From 895191d9c20f0a77080d84c33a638b75b6ebf7ba Mon Sep 17 00:00:00 2001 From: Esco Date: Thu, 6 Feb 2025 13:46:47 +0100 Subject: [PATCH 1/3] fix: rename Action to SafeAttachmentAction --- .../Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index a35f420cf73f..d45abf7e5973 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -64,7 +64,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and ($CurrentState.Enable -eq $true) -and - ($CurrentState.Action -eq $Settings.Action) -and + ($CurrentState.Action -eq $Settings.SafeAttachmentAction) -and ($CurrentState.QuarantineTag -eq $Settings.QuarantineTag) -and ($CurrentState.Redirect -eq $Settings.Redirect) -and (($null -eq $Settings.RedirectAddress) -or ($CurrentState.RedirectAddress -eq $Settings.RedirectAddress)) @@ -87,7 +87,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { } else { $cmdparams = @{ Enable = $true - Action = $Settings.Action + Action = $Settings.SafeAttachmentAction QuarantineTag = $Settings.QuarantineTag Redirect = $Settings.Redirect RedirectAddress = $Settings.RedirectAddress From 334ee85be231cd62dc88f6ebaf3c9550801a7ae9 Mon Sep 17 00:00:00 2001 From: redanthrax Date: Tue, 4 Feb 2025 08:15:44 -0800 Subject: [PATCH 2/3] Intune Script Edit Support function for intune script edit. Add permissions for devicemanagement scripts. --- .../Endpoint/MEM/Invoke-EditIntuneScript.ps1 | 48 +++++++++++++++++++ Modules/CIPPCore/Public/SAMManifest.json | 4 ++ 2 files changed, 52 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 new file mode 100644 index 000000000000..557fcae46252 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditIntuneScript.ps1 @@ -0,0 +1,48 @@ +using namespace System.Net + +function Invoke-EditIntuneScript { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Endpoint.MEM.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + $ExecutingUser = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $ExecutingUser -API $APINAME -message 'Accessed this API' -Sev Debug + + $graphUrl = "https://graph.microsoft.com/beta" + switch($Request.Method) { + "GET" { + $parms = @{ + uri = "$graphUrl/deviceManagement/deviceManagementScripts/$($Request.Query.ScriptId)" + tenantid = $Request.Query.TenantFilter + } + + $intuneScript = New-GraphGetRequest @parms + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $intuneScript + }) + } + "PATCH" { + $parms = @{ + uri = "$graphUrl/deviceManagement/deviceManagementScripts/$($Request.Body.ScriptId)" + tenantid = $Request.Body.TenantFilter + body = $Request.Body.IntuneScript + } + $patchResult = New-GraphPOSTRequest @parms -type "PATCH" + $body = [pscustomobject]@{'Results' = $patchResult } + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + } + "POST" { + Write-Output "Adding script" + } + } +} diff --git a/Modules/CIPPCore/Public/SAMManifest.json b/Modules/CIPPCore/Public/SAMManifest.json index c1a3d192fc34..65b801589a7f 100644 --- a/Modules/CIPPCore/Public/SAMManifest.json +++ b/Modules/CIPPCore/Public/SAMManifest.json @@ -87,6 +87,10 @@ "id": "e330c4f0-4170-414e-a55a-2f022ec2b57b", "type": "Role" }, + { + "id": "9255e99d-faf5-445e-bbf7-cb71482737c4", + "type": "Role" + }, { "id": "06a5fe6d-c49d-46a7-b082-56b1b14103c7", "type": "Role" From 3e8d41ffdde8ef30518d83d1e5ea17491fd1b8e0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 7 Feb 2025 13:24:53 +0100 Subject: [PATCH 3/3] fixes removal of tenantallowlists --- .../Standards/Invoke-AddStandardsTemplate.ps1 | 2 +- .../Invoke-RemoveTenantAllowBlockList.ps1 | 32 ++++++++++++------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 index a901e108b61b..8764326fef85 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -20,7 +20,7 @@ Function Invoke-AddStandardsTemplate { $request.body | Add-Member -NotePropertyName 'createdAt' -NotePropertyValue ($Request.body.createdAt ? $Request.body.createdAt : (Get-Date).ToUniversalTime()) -Force $Request.body | Add-Member -NotePropertyName 'updatedBy' -NotePropertyValue ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails -Force $Request.body | Add-Member -NotePropertyName 'updatedAt' -NotePropertyValue (Get-Date).ToUniversalTime() -Force - $JSON = (ConvertTo-Json -Depth 100 -InputObject ($Request.body)) + $JSON = (ConvertTo-Json -Compress -Depth 100 -InputObject ($Request.body)) $Table = Get-CippTable -tablename 'templates' $Table.Force = $true Add-CIPPAzDataTableEntity @Table -Entity @{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 index 52807bdcc27f..1ad9b7f8ca75 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-RemoveTenantAllowBlockList.ps1 @@ -16,31 +16,39 @@ Function Invoke-RemoveTenantAllowBlockList { # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' try { + + $listType = switch -Wildcard ($request.body.entries) { + '*@*' { 'Sender'; break } + '*.*' { 'Url'; break } + default { 'FileHash' } + } + Write-Host "List type is $listType" $ExoRequest = @{ - tenantid = $Request.query.tenantfilter + tenantid = $Request.body.tenantfilter cmdlet = 'Remove-TenantAllowBlockListItems' cmdParams = @{ - Entries = [string[]]$Request.query.entries - ListType = [string]$Request.query.listType + Entries = @($Request.body.entries) + ListType = $ListType } } - New-ExoRequest @ExoRequest + $Results = New-ExoRequest @ExoRequest + Write-Host $Results - $result = "Successfully removed $($Request.query.entries) from Block/Allow list" + $result = "Successfully removed $($Request.body.entries) from Block/Allow list" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Info' } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message - $result = "Failed to remove $($Request.query.entries). Error: $ErrorMessage" + $result = "Failed to remove $($Request.body.entries). Error: $ErrorMessage" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -tenant $Request.query.tenantfilter -message $result -Sev 'Error' } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @{ - 'Results' = $result - 'Request' = $ExoRequest - } - }) + StatusCode = [HttpStatusCode]::OK + Body = @{ + 'Results' = $result + 'Request' = $ExoRequest + } + }) }