diff --git a/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1 b/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1 index ec0f8fd5b5bd..2ced11b10908 100644 --- a/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1 +++ b/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1 @@ -21,7 +21,6 @@ function Get-CippAuditLogSearchResults { process { $GraphRequest = @{ Uri = ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999&$count=true' -f $QueryId) - Method = 'GET' AsApp = $true tenantid = $TenantFilter } diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 index 811d54b229be..d3ef1e2711c8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 @@ -6,10 +6,7 @@ function Push-UpdateTenants { Param($Item) $QueueReference = 'UpdateTenants' $RunningQueue = Invoke-ListCippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' } - if ($RunningQueue) { - Write-Host 'Update Tenants already running' - return - } + $Queue = New-CippQueueEntry -Name 'Update Tenants' -Reference $QueueReference -TotalTasks 1 try { $QueueTask = @{ @@ -30,4 +27,4 @@ function Push-UpdateTenants { $QueueTask.Status = 'Failed' Set-CippQueueTask @QueueTask } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 index 0ae4d1f13cb0..f4d0e10d2526 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 @@ -10,24 +10,35 @@ Function Invoke-ExecAssignAPDevice { [CmdletBinding()] param($Request, $TriggerMetadata) $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $tenantfilter = $Request.Body.TenantFilter + $User = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.body.tenantFilter + + try { + $UserObject = $Request.body.user.addedFields + $DeviceObject = $Request.body.device + $SerialNumber = $Request.body.serialNumber $body = @{ - UserPrincipalName = $Request.body.UserPrincipalName - addressableUserName = $Request.body.addressableUserName + userPrincipalName = $UserObject.userPrincipalName + addressableUserName = $UserObject.addressableUserName } | ConvertTo-Json - New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($request.body.Device)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST - $Results = "Successfully assigned device to $($Request.body.UserPrincipalName) for $($tenantfilter)" + New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($DeviceObject)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST | Out-Null + Write-LogMessage -user $User -API $APINAME -message "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" -Sev Info + $Results = "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" + $StatusCode = [HttpStatusCode]::OK } catch { - $Results = "Could not $($Request.body.UserPrincipalName) to $($Request.body.device) for $($tenantfilter) Error: $($_.Exception.Message)" + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $User -API $APINAME -message "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage + $Results = "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" + $StatusCode = [HttpStatusCode]::BadRequest } $Results = [pscustomobject]@{'Results' = "$results" } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK + StatusCode = $StatusCode Body = $Results }) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 index 766692b48157..1ef908304c17 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 @@ -92,6 +92,7 @@ Function Invoke-ExecJITAdmin { Start-Sleep -Seconds 1 } + #Region TAP creation if ($Request.Body.UseTAP) { try { if ($Start -gt (Get-Date)) { @@ -102,19 +103,20 @@ Function Invoke-ExecJITAdmin { } else { $TapBody = '{}' } - Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods" - # Retry creating the TAP up to 5 times, since it can fail due to the user not being fully created yet + # Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods" + # Retry creating the TAP up to 10 times, since it can fail due to the user not being fully created yet. Sometimes it takes 2 reties, sometimes it takes 8+. Very annoying. -Bobby $Retries = 0 + $MAX_TAP_RETRIES = 10 do { try { $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $TenantFilter -type POST -body $TapBody } catch { Start-Sleep -Seconds 2 - Write-Information 'ERROR: Failed to create TAP, retrying' - Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_)) + Write-Information "ERROR: Run $Retries of $MAX_TAP_RETRIES : Failed to create TAP, retrying" + # Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_)) } $Retries++ - } while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le 5 ) + } while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le $MAX_TAP_RETRIES ) $TempPass = $TapRequest.temporaryAccessPass $PasswordExpiration = $TapRequest.LifetimeInMinutes @@ -135,6 +137,7 @@ Function Invoke-ExecJITAdmin { } } } + #EndRegion TAP creation $Parameters = @{ TenantFilter = $TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 index 7e3d3da4e22c..fccb38d002ef 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 @@ -45,7 +45,20 @@ Function Invoke-ListTenants { return } if ($Request.Query.TriggerRefresh) { - Get-Tenants -IncludeAll -TriggerRefresh + if ($Request.Query.TenantFilter -and $Request.Query.TenantFilter -ne 'AllTenants') { + Get-Tenants -TriggerRefresh -TenantFilter $Request.Query.TenantFilter + } else { + $InputObject = [PSCustomObject]@{ + Batch = @( + @{ + FunctionName = 'UpdateTenants' + } + ) + OrchestratorName = 'UpdateTenants' + SkipLog = $true + } + Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Compress -Depth 5) + } } try { $tenantfilter = $Request.Query.TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 index 05115ce42df2..a2758b8e8341 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 @@ -14,13 +14,13 @@ Function Invoke-ExecDeleteGDAPRoleMapping { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = Get-CIPPTable -TableName 'GDAPRoles' - Write-Host $Table + $GroupId = $Request.Query.GroupId ?? $Request.Body.GroupId try { - $Filter = "PartitionKey eq 'Roles' and RowKey eq '{0}'" -f $Request.Query.GroupId + $Filter = "PartitionKey eq 'Roles' and RowKey eq '{0}'" -f $GroupId $Entity = Get-CIPPAzDataTableEntity @Table -Filter $Filter Remove-AzDataTableEntity -Force @Table -Entity $Entity $Results = [pscustomobject]@{'Results' = 'Success. GDAP relationship mapping deleted' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($Request.Query.GroupId)" -Sev 'Info' + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($GroupId)" -Sev 'Info' } catch { $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 index f7d0f45cb8ef..4fcf492622f9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 @@ -10,13 +10,12 @@ Function Invoke-listStandardTemplates { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - $Table = Get-CippTable -tablename 'templates' $Filter = "PartitionKey eq 'StandardsTemplateV2'" $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { - $data = $_.JSON | ConvertFrom-Json -Depth 100 + $data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force + if ($data.excludedTenants) { $data.excludedTenants = @($data.excludedTenants) } $data } | Sort-Object -Property templateName diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 index 7d8d3ff3ad99..a949da45936e 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1 @@ -17,7 +17,12 @@ function New-GraphGetRequest { [switch]$CountOnly, [switch]$IncludeResponseHeaders ) - $IsAuthorised = Get-AuthorisedRequest -Uri $uri -TenantID $tenantid + + if ($NoAuthCheck -eq $false) { + $IsAuthorised = Get-AuthorisedRequest -Uri $uri -TenantID $tenantid + } else { + $IsAuthorised = $true + } if ($NoAuthCheck -eq $true -or $IsAuthorised) { if ($scope -eq 'ExchangeOnline') { diff --git a/version_latest.txt b/version_latest.txt index a50da181e9bd..4489f5a6df8f 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -7.0.3 +7.0.4