Merge pull request KelvinTegelaar#1231 from KelvinTegelaar/dev

Dev

Author: KelvinTegelaar

Diff for: Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1

@@ -21,7 +21,6 @@ function Get-CippAuditLogSearchResults {
     process {
         $GraphRequest = @{
             Uri      = ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999&$count=true' -f $QueryId)
-            Method   = 'GET'
             AsApp    = $true
             tenantid = $TenantFilter
         }

Diff for: Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1

@@ -6,10 +6,7 @@ function Push-UpdateTenants {
     Param($Item)
     $QueueReference = 'UpdateTenants'
     $RunningQueue = Invoke-ListCippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' }
-    if ($RunningQueue) {
-        Write-Host 'Update Tenants already running'
-        return
-    }
+
     $Queue = New-CippQueueEntry -Name 'Update Tenants' -Reference $QueueReference -TotalTasks 1
     try {
         $QueueTask = @{
@@ -30,4 +27,4 @@ function Push-UpdateTenants {
         $QueueTask.Status = 'Failed'
         Set-CippQueueTask @QueueTask
     }
-}
+}

Diff for: Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1

@@ -10,24 +10,35 @@ Function Invoke-ExecAssignAPDevice {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
     $APIName = $TriggerMetadata.FunctionName
-    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
-    $tenantfilter = $Request.Body.TenantFilter
+    $User = $request.headers.'x-ms-client-principal'
+    Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.body.tenantFilter
+
+
     try {
+        $UserObject = $Request.body.user.addedFields
+        $DeviceObject = $Request.body.device
+        $SerialNumber = $Request.body.serialNumber
         $body = @{
-            UserPrincipalName   = $Request.body.UserPrincipalName
-            addressableUserName = $Request.body.addressableUserName
+            userPrincipalName   = $UserObject.userPrincipalName
+            addressableUserName = $UserObject.addressableUserName
         } | ConvertTo-Json
-        New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($request.body.Device)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST
-        $Results = "Successfully assigned device to $($Request.body.UserPrincipalName) for $($tenantfilter)"
+        New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($DeviceObject)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST | Out-Null
+        Write-LogMessage -user $User -API $APINAME -message "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" -Sev Info
+        $Results = "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to  $($UserObject.userPrincipalName) for $($TenantFilter)"
+        $StatusCode = [HttpStatusCode]::OK
     } catch {
-        $Results = "Could not $($Request.body.UserPrincipalName) to $($Request.body.device) for $($tenantfilter) Error: $($_.Exception.Message)"
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -user $User -API $APINAME -message "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        $Results = "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)"
+        $StatusCode = [HttpStatusCode]::BadRequest
     }
 
     $Results = [pscustomobject]@{'Results' = "$results" }
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
+            StatusCode = $StatusCode
             Body       = $Results
         })
 

Diff for: Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1

@@ -92,6 +92,7 @@ Function Invoke-ExecJITAdmin {
             Start-Sleep -Seconds 1
         }
 
+        #Region TAP creation
         if ($Request.Body.UseTAP) {
             try {
                 if ($Start -gt (Get-Date)) {
@@ -102,19 +103,20 @@ Function Invoke-ExecJITAdmin {
                 } else {
                     $TapBody = '{}'
                 }
-                Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
-                # Retry creating the TAP up to 5 times, since it can fail due to the user not being fully created yet
+                # Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
+                # Retry creating the TAP up to 10 times, since it can fail due to the user not being fully created yet. Sometimes it takes 2 reties, sometimes it takes 8+. Very annoying. -Bobby
                 $Retries = 0
+                $MAX_TAP_RETRIES = 10
                 do {
                     try {
                         $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $TenantFilter -type POST -body $TapBody
                     } catch {
                         Start-Sleep -Seconds 2
-                        Write-Information 'ERROR: Failed to create TAP, retrying'
-                        Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_))
+                        Write-Information "ERROR: Run $Retries of $MAX_TAP_RETRIES : Failed to create TAP, retrying"
+                        # Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_))
                     }
                     $Retries++
-                } while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le 5 )
+                } while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le $MAX_TAP_RETRIES )
 
                 $TempPass = $TapRequest.temporaryAccessPass
                 $PasswordExpiration = $TapRequest.LifetimeInMinutes
@@ -135,6 +137,7 @@ Function Invoke-ExecJITAdmin {
                 }
             }
         }
+        #EndRegion TAP creation
 
         $Parameters = @{
             TenantFilter = $TenantFilter

Diff for: Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1

@@ -45,7 +45,20 @@ Function Invoke-ListTenants {
         return
     }
     if ($Request.Query.TriggerRefresh) {
-        Get-Tenants -IncludeAll -TriggerRefresh
+        if ($Request.Query.TenantFilter -and $Request.Query.TenantFilter -ne 'AllTenants') {
+            Get-Tenants -TriggerRefresh -TenantFilter $Request.Query.TenantFilter
+        } else {
+            $InputObject = [PSCustomObject]@{
+                Batch            = @(
+                    @{
+                        FunctionName = 'UpdateTenants'
+                    }
+                )
+                OrchestratorName = 'UpdateTenants'
+                SkipLog          = $true
+            }
+            Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Compress -Depth 5)
+        }
     }
     try {
         $tenantfilter = $Request.Query.TenantFilter

Diff for: Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1

@@ -14,13 +14,13 @@ Function Invoke-ExecDeleteGDAPRoleMapping {
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     $Table = Get-CIPPTable -TableName 'GDAPRoles'
 
-    Write-Host $Table
+    $GroupId = $Request.Query.GroupId ?? $Request.Body.GroupId
     try {
-        $Filter = "PartitionKey eq 'Roles' and RowKey eq '{0}'" -f $Request.Query.GroupId
+        $Filter = "PartitionKey eq 'Roles' and RowKey eq '{0}'" -f $GroupId
         $Entity = Get-CIPPAzDataTableEntity @Table -Filter $Filter
         Remove-AzDataTableEntity -Force @Table -Entity $Entity
         $Results = [pscustomobject]@{'Results' = 'Success. GDAP relationship mapping deleted' }
-        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($Request.Query.GroupId)" -Sev 'Info'
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($GroupId)" -Sev 'Info'
 
     } catch {
         $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" }

Diff for: Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1

@@ -10,13 +10,12 @@ Function Invoke-listStandardTemplates {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
-    $APIName = $TriggerMetadata.FunctionName
-
     $Table = Get-CippTable -tablename 'templates'
     $Filter = "PartitionKey eq 'StandardsTemplateV2'"
     $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object {
-        $data = $_.JSON | ConvertFrom-Json -Depth 100
+        $data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue
         $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force
+        if ($data.excludedTenants) { $data.excludedTenants = @($data.excludedTenants) }
         $data
     } | Sort-Object -Property templateName
 

Diff for: Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1

@@ -17,7 +17,12 @@ function New-GraphGetRequest {
         [switch]$CountOnly,
         [switch]$IncludeResponseHeaders
     )
-    $IsAuthorised = Get-AuthorisedRequest -Uri $uri -TenantID $tenantid
+
+    if ($NoAuthCheck -eq $false) {
+        $IsAuthorised = Get-AuthorisedRequest -Uri $uri -TenantID $tenantid
+    } else {
+        $IsAuthorised = $true
+    }
 
     if ($NoAuthCheck -eq $true -or $IsAuthorised) {
         if ($scope -eq 'ExchangeOnline') {

Diff for: version_latest.txt

@@ -1 +1 @@
-7.0.3
+7.0.4