Merge pull request #1465 from KelvinTegelaar/dev

Dev to hotfix

Author: JohnDuprey

ConversionTable.csv

@@ -14,13 +14,19 @@ function Get-CIPPAlertHuntressRogueApps {
         [Parameter(Mandatory = $false)]
         [Alias('input')]
         $InputValue,
-        $TenantFilter
+        $TenantFilter,
+        [Parameter(Mandatory = $false)]
+        [bool]$IgnoreDisabledApps = $false
     )
 
     try {
         $RogueApps = Invoke-RestMethod -Uri 'https://raw.githubusercontent.com/huntresslabs/rogueapps/main/public/rogueapps.json'
         $RogueAppFilter = $RogueApps.appId -join "','"
         $ServicePrincipals = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/servicePrincipals?`$filter=appId in ('$RogueAppFilter')" -tenantid $TenantFilter
+        # If IgnoreDisabledApps is true, filter out disabled service principals
+        if ($IgnoreDisabledApps) {
+            $ServicePrincipals = $ServicePrincipals | Where-Object { $_.accountEnabled -eq $true }
+        }
 
         if (($ServicePrincipals | Measure-Object).Count -gt 0) {
             $AlertData = foreach ($ServicePrincipal in $ServicePrincipals) {

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertHuntressRogueApps.ps1

@@ -0,0 +1,39 @@
+function Get-CIPPAlertTERRL {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    [CmdletBinding()]
+    Param (
+        [Parameter(Mandatory = $false)]
+        [Alias('input')]
+        $InputValue,
+        $TenantFilter
+    )
+
+    try {
+        # Set threshold with fallback to 80%
+        $Threshold = if ([string]::IsNullOrWhiteSpace($InputValue)) { 80 } else { [int]$InputValue }
+
+        # Get TERRL status
+        $TerrlStatus = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-LimitsEnforcementStatus'
+
+        if ($TerrlStatus) {
+            $UsagePercentage = [math]::Round(($TerrlStatus.ObservedValue / $TerrlStatus.Threshold) * 100, 2)
+
+            if ($UsagePercentage -gt $Threshold) {
+                $AlertData = [PSCustomObject]@{
+                    UsagePercentage    = $UsagePercentage
+                    CurrentVolume      = $TerrlStatus.ObservedValue
+                    ThresholdLimit     = $TerrlStatus.Threshold
+                    EnforcementEnabled = $TerrlStatus.EnforcementEnabled
+                    Verdict            = $TerrlStatus.Verdict
+                    Message            = 'Tenant is at {0}% of their TERRL limit (using {1} of {2} messages). Tenant Enforcement Status: {3}' -f $UsagePercentage, $TerrlStatus.ObservedValue, $TerrlStatus.Threshold, $TerrlStatus.Verdict
+                }
+                Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
+            }
+        }
+    } catch {
+        Write-AlertMessage -tenant $($TenantFilter) -message "Could not get TERRL status for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+    }
+}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertTERRL.ps1

@@ -16,24 +16,34 @@ function Get-CIPPAccessRole {
     Internal
     #>
     [CmdletBinding()]
-    param($Request)
+    param($Request, $Headers)
 
-    $CacheAccessUserRoleTable = Get-CIPPTable -tablename 'cacheAccessUserRole'
-    $CachedRoles = Get-CIPPAzDataTableEntity @CacheAccessUserRoleTable -Filter "PartitionKey eq 'AccessUser' and RowKey eq '$($Request.Headers.'x-ms-client-principal-name')'" | Select-Object -ExpandProperty Role | ConvertFrom-Json
+    $Headers = $Request.Headers ?? $Headers
 
-    $SwaCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json)
+    $CacheAccessUserRoleTable = Get-CIPPTable -tablename 'cacheAccessUserRoles'
+
+    $SwaCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json)
     $SwaRoles = $SwaCreds.userRoles
+    $Username = $SwaCreds.userDetails
+
+    $CachedRoles = Get-CIPPAzDataTableEntity @CacheAccessUserRoleTable -Filter "PartitionKey eq 'AccessUser' and RowKey eq '$Username'" | Select-Object -ExpandProperty Role | ConvertFrom-Json
+
+    Write-Information "SWA Roles: $($SwaRoles -join ', ')"
+    Write-Information "Cached Roles: $($CachedRoles -join ', ')"
 
     # Combine SWA roles and cached roles into a single deduplicated list
     $AllRoles = [System.Collections.Generic.List[string]]::new()
-    if ($null -ne $SwaRoles) {
-        $AllRoles.AddRange($SwaRoles)
+
+    foreach ($Role in $SwaRoles) {
+        if (-not $AllRoles.Contains($Role)) {
+            $AllRoles.Add($Role)
+        }
     }
-    if ($null -ne $CachedRoles) {
-        $AllRoles.AddRange($CachedRoles)
+    foreach ($Role in $CachedRoles) {
+        if (-not $AllRoles.Contains($Role)) {
+            $AllRoles.Add($Role)
+        }
     }
-
-    # Remove duplicates and ensure we have a clean array
     $CombinedRoles = $AllRoles | Select-Object -Unique
 
     # For debugging