Merge pull request #1147 from JohnDuprey/dev

Bugfixes

Author: JohnDuprey

Config/standards.json

@@ -13,11 +13,26 @@ function Get-CippAuditLogSearches {
         [Parameter()]
         [switch]$ReadyToProcess
     )
-    $Queries = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/auditLog/queries' -AsApp $true -tenantid $TenantFilter
+
     if ($ReadyToProcess.IsPresent) {
         $AuditLogSearchesTable = Get-CippTable -TableName 'AuditLogSearches'
         $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "Tenant eq '$TenantFilter' and CippStatus eq 'Pending'"
+
+        $BulkRequests = foreach ($PendingQuery in $PendingQueries) {
+            @{
+                id     = $PendingQuery.RowKey
+                url    = 'security/auditLog/queries/' + $PendingQuery.RowKey
+                method = 'GET'
+            }
+        }
+        if ($BulkRequests.Count -eq 0) {
+            return @()
+        }
+        $Queries = New-GraphBulkRequest -Requests @($BulkRequests) -AsApp $true -TenantId $TenantFilter | Select-Object -ExpandProperty body
+
         $Queries = $Queries | Where-Object { $PendingQueries.RowKey -contains $_.id -and $_.status -eq 'succeeded' }
+    } else {
+        $Queries = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/auditLog/queries' -AsApp $true -tenantid $TenantFilter
     }
     return $Queries
 }

Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearches.ps1

@@ -36,7 +36,7 @@ function Push-AuditLogTenant {
     $Configuration = $ConfigEntries | Where-Object { ($_.Tenants -match $TenantFilter -or $_.Tenants -match 'AllTenants') }
     if ($Configuration) {
         try {
-            $LogSearches = Get-CippAuditLogSearches -TenantFilter $TenantFilter -ReadyToProcess
+            $LogSearches = Get-CippAuditLogSearches -TenantFilter $TenantFilter -ReadyToProcess | Select-Object -First 20
             Write-Information ('Audit Logs: Found {0} searches, begin processing' -f $LogSearches.Count)
             foreach ($Search in $LogSearches) {
                 $SearchEntity = Get-CIPPAzDataTableEntity @LogSearchesTable -Filter "Tenant eq '$($TenantFilter)' and RowKey eq '$($Search.id)'"

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1

@@ -31,8 +31,20 @@ Function Invoke-ExecExtensionsConfig {
 
         # Check if NinjaOne URL is set correctly and the instance has at least version 5.6
         if ($Body.NinjaOne) {
+            $AllowedNinjaHostnames = @(
+                'app.ninjarmmm.com',
+                'eu.ninjarmmm.com',
+                'oc.ninjarmmm.com',
+                'ca.ninjarmmm.com',
+                'us2.ninjarmm.com'
+            )
+            $SetNinjaHostname = $Body.NinjaOne.Instance -replace '/ws', '' -replace 'https://', ''
+            if ($AllowedNinjaHostnames -notcontains $SetNinjaHostname) {
+                throw "NinjaOne URL is not allowed. Allowed hostnames are: $($AllowedNinjaHostnames -join ', ')"
+            }
+
             try {
-                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
+                [version]$Version = (Invoke-WebRequest -Method GET -Uri "$SetNinjaHostname/app-version.txt" -ea stop).content
             } catch {
                 throw "Failed to connect to NinjaOne check your Instance is set correctly eg 'app.ninjarmmm.com'"
             }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1

@@ -40,8 +40,11 @@ Function Invoke-ListBPA {
             $row = $_
             $JSONFields | ForEach-Object {
                 $jsonContent = $row.$_
-                if ($jsonContent -ne $null -and $jsonContent -ne 'FAILED') {
-                    $row.$_ = $jsonContent | ConvertFrom-Json -Depth 15
+                if (![string]::IsNullOrEmpty($jsonContent) -and $jsonContent -ne 'FAILED') {
+                    try {
+                        $row.$_ = $jsonContent | ConvertFrom-Json -Depth 15
+                    } catch {
+                    }
                 }
             }
             $row.PSObject.Properties | ForEach-Object {
@@ -61,8 +64,11 @@ Function Invoke-ListBPA {
             $row = $_
             $JSONFields | ForEach-Object {
                 $jsonContent = $row.$_
-                if ($jsonContent -ne $null -and $jsonContent -ne 'FAILED') {
-                    $row.$_ = $jsonContent | ConvertFrom-Json -Depth 15
+                if (![string]::IsNullOrEmpty($jsonContent) -and $jsonContent -ne 'FAILED') {
+                    try {
+                        $row.$_ = $jsonContent | ConvertFrom-Json -Depth 15
+                    } catch {
+                    }
                 }
             }
             $row | Where-Object -Property PartitionKey -In $Tenants.customerId

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1

@@ -96,11 +96,9 @@ function Get-GraphRequestList {
     $Count = 0
     if ($TenantFilter -ne 'AllTenants') {
         $GraphRequest = @{
-            uri      = $GraphQuery.ToString()
-            tenantid = $TenantFilter
-        }
-        if ($Parameters.'$filter') {
-            $GraphRequest.ComplexFilter = $true
+            uri           = $GraphQuery.ToString()
+            tenantid      = $TenantFilter
+            ComplexFilter = $true
         }
         if ($NoPagination.IsPresent) {
             $GraphRequest.noPagination = $NoPagination.IsPresent

Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1

@@ -48,10 +48,10 @@ function Set-CIPPAssignedPolicy {
             }
             default {
                 $GroupNames = $GroupName.Split(',')
-                $GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $TenantFilter | ForEach-Object {
+                $GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | ForEach-Object {
                     $Group = $_
                     foreach ($SingleName in $GroupNames) {
-                        if ($_.displayname -like $SingleName) {
+                        if ($_.displayName -like $SingleName) {
                             $group.id
                         }
                     }

Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1

@@ -39,10 +39,14 @@ function Invoke-CIPPStandardPerUserMFA {
             url    = "/users/$id/authentication/requirements"
         }
     }
-    $UsersWithoutMFA = (New-GraphBulkRequest -tenantid $tenant -Requests @($Requests) -asapp $true).body | Where-Object { $_.perUserMfaState -ne 'enforced' } | Select-Object peruserMFAState, @{Name = 'userPrincipalName'; Expression = { [System.Web.HttpUtility]::UrlDecode($_.'@odata.context'.split("'")[1]) } }
+    if ($Requests) {
+        $UsersWithoutMFA = (New-GraphBulkRequest -tenantid $tenant -Requests @($Requests) -asapp $true).body | Where-Object { $_.perUserMfaState -ne 'enforced' } | Select-Object peruserMFAState, @{Name = 'userPrincipalName'; Expression = { [System.Web.HttpUtility]::UrlDecode($_.'@odata.context'.split("'")[1]) } }
+    } else {
+        $UsersWithoutMFA = @()
+    }
 
     If ($Settings.remediate -eq $true) {
-        if (($UsersWithoutMFA.userPrincipalName | Measure-Object).Count -gt 0) {
+        if (($UsersWithoutMFA | Measure-Object).Count -gt 0) {
             try {
                 $MFAMessage = Set-CIPPPerUserMFA -TenantFilter $Tenant -userId @($UsersWithoutMFA.userPrincipalName) -State 'enforced'
                 Write-LogMessage -API 'Standards' -tenant $tenant -message $MFAMessage -sev Info