Merge branch 'KelvinTegelaar:master' into master

ListGenericAllTenants/run.ps1

@@ -4,13 +4,13 @@ param([string]$QueueItem, $TriggerMetadata)
 # Write out the queue message and metadata to the information log.
 Write-Host "PowerShell queue trigger function processed work item: $QueueItem"
 $TableURLName = ($QueueItem.tolower().split('?').Split('/') | Select-Object -First 1).toString()
-$QueueKey = (Get-CippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey
+$QueueKey = (Invoke-ListCippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey
 Update-CippQueueEntry -RowKey $QueueKey -Status 'Started'
 $Table = Get-CIPPTable -TableName "cache$TableURLName"
 $fullUrl = "https://graph.microsoft.com/beta/$QueueItem"
 Get-CIPPAzDataTableEntity @Table | Remove-AzDataTableEntity @table
 
-$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { 
+$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
     $domainName = $_.defaultDomainName
     Import-Module CippCore
     try {
@@ -22,7 +22,7 @@ $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
             Tenant     = $domainName
             CippStatus = "Could not connect to tenant. $($_.Exception.message)"
         }
-    } 
+    }
 }
 
 Update-CippQueueEntry -RowKey $QueueKey -Status 'Processing'

Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1

@@ -41,7 +41,7 @@ function Add-CIPPApplicationPermission {
     foreach ($Grant in $Grants) {
         try {
             $SettingsRequest = New-GraphPOSTRequest -body ($Grant | ConvertTo-Json) -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignedTo" -tenantid $Tenantfilter -type POST
-            $counter ++
+            $counter++
         } catch {
             $Results.add("Failed to grant $($Grant.appRoleId) to $($Grant.resourceId): $($_.Exception.Message)") | Out-Null
         }

Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1

@@ -0,0 +1,23 @@
+function Invoke-ListCippQueue {
+    # Input bindings are passed in via param block.
+    param($Request = $null, $TriggerMetadata)
+
+    if ($Request) {
+        $APIName = $TriggerMetadata.FunctionName
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+        # Write to the Azure Functions log stream.
+        Write-Host 'PowerShell HTTP trigger function processed a request.'
+    }
+
+    $CippQueue = Get-CippTable -TableName 'CippQueue'
+    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue | Where-Object { ($_.Timestamp.DateTime) -ge (Get-Date).ToUniversalTime().AddHours(-1) } | Sort-Object -Property Timestamp -Descending
+    if ($request) {
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::OK
+                Body       = @($CippQueueData)
+            })
+    } else {
+        return $CippQueueData
+    }
+}

Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1

@@ -0,0 +1,18 @@
+function Invoke-RemoveCippQueue {
+    # Input bindings are passed in via param block.
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    $CippQueue = Get-CippTable -TableName 'CippQueue'
+    Clear-AzDataTable @CippQueue
+
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{Results = @('History cleared') }
+        })
+}

Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1

@@ -0,0 +1,23 @@
+function New-CippQueueEntry {
+    Param(
+        $Name,
+        $Link,
+        $Reference
+    )
+
+    $CippQueue = Get-CippTable -TableName CippQueue
+
+    $QueueEntry = @{
+        PartitionKey = 'CippQueue'
+        RowKey       = (New-Guid).Guid.ToString()
+        Name         = $Name
+        Link         = $Link
+        Reference    = $Reference
+        Status       = 'Queued'
+    }
+    $CippQueue.Entity = $QueueEntry
+
+    Add-CIPPAzDataTableEntity @CippQueue
+
+    $QueueEntry
+}

Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1

@@ -0,0 +1,29 @@
+function Update-CippQueueEntry {
+    Param(
+        [Parameter(Mandatory = $true)]
+        $RowKey,
+        $Status,
+        $Name
+    )
+
+    $CippQueue = Get-CippTable -TableName CippQueue
+
+    if ($RowKey) {
+        $QueueEntry = Get-CIPPAzDataTableEntity @CippQueue -Filter ("RowKey eq '{0}'" -f $RowKey)
+
+        if ($QueueEntry) {
+            if ($Status) {
+                $QueueEntry.Status = $Status
+            }
+            if ($Name) {
+                $QueueEntry.Name = $Name
+            }
+            Update-AzDataTableEntity @CippQueue -Entity $QueueEntry
+            $QueueEntry
+        } else {
+            return $false
+        }
+    } else {
+        return $false
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1

@@ -0,0 +1,15 @@
+
+function Push-CIPPAlertNewAppApproval {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)]
+        [pscustomobject]$Item
+    )
+    try {
+        $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant
+        if ($Approvals.count -gt 1) {
+            Write-AlertMessage -tenant $($Item.tenant) -message "There is are $($Approvals.count) App Approvals waiting."
+        }
+    } catch {
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 → Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1

@@ -263,72 +263,80 @@ Function Push-ExecOnboardTenantQueue {
             $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
             Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
 
-            $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' })
-            $y = 0
-            do {
-                try {
-                    Remove-CIPPCache -tenantsOnly $true
-                } catch {}
+            $IsExcluded = (Get-Tenants -SkipList | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Measure-Object).Count -gt 0
+            if ($IsExcluded) {
+                $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant is excluded from CIPP, onboarding cannot continue.' })
+                $TenantOnboarding.Status = 'failed'
+                $OnboardingSteps.Step4.Status = 'failed'
+                $OnboardingSteps.Step4.Message = 'Tenant excluded from CIPP, remove the exclusion and retry onboarding.'
+            } else {
 
-                $Tenant = Get-Tenants | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1
-                $y++
-                Start-Sleep -Seconds 20
-            } while (!$Tenant -and $y -le 4)
+                $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' })
+                $y = 0
+                do {
+                    $Tenant = Get-Tenants -TriggerRefresh -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1
+                    $y++
+                    Start-Sleep -Seconds 20
+                } while (!$Tenant -and $y -le 4)
 
-            if ($Tenant) {
-                $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' })
-                try {
-                    $CPVConsentParams = @{
-                        TenantFilter = $Tenant.defaultDomainName
-                    }
-                    $Consent = Set-CIPPCPVConsent @CPVConsentParams
-                    if ($Consent -match 'Could not add our Service Principal to the client tenant') {
-                        throw
+                if ($Tenant) {
+                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' })
+                    try {
+                        $CPVConsentParams = @{
+                            TenantFilter = $Relationship.customer.tenantId
+                        }
+                        $Consent = Set-CIPPCPVConsent @CPVConsentParams
+                        if ($Consent -match 'Could not add our Service Principal to the client tenant') {
+                            throw
+                        }
+                        $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' })
+                    } catch {
+                        $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' })
+                        $TenantOnboarding.Status = 'failed'
+                        $OnboardingSteps.Step4.Status = 'failed'
+                        $OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.'
+                        $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
+                        $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
+                        Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
+                        return
                     }
-                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' })
-                } catch {
-                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' })
-                    $TenantOnboarding.Status = 'failed'
-                    $OnboardingSteps.Step4.Status = 'failed'
-                    $OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.'
+                    $Refreshing = $true
+                    $CPVSuccess = $false
+                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Refreshing CPV permissions' })
+                    $OnboardingSteps.Step4.Message = 'Refreshing CPV permissions'
                     $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
                     $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
                     Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
-                    return
-                }
-                $Refreshing = $true
-                $CPVSuccess = $false
-                $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Refreshing CPV permissions' })
-                $OnboardingSteps.Step4.Message = 'Refreshing CPV permissions'
-                $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
-                $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)
-                Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop
-                do {
-                    try {
-                        Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName
-                        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName
-                        $CPVSuccess = $true
-                        $Refreshing = $false
-                    } catch {
-                        Start-Sleep -Seconds 30
-                    }
-                } while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8))
+                    do {
+                        try {
+                            Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId
+                            Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId
+                            $CPVSuccess = $true
+                            $Refreshing = $false
+                        } catch {
+                            Start-Sleep -Seconds 30
+                        }
+                    } while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8))
 
-                if ($CPVSuccess) {
-                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' })
-                    $OnboardingSteps.Step4.Status = 'succeeded'
-                    $OnboardingSteps.Step4.Message = 'CPV permissions refreshed'
+                    if ($CPVSuccess) {
+                        $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' })
+                        $OnboardingSteps.Step4.Status = 'succeeded'
+                        $OnboardingSteps.Step4.Message = 'CPV permissions refreshed'
+                        if ($Tenant.defaultDomainName -match 'Domain Error') {
+                            $Tenant = Get-Tenants -TriggerRefresh -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1
+                        }
+                    } else {
+                        $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' })
+                        $TenantOnboarding.Status = 'failed'
+                        $OnboardingSteps.Step4.Status = 'failed'
+                        $OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later'
+                    }
                 } else {
-                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' })
+                    $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' })
                     $TenantOnboarding.Status = 'failed'
                     $OnboardingSteps.Step4.Status = 'failed'
-                    $OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later'
+                    $OnboardingSteps.Step4.Message = 'Tenant not found in customer list, try again later'
                 }
-            } else {
-                $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' })
-                $TenantOnboarding.Status = 'failed'
-                $OnboardingSteps.Step4.Status = 'failed'
-                $OnboardingSteps.Step4.Message = 'Tenant not found in customer list, try again later'
             }
             $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress)
             $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress)

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1

@@ -0,0 +1,8 @@
+function Push-GetPendingWebhooks {
+    $Table = Get-CIPPTable -TableName WebhookIncoming
+    $Webhooks = Get-CIPPAzDataTableEntity @Table
+    $WebhookCount = ($Webhooks | Measure-Object).Count
+    $Message = 'Processing {0} webhooks' -f $WebhookCount
+    Write-LogMessage -API 'Webhooks' -message $Message -sev Info
+    return $Webhooks
+}

Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 → Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-SchedulerAlert.ps1

@@ -14,17 +14,18 @@ function Push-SchedulerAlert {
 
         $IgnoreList = @('Etag', 'PartitionKey', 'Timestamp', 'RowKey', 'tenantid', 'tenant', 'type')
         $AlertList = $Alerts | Select-Object * -ExcludeProperty $IgnoreList
-        $Batch = foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) {
+        foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) {
             $Table = Get-CIPPTable -TableName AlertRunCheck
             $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $Item.Tenant, $task.Name, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
             $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter
             if (!$ExistingMessage) {
-                [pscustomobject]@{
-                    Tenant       = $Item.Tenant
-                    Tenantid     = $Item.Tenantid
-                    FunctionName = "CIPPAlert$($Task.Name)"
-                    value        = $Task.value
+                $Item = [pscustomobject]@{
+                    Tenant   = $Item.Tenant
+                    Tenantid = $Item.Tenantid
+                    value    = $Task.value
                 }
+                $Function = "Push-CIPPAlert$($Task.Name)"
+                & $Function -Item $Item
                 #Push-OutputBinding -Name QueueItemOut -Value $Item
                 $Item | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task.Name -Force
                 $Item | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $Item.Tenant -Force
@@ -41,9 +42,8 @@ function Push-SchedulerAlert {
             } else {
                 Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $Item.Tenant, $task.Name)
             }
-
         }
-        if (($Batch | Measure-Object).Count -gt 0) {
+        <#if (($Batch | Measure-Object).Count -gt 0) {
             $InputObject = [PSCustomObject]@{
                 OrchestratorName = 'AlertsOrchestrator'
                 SkipLog          = $true
@@ -55,7 +55,7 @@ function Push-SchedulerAlert {
             #$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId
         } else {
             Write-Host 'No alerts to process'
-        }
+        }#>
     } catch {
         $Message = 'Exception on line {0} - {1}' -f $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
         Write-LogMessage -message $Message -API 'Alerts' -tenant $Item.tenant -sev Error

Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 → Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1

@@ -7,11 +7,11 @@ function Push-UpdatePermissionsQueue {
     if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) {
         Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant'
         Write-Host 'Adding CPV permissions'
-        Set-CIPPCPVConsent -Tenantfilter $Item.defaultDomainName
+        Set-CIPPCPVConsent -Tenantfilter $Item.customerId
     }
 
-    Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName
-    Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName
+    Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
+    Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
 
-    Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.defaultDomainName)" -Sev 'Info' -API 'UpdatePermissionsQueue'
+    Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.displayName)" -Sev 'Info' -API 'UpdatePermissionsQueue'
 }