789"
+            $result | Should -Be "EBA:Delete;Data=789"
+        }
+    }
+
+    Context "When ClientInfoString FileContentMatch 'Client=ActiveSync'" {
+        It "Should return the user agent if ClientInfoString FileContentMatch 'UserAgent='" {
+            $result = CreateShortClientName  "Client=ActiveSync;UserAgent=Apple-iPhone9C1/1402.100;Version=160;Action=/Microsoft-Server-ActiveSync/Proxy/[email protected]&DeviceId=MyTestDevice&DeviceType=iPhone&Cmd=Sync"
+            $result | Should -Be "Apple-iPhone9C1"
+        }
+
+        It "Should return the user agent if ClientInfoString FileContentMatch 'UserAgent='" {
+            $result = CreateShortClientName  "Client=ActiveSync;UserAgent=Android-14/;Action=/Microsoft-Server-ActiveSync/Proxy/default.eas"
+            $result | Should -Be "Android-14"
+        }
+
+        It "Should return unknown if the user agent is Blank" {
+            $result = CreateShortClientName "Client=ActiveSync;UserAgent=;Action=/Microsoft-Server-ActiveSync/default.eas?Cmd=SendMail"
+            $result | Should -Be "ActiveSyncUnknown"
+        }
+
+        It "Should return 'Outlook-ModernCalendarSharing' if ClientInfoString FileContentMatch 'Outlook-iOS-Android'" {
+            $result = CreateShortClientName "Client=ActiveSync;UserAgent=Outlook-iOS-Android/1.0;Action=/Microsoft-Server-ActiveSync/Proxy/default.eas?User=test%40microsoft.com&DeviceId=BF36923991ADFBA9&DeviceType=Outlook&Cmd=SendMail"
+            $result | Should -Be "Outlook-ModernCalendarSharing"
+        }
+
+        It "Should return 'ActiveSyncUnknown' if ClientInfoString does not match any conditions" {
+            $result = CreateShortClientName "Client=ActiveSync;UnknownClient"
+            $result | Should -Be "ActiveSyncUnknown"
+        }
+    }
+
+    Context "When ClientInfoString FileContentMatch 'Client=Rest'" {
+        It "Should return 'LocationProcessor' if ClientInfoString FileContentMatch 'LocationAssistantProcessor'" {
+            $result = CreateShortClientName "Client=Rest;LocationAssistantProcessor"
+            $result | Should -Be "LocationProcessor"
+        }
+
+        It "Should return 'CalendarReplication' if ClientInfoString FileContentMatch 'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d'" {
+            $result = CreateShortClientName "Client=Rest;AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d"
+            $result | Should -Be "CalendarReplication"
+        }
+
+        It "Should return 'CiscoWebex' if ClientInfoString FileContentMatch 'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0'" {
+            $result = CreateShortClientName "Client=Rest;AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0"
+            $result | Should -Be "CiscoWebex"
+        }
+
+        It "Should return 'TimeService' if ClientInfoString FileContentMatch 'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f'" {
+            $result = CreateShortClientName "Client=Rest;AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f"
+            $result | Should -Be "TimeService"
+        }
+
+        It "Should return 'RestConnector' if ClientInfoString FileContentMatch 'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086'" {
+            $result = CreateShortClientName "Client=Rest;AppId=48af08dc-f6d2-435f-b2a7-069abd99c086"
+            $result | Should -Be "RestConnector"
+        }
+
+        It "Should return 'OutlookAndroid' if ClientInfoString FileContentMatch 'Client=OutlookService;Outlook-Android'" {
+            $result = CreateShortClientName "Client=Rest;Client=OutlookService;Outlook-Android"
+            $result | Should -Be "OutlookAndroid"
+        }
+
+        It "Should return 'GriffinRestClient' if ClientInfoString FileContentMatch 'GriffinRestClient'" {
+            $result = CreateShortClientName "Client=Rest;GriffinRestClient"
+            $result | Should -Be "GriffinRestClient"
+        }
+
+        It "Should return 'MacOutlookRest' if ClientInfoString FileContentMatch 'MacOutlook'" {
+            $result = CreateShortClientName "Client=Rest;MacOutlook"
+            $result | Should -Be "MacOutlookRest"
+        }
+
+        It "Should return 'Outlook-ModernCalendarSharing' if ClientInfoString FileContentMatch 'Microsoft Outlook 16'" {
+            $result = CreateShortClientName "Client=Rest;Microsoft Outlook 16"
+            $result | Should -Be "Outlook-ModernCalendarSharing"
+        }
+
+        It "Should return 'Teams' if ClientInfoString FileContentMatch 'SkypeSpaces'" {
+            $result = CreateShortClientName "Client=Rest;SkypeSpaces"
+            $result | Should -Be "Teams"
+        }
+
+        It "Should return 'Bookings B2 Service' if ClientInfoString FileContentMatch 'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419'" {
+            $result = CreateShortClientName "Client=Rest;AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419"
+            $result | Should -Be "Bookings B2 Service"
+        }
+
+        It "Should return 'ELC-B2' if ClientInfoString FileContentMatch 'AppId=bcad1a65-78eb-4725-9bce-ce1a8ed30b95'" {
+            $result = CreateShortClientName "Client=Rest;AppId=bcad1a65-78eb-4725-9bce-ce1a8ed30b95"
+            $result | Should -Be "ELC-B2"
+        }
+    }
+}
+
+Describe "CreateShortClientName-FindMatch" {
+    BeforeAll {
+        . $PSScriptRoot\..\CalLogHelpers\ShortClientNameFunctions.ps1
+    }
+
+    Context 'Test CreateShortClientName focusing on the FindMatch function' -ForEach @(
+        @{ ClientInfoString = 'Client=Hub Transport'; Expected = "Transport" },
+        @{ ClientInfoString = 'Client=MSExchangeRPC'; Expected = "Outlook : Desktop" },
+        @{ ClientInfoString = 'OneOutlook'; Expected = "OneOutlook" },
+        @{ ClientInfoString = 'Lync for Mac'; Expected = "LyncMac" },
+        @{ ClientInfoString = 'AppId=00000004-0000-0ff1-ce00-000000000000'; Expected = "SkypeMMS" },
+        @{ ClientInfoString = 'MicrosoftNinja'; Expected = "Teams" },
+        @{ ClientInfoString = 'SkypeSpaces'; Expected = "Teams" },
+        @{ ClientInfoString = 'Remove-CalendarEvents'; Expected = "RemoveCalendarEvent" },
+        @{ ClientInfoString = 'Client=POP3/IMAP4'; Expected = "PopImap" },
+        @{ ClientInfoString = 'Client=OWA'; Expected = "OWA" },
+        @{ ClientInfoString = 'PublishedBookingCalendar'; Expected = "BookingAgent" },
+        @{ ClientInfoString = 'LocationAssistantProcessor'; Expected = "LocationProcessor" },
+        @{ ClientInfoString = 'AppId=6326e366-9d6d-4c70-b22a-34c7ea72d73d'; Expected = "CalendarReplication" },
+        @{ ClientInfoString = 'AppId=1e3faf23-d2d2-456a-9e3e-55db63b869b0'; Expected = "CiscoWebex" },
+        @{ ClientInfoString = 'AppId=1c3a76cc-470a-46d7-8ba9-713cfbb2c01f'; Expected = "Time Service" },
+        @{ ClientInfoString = 'AppId=48af08dc-f6d2-435f-b2a7-069abd99c086'; Expected = "RestConnector" },
+        @{ ClientInfoString = 'AppId=7b7fdad6-df9d-4cd5-a4f2-b5f749350419'; Expected = "Bookings B2 Service" },
+        @{ ClientInfoString = 'GriffinRestClient'; Expected = "GriffinRestClient" },
+        @{ ClientInfoString = 'MacOutlook'; Expected = "MacOutlookRest" },
+        @{ ClientInfoString = 'Outlook-iOS-Android'; Expected = "OutlookMobile" },
+        @{ ClientInfoString = 'Client=OutlookService;Outlook-Android'; Expected = "OutlookAndroid" },
+        @{ ClientInfoString = 'Client=OutlookService;Outlook-iOS'; Expected = "OutlookiOS" }
+
+    ) {
+        It 'Should return the expected value' {
+            $result = CreateShortClientName -ClientInfoString $ClientInfoString
+            $result | Should -Be $Expected
+        }
+    }
+}
+
diff --git a/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1 b/Diagnostics/HealthChecker/Analyzer/Invoke-AnalyzerFrequentConfigurationIssues.ps1
@@ -112,7 +112,7 @@ function Invoke-AnalyzerFrequentConfigurationIssues {
 
     if (-not ($credGuardUnknown)) {
         # CredentialGuardCimInstance is an array type and not sure if we can have multiple here, so just going to loop thru and handle it this way.
-        $credGuardRunning = $null -ne ($osInformation.CredentialGuardCimInstance | Where-Object { $_ -ne 0 })
+        $credGuardRunning = $null -ne ($osInformation.CredentialGuardCimInstance | Where-Object { $_ -eq 1 })
     }
 
     $displayValue = $credentialGuardValue = $osInformation.RegistryValues.CredentialGuard -ne 0 -or $credGuardRunning

diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityExchangeCertificates.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityExchangeCertificates.ps1
@@ -106,7 +106,10 @@ function Invoke-AnalyzerSecurityExchangeCertificates {
             Add-AnalyzedResultInformation @params
         }
 
-        if ($certificate.PublicKeySize -lt 2048) {
+        # We show the 'Key Size' if a certificate is RSA or DSA based but not for ECC certificates where it would be displayed with a value of 0
+        # More information: https://stackoverflow.com/questions/32873851/load-a-certificate-using-x509certificate2-with-ecc-public-key
+        if ($certificate.PublicKeySize -lt 2048 -and
+            -not($certificate.IsEccCertificate)) {
             $params = $baseParams + @{
                 Name                   = "Key size"
                 Details                = $certificate.PublicKeySize
@@ -121,7 +124,7 @@ function Invoke-AnalyzerSecurityExchangeCertificates {
                 DisplayCustomTabNumber = 2
             }
             Add-AnalyzedResultInformation @params
-        } else {
+        } elseif (-not($certificate.IsEccCertificate)) {
             $params = $baseParams + @{
                 Name                   = "Key size"
                 Details                = $certificate.PublicKeySize
@@ -130,6 +133,13 @@ function Invoke-AnalyzerSecurityExchangeCertificates {
             Add-AnalyzedResultInformation @params
         }
 
+        $params = $baseParams + @{
+            Name                   = "ECC Certificate"
+            Details                = $certificate.IsEccCertificate
+            DisplayCustomTabNumber = 2
+        }
+        Add-AnalyzedResultInformation @params
+
         if ($certificate.SignatureHashAlgorithmSecure -eq 1) {
             $shaDisplayWriteType = "Yellow"
         } else {

diff --git a/...stics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeServerCertificates.ps1 b/...stics/HealthChecker/DataCollection/ExchangeInformation/Get-ExchangeServerCertificates.ps1
@@ -210,6 +210,7 @@ function Get-ExchangeServerCertificates {
                                 FriendlyName                   = $certFriendlyName
                                 Thumbprint                     = $cert.Thumbprint
                                 PublicKeySize                  = $cert.PublicKey.Key.KeySize
+                                IsEccCertificate               = $cert.PublicKey.Oid.Value -eq "1.2.840.10045.2.1" # WellKnownOid for ECC
                                 SignatureAlgorithm             = $certSignatureAlgorithm
                                 SignatureHashAlgorithm         = $certSignatureHashAlgorithm
                                 SignatureHashAlgorithmSecure   = $certSignatureHashAlgorithmSecure

diff --git a/...Checker/DataCollection/ExchangeInformation/Tests/Get-ExchangeServerCertificates.Tests.ps1 b/...Checker/DataCollection/ExchangeInformation/Tests/Get-ExchangeServerCertificates.Tests.ps1
@@ -49,6 +49,7 @@ Describe "Testing Get-ExchangeServerCertificates.ps1" {
             $results[0].SignatureHashAlgorithmSecure | Should -Be 1
             $results[0].IsSanCertificate | Should -Be $false
             $results[0].PublicKeySize | Should -Be 2048
+            $results[0].IsEccCertificate | Should -Be $false
         }
 
         It "Valid SAN Certificate (using weak SHA1 Hash Algorithm) Detected" {
@@ -61,12 +62,14 @@ Describe "Testing Get-ExchangeServerCertificates.ps1" {
             $results[1].IsSanCertificate | Should -Be $true
             ($results[1].Namespaces).Count | Should -Be 2
             $results[1].PublicKeySize | Should -Be 2048
+            $results[1].IsEccCertificate | Should -Be $false
         }
 
         It "Valid Certificate (using strong SHA256 Hash Algorithm) Detected" {
             $results[3].FriendlyName | Should -Be "WMSvc-SHA2-WIN-CTD3L0RGen4"
             $results[3].Thumbprint | Should -Be "3341CEAF3DF4D3A9527EC98BDD53C54ECC3E0620"
             $results[3].PublicKeySize | Should -Be 2048
+            $results[3].IsEccCertificate | Should -Be $false
             $results[3].SignatureAlgorithm | Should -Be "sha256RSA"
             $results[3].SignatureHashAlgorithm | Should -Be "sha256"
             $results[3].SignatureHashAlgorithmSecure | Should -Be 2

diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E15.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E15.Main.Tests.ps1
@@ -129,7 +129,7 @@ Describe "Testing Health Checker by Mock Data Imports - Exchange 2013" {
             TestObjectMatch "SMB1 Installed" "True" -WriteType "Red"
             TestObjectMatch "SMB1 Blocked" "False" -WriteType "Red"
 
-            $Script:ActiveGrouping.Count | Should -Be 85
+            $Script:ActiveGrouping.Count | Should -Be 88
         }
 
         It "Display Results - Security Vulnerability" {

diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1
@@ -132,7 +132,7 @@ Describe "Testing Health Checker by Mock Data Imports - Exchange 2016" {
             TestObjectMatch "Pattern service" "Unreachable`r`n`t`tMore information: https://aka.ms/HelpConnectivityEEMS" -WriteType "Yellow"
             TestObjectMatch "Telemetry enabled" "False"
 
-            $Script:ActiveGrouping.Count | Should -Be 99
+            $Script:ActiveGrouping.Count | Should -Be 102
         }
 
         It "Display Results - Security Vulnerability" {

diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1
@@ -140,7 +140,7 @@ Describe "Testing Health Checker by Mock Data Imports" {
             TestObjectMatch "AES256-CBC Protected Content Support" "Not Supported Build" -WriteType "Red"
             TestObjectMatch "SerializedDataSigning Enabled" "Unsupported Version" -WriteType "Red"
 
-            $Script:ActiveGrouping.Count | Should -Be 81
+            $Script:ActiveGrouping.Count | Should -Be 84
         }
 
         It "Display Results - Security Vulnerability" {