Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev

Author: KelvinTegelaar

Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1

@@ -58,7 +58,7 @@ function Invoke-CIPPOffboardingJob {
             }
         }
         { $_.'RemoveLicenses' -eq 'true' } {
-            Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName
+            Remove-CIPPLicense -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -Schedule
         }
 
         { $_.'Deleteuser' -eq 'true' } {

Modules/CIPPCore/Public/Remove-CIPPLicense.ps1

@@ -5,32 +5,57 @@ function Remove-CIPPLicense {
         $userid,
         $username,
         $APIName = 'Remove License',
-        $TenantFilter
+        $TenantFilter,
+        [switch]$Schedule
     )
 
-    try {
-        $ConvertTable = Import-Csv ConversionTable.csv
-        $User = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -tenantid $tenantFilter
-        if (!$username) { $username = $User.userPrincipalName }
-        $CurrentLicenses = $User.assignedlicenses.skuid
-        $ConvertedLicense = $(($ConvertTable | Where-Object { $_.guid -in $CurrentLicenses }).'Product_Display_Name' | Sort-Object -Unique) -join ', '
-        if ($CurrentLicenses) {
-            $LicensePayload = [PSCustomObject]@{
-                addLicenses    = @()
-                removeLicenses = @($CurrentLicenses)
+    if ($Schedule.IsPresent) {
+        $ScheduledTask = @{
+            TenantFilter  = $TenantFilter
+            Name          = "Remove License: $Username"
+            Command       = @{
+                value = 'Remove-CIPPLicense'
             }
-            if ($PSCmdlet.ShouldProcess($userid, "Remove licenses: $ConvertedLicense")) {
-                $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/assignlicense" -tenantid $tenantFilter -type POST -body (ConvertTo-Json -InputObject $LicensePayload -Compress -Depth 5) -verbose
-                Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed licenses for $($username): $ConvertedLicense" -Sev 'Info' -tenant $TenantFilter
+            Parameters    = [pscustomobject]@{
+                userid        = $userid
+                username      = $username
+                APIName       = 'Scheduled License Removal'
+                ExecutingUser = $ExecutingUser
             }
-            return "Removed licenses for $($Username): $ConvertedLicense"
-        } else {
-            Write-LogMessage -user $ExecutingUser -API $APIName -message "No licenses to remove for $username" -Sev 'Info' -tenant $TenantFilter
-            return "No licenses to remove for $username"
+            ScheduledTime = [int64](([datetime]::UtcNow).AddMinutes(5) - (Get-Date '1/1/1970')).TotalSeconds
+            PostExecution = @{
+                Webhook = $false
+                Email   = $false
+                PSA     = $false
+            }
+        }
+        Add-CIPPScheduledTask -Task $ScheduledTask -hidden $false
+        return "Scheduled license removal for $username"
+    } else {
+        try {
+            $ConvertTable = Import-Csv ConversionTable.csv
+            $User = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)" -tenantid $tenantFilter
+            if (!$username) { $username = $User.userPrincipalName }
+            $CurrentLicenses = $User.assignedlicenses.skuid
+            $ConvertedLicense = $(($ConvertTable | Where-Object { $_.guid -in $CurrentLicenses }).'Product_Display_Name' | Sort-Object -Unique) -join ', '
+            if ($CurrentLicenses) {
+                $LicensePayload = [PSCustomObject]@{
+                    addLicenses    = @()
+                    removeLicenses = @($CurrentLicenses)
+                }
+                if ($PSCmdlet.ShouldProcess($userid, "Remove licenses: $ConvertedLicense")) {
+                    $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userid)/assignlicense" -tenantid $tenantFilter -type POST -body (ConvertTo-Json -InputObject $LicensePayload -Compress -Depth 5) -verbose
+                    Write-LogMessage -user $ExecutingUser -API $APIName -message "Removed licenses for $($username): $ConvertedLicense" -Sev 'Info' -tenant $TenantFilter
+                }
+                return "Removed licenses for $($Username): $ConvertedLicense"
+            } else {
+                Write-LogMessage -user $ExecutingUser -API $APIName -message "No licenses to remove for $username" -Sev 'Info' -tenant $TenantFilter
+                return "No licenses to remove for $username"
+            }
+        } catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not remove license for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
+            return "Could not remove license for $($username). Error: $($ErrorMessage.NormalizedError)"
         }
-    } catch {
-        $ErrorMessage = Get-CippException -Exception $_
-        Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not remove license for $username. Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
-        return "Could not remove license for $($username). Error: $($ErrorMessage.NormalizedError)"
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1

@@ -51,11 +51,11 @@ function Invoke-CIPPStandardAntiPhishPolicy {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'AntiPhishPolicy'
 
-    $PolicyName = 'Default Anti-Phishing Policy'
+    $PolicyName = @('Default Anti-Phishing Policy', 'Office365 AntiPhish Default (Default)')
 
     $CurrentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' |
-    Where-Object -Property Name -EQ $PolicyName |
-    Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection
+        Where-Object -Property Name -In $PolicyName |
+        Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, AuthenticationFailAction, SpoofQuarantineTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag, TargetedUserProtectionAction, TargetedUserQuarantineTag, TargetedDomainProtectionAction, TargetedDomainQuarantineTag, EnableOrganizationDomainsProtection
 
     $StateIsCorrect = ($CurrentState.Name -eq $PolicyName) -and
                       ($CurrentState.Enabled -eq $true) -and
@@ -82,8 +82,8 @@ function Invoke-CIPPStandardAntiPhishPolicy {
     $AcceptedDomains = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AcceptedDomain'
 
     $RuleState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishRule' |
-    Where-Object -Property Name -EQ "CIPP $PolicyName" |
-    Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs
+        Where-Object -Property Name -EQ "CIPP $PolicyName" |
+        Select-Object Name, AntiPhishPolicy, Priority, RecipientDomainIs
 
     $RuleStateIsCorrect = ($RuleState.Name -eq "CIPP $PolicyName") -and
                           ($RuleState.AntiPhishPolicy -eq $PolicyName) -and

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1

@@ -33,31 +33,32 @@ function Invoke-CIPPStandardDisableUserSiteCreate {
 
     If ($Settings.remediate -eq $true) {
 
-        if ($CurrentInfo.isSiteCreationEnabled) {
+        if ($CurrentInfo.isSiteCreationEnabled -or $CurrentInfo.isSiteCreationUIEnabled) {
             try {
-                $body = '{"isSiteCreationEnabled": false}'
+                $body = '{"isSiteCreationEnabled": false, "isSiteCreationUIEnabled": false}'
                 $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json'
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites' -sev Info
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites and adjusted UI setting' -sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $ErrorMessage" -sev Error
             }
         } else {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites and UI setting is adjusted' -sev Info
         }
 
     }
 
     if ($Settings.alert -eq $true) {
 
-        if ($CurrentInfo.isSiteCreationEnabled -eq $false) {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites' -sev Info
+        if ($CurrentInfo.isSiteCreationEnabled -eq $false -and $CurrentInfo.isSiteCreationUIEnabled -eq $false) {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites and UI setting is disabled' -sev Info
         } else {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites' -sev Alert
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites or UI setting is enabled' -sev Alert
         }
     }
 
     if ($Settings.report -eq $true) {
         Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue $CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant
+        Add-CIPPBPAField -FieldName 'DisableUserSiteCreateUI' -FieldValue $CurrentInfo.isSiteCreationUIEnabled -StoreAs bool -Tenant $tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsGlobalMeetingPolicy.ps1

@@ -38,9 +38,9 @@ Function Invoke-CIPPStandardTeamsGlobalMeetingPolicy {
     $StateIsCorrect = ($CurrentState.AllowAnonymousUsersToJoinMeeting -eq $false) -and
                         ($CurrentState.AllowAnonymousUsersToStartMeeting -eq $false) -and
                         ($CurrentState.AutoAdmittedUsers -eq 'EveryoneInCompanyExcludingGuests') -and
-                        ($CurrentState.AllowPSTNUsersToBypassLobby -eq $false)
-                        ($CurrentState.MeetingChatEnabledType -eq 'EnabledExceptAnonymous')
-                        ($CurrentState.DesignatedPresenterRoleMode -eq $Settings.DesignatedPresenterRoleMode)
+                        ($CurrentState.AllowPSTNUsersToBypassLobby -eq $false) -and
+                        ($CurrentState.MeetingChatEnabledType -eq 'EnabledExceptAnonymous') -and
+                        ($CurrentState.DesignatedPresenterRoleMode -eq $Settings.DesignatedPresenterRoleMode) -and
                         ($CurrentState.AllowExternalParticipantGiveRequestControl -eq $false)
 
     if ($Settings.remediate -eq $true) {