offboarding tweak

JohnDuprey · JohnDuprey · commit 5be5429900c0 · 2024-12-10T18:07:58.000-05:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1
@@ -12,15 +12,15 @@ Function Invoke-ExecOffboardTenant {
     try {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
-        $Tenantfilter = $request.body.tenantfilter
-
-        # temp fix -rvdwegen
-        $tenantId = (Invoke-RestMethod -Method GET "https://login.windows.net/$Tenantfilter/.well-known/openid-configuration").token_endpoint.Split('/')[3]
+        $TenantQuery = $Request.Body.TenantFilter.value ?? $Request.Body.TenantFilter
+        $Tenant = Get-Tenants -IncludeAll -TenantFilter $TenantQuery
+        $TenantId = $Tenant.customerId
+        $TenantFilter = $Tenant.defaultDomainName
 
         $results = [System.Collections.ArrayList]@()
         $errors = [System.Collections.ArrayList]@()
 
-        if ($request.body.RemoveCSPGuestUsers) {
+        if ($request.body.RemoveCSPGuestUsers -eq $true) {
             # Delete guest users who's domains match the CSP tenants
             try {
                 try {
@@ -42,7 +42,7 @@ Function Invoke-ExecOffboardTenant {
                     $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter
 
                     $results.Add('Successfully removed guest users')
-                    Write-LogMessage -user $ExecutingUser -API $APIName -message "CSP Guest users were removed" -Sev "Info" -tenant $TenantFilter
+                    Write-LogMessage -user $ExecutingUser -API $APIName -message 'CSP Guest users were removed' -Sev 'Info' -tenant $TenantFilter
                 } else {
                     $results.Add('No guest users found to remove')
                 }
@@ -51,7 +51,7 @@ Function Invoke-ExecOffboardTenant {
             }
         }
 
-        if ($request.body.RemoveCSPnotificationContacts) {
+        if ($request.body.RemoveCSPnotificationContacts -eq $true) {
             # Remove all email adresses that match the CSP tenants domains from the contact properties in /organization
             try {
                 try {
@@ -72,19 +72,19 @@ Function Invoke-ExecOffboardTenant {
             }
 
             # foreach through the properties we want to check/update
-            @('marketingNotificationEmails','securityComplianceNotificationMails','technicalNotificationMails') | ForEach-Object {
+            @('marketingNotificationEmails', 'securityComplianceNotificationMails', 'technicalNotificationMails') | ForEach-Object {
                 $property = $_
                 $propertyContacts = $orgContacts.($($property))
 
-                if ($propertyContacts -AND ($domains -notcontains ($propertyContacts | ForEach-Object { $_.Split("@")[1] }))) {
-                    $newPropertyContent = [System.Collections.Generic.List[object]]($propertyContacts | Where-Object { $domains -notcontains $_.Split("@")[1] })
+                if ($propertyContacts -AND ($domains -notcontains ($propertyContacts | ForEach-Object { $_.Split('@')[1] }))) {
+                    $newPropertyContent = [System.Collections.Generic.List[object]]($propertyContacts | Where-Object { $domains -notcontains $_.Split('@')[1] })
 
                     $patchContactBody = if (!($newPropertyContent)) { "{ `"$($property)`" : [] }" } else { [pscustomobject]@{ $property = $newPropertyContent } | ConvertTo-Json }
 
                     try {
-                        New-GraphPostRequest -type PATCH -body $patchContactBody -Uri "https://graph.microsoft.com/v1.0/organization/$($orgContacts.id)" -tenantid $Tenantfilter -ContentType "application/json"
-                        $results.Add("Successfully removed notification contacts from $($property): $(($propertyContacts | Where-Object { $domains -contains $_.Split("@")[1] }))")
-                        Write-LogMessage -user $ExecutingUser -API $APIName -message "Contacts were removed from $($property)" -Sev "Info" -tenant $TenantFilter
+                        New-GraphPostRequest -type PATCH -body $patchContactBody -Uri "https://graph.microsoft.com/v1.0/organization/$($orgContacts.id)" -tenantid $Tenantfilter -ContentType 'application/json'
+                        $results.Add("Successfully removed notification contacts from $($property): $(($propertyContacts | Where-Object { $domains -contains $_.Split('@')[1] }))")
+                        Write-LogMessage -user $ExecutingUser -API $APIName -message "Contacts were removed from $($property)" -Sev 'Info' -tenant $TenantFilter
                     } catch {
                         $errors.Add("Failed to update property $($property): $($_.Exception.message)")
                     }
@@ -95,13 +95,13 @@ Function Invoke-ExecOffboardTenant {
             # Add logic for privacyProfile later - rvdwegen
 
         }
-
-        if ($request.body.RemoveVendorApps) {
-            $request.body.RemoveVendorApps | ForEach-Object {
+        $VendorApps = $Request.Body.vendorApplications
+        if ($VendorApps) {
+            $VendorApps | ForEach-Object {
                 try {
                     $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.value)" -tenantid $Tenantfilter)
                     $results.Add("Successfully removed app $($_.label)")
-                    Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.label) was removed" -Sev "Info" -tenant $TenantFilter
+                    Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.label) was removed" -Sev 'Info' -tenant $TenantFilter
                 } catch {
                     #$results.Add("Failed to removed app $($_.displayName)")
                     $errors.Add("Failed to removed app $($_.label)")
@@ -110,7 +110,7 @@ Function Invoke-ExecOffboardTenant {
         }
 
         # All customer tenant specific actions ALWAYS have to be completed before this action!
-        if ($request.body.RemoveMultitenantCSPApps) {
+        if ($request.body.RemoveMultitenantCSPApps -eq $true) {
             # Remove multi-tenant apps with the CSP tenant as origin
             try {
                 $multitenantCSPApps = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/servicePrincipals?`$count=true&`$select=displayName,appId,id,appOwnerOrganizationId&`$filter=appOwnerOrganizationId eq $($env:TenantID)" -tenantid $Tenantfilter -ComplexFilter)
@@ -119,7 +119,7 @@ Function Invoke-ExecOffboardTenant {
                     try {
                         $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.id)" -tenantid $Tenantfilter)
                         $results.Add("Successfully removed app $($_.displayName)")
-                        Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.displayName) was removed" -Sev "Info" -tenant $TenantFilter
+                        Write-LogMessage -user $ExecutingUser -API $APIName -message "App $($_.displayName) was removed" -Sev 'Info' -tenant $TenantFilter
                     } catch {
                         #$results.Add("Failed to removed app $($_.displayName)")
                         $errors.Add("Failed to removed app $($_.displayName)")
@@ -131,7 +131,7 @@ Function Invoke-ExecOffboardTenant {
             }
         }
 
-        if ($request.body.TerminateGDAP) {
+        if ($request.body.TerminateGDAP -eq $true) {
             # Terminate GDAP relationships
             try {
                 $TenantFilter
@@ -142,7 +142,7 @@ Function Invoke-ExecOffboardTenant {
                     try {
                         $terminate = (New-GraphPostRequest -type 'POST' -Uri "https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/$($_.id)/requests" -body '{"action":"terminate"}' -ContentType 'application/json' -tenantid $env:TenantID)
                         $results.Add("Successfully terminated GDAP relationship $($_.displayName) from tenant $TenantFilter")
-                        Write-LogMessage -user $ExecutingUser -API $APIName -message "GDAP Relationship $($_.displayName) has been terminated" -Sev "Info" -tenant $TenantFilter
+                        Write-LogMessage -user $ExecutingUser -API $APIName -message "GDAP Relationship $($_.displayName) has been terminated" -Sev 'Info' -tenant $TenantFilter
                     } catch {
                         $($_.Exception.message)
                         #$results.Add("Failed to terminate GDAP relationship $($_.displayName): $($_.Exception.message)")
@@ -156,12 +156,12 @@ Function Invoke-ExecOffboardTenant {
             }
         }
 
-        if ($request.body.TerminateContract) {
+        if ($request.body.TerminateContract -eq $true) {
             # Terminate contract relationship
             try {
                 $terminate = (New-GraphPostRequest -type 'PATCH' -body '{ "relationshipToPartner": "none" }' -Uri "https://api.partnercenter.microsoft.com/v1/customers/$TenantFilter" -ContentType 'application/json' -scope 'https://api.partnercenter.microsoft.com/user_impersonation' -tenantid $env:TenantID)
                 $results.Add('Successfully terminated contract relationship')
-                Write-LogMessage -user $ExecutingUser -API $APIName -message "Contract relationship terminated" -Sev "Info" -tenant $TenantFilter
+                Write-LogMessage -user $ExecutingUser -API $APIName -message 'Contract relationship terminated' -Sev 'Info' -tenant $TenantFilter
             } catch {
                 #$results.Add("Failed to terminate contract relationship: $($_.Exception.message)")
                 $errors.Add("Failed to terminate contract relationship: $($_.Exception.message)")
