Merge pull request #758 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertLowDomainScore.ps1

@@ -13,7 +13,7 @@ function Get-CIPPAlertLowDomainScore {
     )
 
     $DomainData = Get-CIPPDomainAnalyser -TenantFilter $TenantFilter
-    $LowScoreDomains = $DomainData | Where-Object { $_.ScorePercentage -lt $InputValue -and $_.ScorePercentage -ne '' } | ForEach-Object {
+    $LowScoreDomains = $DomainData | Where-Object { $_.ScorePercentage -lt $InputValue -and $_.ScorePercentage -ne '' -and $_.Domain -notlike '*.onmicrosoft.com' -and $_.Domain -notlike '*.mail.onmicrosoft.com' } | ForEach-Object {
         [PSCustomObject]@{
             Message          = "$($_.Domain): Domain security score is $($_.ScorePercentage)%, which is below the threshold of $InputValue%. Issues: $($_.ScoreExplanation)"
             Domain           = $_.Domain

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecSyncVPP.ps1

@@ -9,9 +9,8 @@ function Invoke-ExecSyncVPP {
     param($Request, $TriggerMetadata)
     $APIName = $Request.Params.CIPPEndpoint
     $Headers = $Request.Headers
-    Write-LogMessage -Headers $Headers -API $APIName -message 'Accessed this API' -Sev Debug
 
-    $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter
+    $TenantFilter = $Request.Body.tenantFilter
     try {
         # Get all VPP tokens and sync them
         $VppTokens = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/vppTokens' -tenantid $TenantFilter | Where-Object { $_.state -eq 'valid' }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1

@@ -17,6 +17,15 @@ function Invoke-AddPolicy {
     $description = $Request.Body.Description
     $AssignTo = if ($Request.Body.AssignTo -ne 'on') { $Request.Body.AssignTo }
     $ExcludeGroup = $Request.Body.excludeGroup
+    $AssignmentFilterSelection = $Request.Body.AssignmentFilterName ?? $Request.Body.assignmentFilter
+    $AssignmentFilterType = $Request.Body.AssignmentFilterType ?? $Request.Body.assignmentFilterType
+    $AssignmentFilterName = switch ($AssignmentFilterSelection) {
+        { $_ -is [string] } { $_; break }
+        { $_ -and $_.PSObject.Properties['value'] } { $_.value; break }
+        { $_ -and $_.PSObject.Properties['displayName'] } { $_.displayName; break }
+        { $_ -and $_.PSObject.Properties['label'] } { $_.label; break }
+        default { $null }
+    }
     $Request.Body.customGroup ? ($AssignTo = $Request.Body.customGroup) : $null
     $RawJSON = $Request.Body.RAWJson
 
@@ -70,6 +79,12 @@ function Invoke-AddPolicy {
                 Headers          = $Headers
                 APIName          = $APIName
             }
+
+            if (-not [string]::IsNullOrWhiteSpace($AssignmentFilterName)) {
+                $params.AssignmentFilterName = $AssignmentFilterName
+                $params.AssignmentFilterType = [string]::IsNullOrWhiteSpace($AssignmentFilterType) ? 'include' : $AssignmentFilterType
+            }
+
             Set-CIPPIntunePolicy @params
         } catch {
             "$($_.Exception.Message)"

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecSyncDEP.ps1

@@ -0,0 +1,50 @@
+function Invoke-ExecSyncDEP {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.MEM.ReadWrite
+    .DESCRIPTION
+        Syncs devices from Apple Business Manager to Intune
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+    $TenantFilter = $Request.Body.tenantFilter
+    try {
+        $DepOnboardingSettings = @(New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings' -tenantid $TenantFilter)
+
+        if ($null -eq $DepOnboardingSettings -or $DepOnboardingSettings.Count -eq 0) {
+            $Result = 'No Apple Business Manager connections found'
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+        } else {
+            $SyncCount = 0
+            foreach ($DepSetting in $DepOnboardingSettings) {
+                if ($DepSetting.id) {
+                    $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings/$($DepSetting.id)/syncWithAppleDeviceEnrollmentProgram" -tenantid $TenantFilter
+                    $SyncCount++
+                }
+            }
+            if ($SyncCount -eq 0) {
+                $Result = 'No Apple Business Manager connections found'
+            } else {
+                $Result = "Successfully started device sync for $SyncCount Apple Business Manager connection$(if ($SyncCount -gt 1) { 's' })"
+            }
+            Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Info
+        }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = 'Failed to start Apple Business Manager device sync'
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+
+    return ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{ Results = $Result }
+        })
+
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1

@@ -75,8 +75,10 @@ function Invoke-AddUser {
                 'User'     = $CreationResults.User
             }
         } catch {
+            $ErrorMessage = $_.TargetObject.Results -join ' '
+            $ErrorMessage = [string]::IsNullOrWhiteSpace($ErrorMessage) ? $_.Exception.Message : $ErrorMessage
             $body = [pscustomobject] @{
-                'Results' = @("$($_.Exception.Message)")
+                'Results' = @("$ErrorMessage")
             }
             $StatusCode = [HttpStatusCode]::InternalServerError
         }

Modules/CIPPCore/Public/New-CIPPBackup.ps1

@@ -54,6 +54,8 @@ function New-CIPPBackup {
                         'WebhookRules'
                         'ScheduledTasks'
                         'TenantProperties'
+                        'TenantGroups'
+                        'TenantGroupMembers'
                     )
                     $CSVfile = foreach ($CSVTable in $BackupTables) {
                         $Table = Get-CippTable -tablename $CSVTable

Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1

@@ -195,18 +195,19 @@ function New-CIPPCAPolicy {
                 }
             } else {
                 if ($location.countriesAndRegions) { $location.countriesAndRegions = @($location.countriesAndRegions) }
-                $location | Select-Object * -ExcludeProperty id
-                Remove-ODataProperties -Object $location
-                $Body = ConvertTo-Json -InputObject $Location
+                $LocationBody = $location | Select-Object * -ExcludeProperty id
+                Remove-ODataProperties -Object $LocationBody
+                $Body = ConvertTo-Json -InputObject $LocationBody
                 $GraphRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -body $body -Type POST -tenantid $tenantfilter -asApp $true
                 $retryCount = 0
+                $MaxRetryCount = 10
                 do {
                     Write-Host "Checking for location $($GraphRequest.id) attempt $retryCount. $TenantFilter"
                     $LocationRequest = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/namedLocations' -tenantid $tenantfilter -asApp $true | Where-Object -Property id -EQ $GraphRequest.id
                     Write-Host "LocationRequest: $($LocationRequest.id)"
                     Start-Sleep -Seconds 2
                     $retryCount++
-                } while ((!$LocationRequest -or !$LocationRequest.id) -and ($retryCount -lt 5))
+                } while ((!$LocationRequest -or !$LocationRequest.id) -and ($retryCount -lt $MaxRetryCount))
                 Write-LogMessage -Tenant $TenantFilter -Headers $Headers -API $APINAME -message "Created new Named Location: $($location.displayName)" -Sev 'Info'
                 [pscustomobject]@{
                     id   = $GraphRequest.id