Merge pull request #78 from KelvinTegelaar/master

[pull] master from KelvinTegelaar:master

Author: pull[bot]

.github/workflows/upload_dev.yml

@@ -0,0 +1,36 @@
+name: Upload Dev zip
+
+on:
+  push:
+    branches:
+      - dev
+
+jobs:
+  release:
+    if: github.event.repository.fork == false && github.event_name == 'push'
+    name: Upload to Azure
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the repository
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      # Create ZIP File in a New Source Directory
+      - name: Prepare and Zip Release Files
+        run: |
+          mkdir -p src/releases
+          zip -r src/releases/dev.zip . \
+            --exclude "./src/releases/*" \
+            --exclude ".*" \
+            --exclude ".*/**"
+
+      # Upload to Azure Blob Storage
+      - name: Azure Blob Upload with Destination folder defined
+        uses: LanceMcCarthy/[email protected]
+        with:
+          connection_string: ${{ secrets.AZURE_CONNECTION_STRING }}
+          container_name: cipp-api
+          source_folder: src/releases/
+          destination_folder: /
+          delete_if_exists: true

Config/CyberEssentials.BPATemplate.json

@@ -92,7 +92,10 @@
         "isMFARegistered",
         "defaultMFAMethod"
       ],
-      "URL": "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails"
+      "URL": "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails",
+      "Parameters": {
+        "asApp": "True"
+      }
     }
   ]
 }

Config/cipp-roles.json

@@ -0,0 +1,23 @@
+{
+  "readonly": {
+    "include": ["*.Read"],
+    "exclude": ["CIPP.SuperAdmin.*"]
+  },
+  "editor": {
+    "include": ["*.Read", "*.ReadWrite"],
+    "exclude": [
+      "CIPP.SuperAdmin.*",
+      "CIPP.Admin.*",
+      "CIPP.AppSettings.*",
+      "Tenant.Standards.ReadWrite"
+    ]
+  },
+  "admin": {
+    "include": ["*"],
+    "exclude": ["CIPP.SuperAdmin.*"]
+  },
+  "superadmin": {
+    "include": ["*"],
+    "exclude": []
+  }
+}

Config/schemaDefinitions.json

@@ -0,0 +1,16 @@
+[
+    {
+        "id": "cippUser",
+        "description": "CIPP User Schema",
+        "targetTypes": ["User"],
+        "properties": [
+            { "name": "jitAdminEnabled", "type": "Boolean" },
+            { "name": "jitAdminExpiration", "type": "DateTime" },
+            { "name": "mailboxType", "type": "String" },
+            { "name": "archiveEnabled", "type": "Boolean" },
+            { "name": "autoExpandingArchiveEnabled", "type": "Boolean" },
+            { "name": "perUserMfaState", "type": "String" }
+        ],
+        "status": "Available"
+    }
+]

ConversionTable.csv

@@ -64,12 +64,15 @@ function Add-CIPPScheduledTask {
     if ([int64]$task.ScheduledTime -eq 0 -or [string]::IsNullOrEmpty($task.ScheduledTime)) {
         $task.ScheduledTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
     }
-
+    $excludedTenants = if ($task.excludedTenants.value) {
+        $task.excludedTenants.value -join ','
+    }
     $entity = @{
         PartitionKey         = [string]'ScheduledTask'
         TaskState            = [string]'Planned'
         RowKey               = [string]$RowKey
         Tenant               = $task.TenantFilter.value ? "$($task.TenantFilter.value)" : "$($task.TenantFilter)"
+        excludedTenants      = [string]$excludedTenants
         Name                 = [string]$task.Name
         Command              = [string]$task.Command.value
         Parameters           = [string]$Parameters

Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1

@@ -0,0 +1,24 @@
+
+function Get-CIPPAlertDefenderIncidents {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $false)]
+        [Alias('input')]
+        $InputValue,
+        $TenantFilter
+    )
+    try {
+        $AlertData = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/security/incidents?`$top=50&`$filter=status eq 'active'" -tenantid $TenantFilter | ForEach-Object {
+            "Incident ID $($_.id): Created at $($_.createdDateTime). Severity: $($_.severity). `nIncident name: $($_.displayName). Incident URL: $($_.incidentWebUrl)."
+        }
+        Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
+
+    } catch {
+        # Pretty sure this one is gonna be spammy cause of licensing issues, so it's commented out -Bobby
+        # Write-AlertMessage -tenant $($TenantFilter) -message "Could not get Defender incident data for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+    }
+}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDefenderIncidents.ps1

@@ -18,9 +18,9 @@ function Get-CIPPAlertEntraLicenseUtilization {
         $Alerts = [System.Collections.Generic.List[string]]::new()
 
         # Check P1 License utilization
-        if ($LicenseData.entitledP1LicenseCount -gt 0) {
+        if ($LicenseData.entitledP1LicenseCount -gt 0 -or $LicenseData.entitledP2LicenseCount -gt 0) {
             $P1Used = $LicenseData.p1FeatureUtilizations.conditionalAccess.userCount
-            $P1Entitled = $LicenseData.entitledP1LicenseCount
+            $P1Entitled = $LicenseData.entitledP1LicenseCount + $LicenseData.entitledP2LicenseCount
             $P1Usage = ($P1Used / $P1Entitled) * 100
             $P1Overage = $P1Used - $P1Entitled
 

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertEntraLicenseUtilization.ps1

@@ -18,7 +18,7 @@ function Get-CIPPAlertMFAAdmins {
             }
         }
         if (!$DuoActive) {
-            $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq true and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
+            $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq true and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) -AsApp $true | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
             if ($users.UserPrincipalName) {
                 $AlertData = "The following admins do not have MFA registered: $($users.UserPrincipalName -join ', ')"
                 Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMFAAdmins.ps1

@@ -12,7 +12,7 @@ function Get-CIPPAlertMFAAlertUsers {
     )
     try {
 
-        $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq false and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
+        $users = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?`$top=999&filter=IsAdmin eq false and isMfaRegistered eq false and userType eq 'member'&`$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered,IsAdmin" -tenantid $($TenantFilter) -AsApp $true | Where-Object { $_.userDisplayName -ne 'On-Premises Directory Synchronization Service Account' }
         if ($users.UserPrincipalName) {
             $AlertData = "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')"
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData