From 62230effa8695019fbfae159d4b4c5320e232347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 19:18:59 +0100 Subject: [PATCH 1/3] Change device actions from GET to POST and update field names for consistency --- .../identity/administration/devices/index.js | 33 +++++++++++++------ 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/src/pages/identity/administration/devices/index.js b/src/pages/identity/administration/devices/index.js index 30cfcc151253..7985b4bcebd9 100644 --- a/src/pages/identity/administration/devices/index.js +++ b/src/pages/identity/administration/devices/index.js @@ -4,46 +4,45 @@ import { Layout as DashboardLayout } from "/src/layouts/index.js"; // had to add const Page = () => { const pageTitle = "Devices"; const actions = [ - // these are currently GET requests that should be converted to POST requests. { label: "Enable Device", - type: "GET", + type: "POST", url: "/api/ExecDeviceDelete", data: { ID: "id", - Action: "!Enable", + action: "Enable", }, confirmText: "Are you sure you want to enable this device?", multiPost: false, }, { label: "Disable Device", - type: "GET", + type: "POST", url: "/api/ExecDeviceDelete", data: { ID: "id", - Action: "!Disable", + action: "Disable", }, confirmText: "Are you sure you want to disable this device?", multiPost: false, }, { - label: "Retrieve Bitlocker Keys", + label: "Retrieve BitLocker Keys", type: "GET", url: "/api/ExecGetRecoveryKey", data: { GUID: "id", }, - confirmText: "Are you sure you want to retrieve the Bitlocker keys?", + confirmText: "Are you sure you want to retrieve the BitLocker keys?", multiPost: false, }, { label: "Delete Device", - type: "GET", + type: "POST", url: "/api/ExecDeviceDelete", data: { ID: "id", - Action: "!Delete", + action: "Delete", }, confirmText: "Are you sure you want to delete this device?", multiPost: false, @@ -51,7 +50,20 @@ const Page = () => { ]; const offCanvas = { - extendedInfoFields: ["createdDateTime", "displayName", "id"], + extendedInfoFields: [ + "accountEnabled", + "displayName", + "id", + "recipientType", + "enrollmentType", + "manufacturer", + "model", + "operatingSystem", + "operatingSystemVersion", + "profileType", + "createdDateTime", + "approximateLastSignInDateTime", + ], actions: actions, }; @@ -77,6 +89,7 @@ const Page = () => { "operatingSystem", "operatingSystemVersion", "profileType", + "approximateLastSignInDateTime", ]} /> ); From 519a67f55f32a4b62e81731f21c6b284f715d8d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 20:48:01 +0100 Subject: [PATCH 2/3] Add standard for cleaning up stale Entra devices with configurable age threshold --- src/data/standards.json | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index c50f45b20e68..864eb6fd3ad5 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -644,6 +644,30 @@ "powershellEquivalent": "", "recommendedBy": [] }, + { + "name": "standards.StaleEntraDevices", + "cat": "Entra (AAD) Standards", + "tag": ["highimpact", "CIS"], + "helpText": "Cleans up Entra devices that have not connected/signed in for the specified number of days.", + "docsDescription": "Cleans up Entra devices that have not connected/signed in for the specified number of days. First disables and later deletes the devices. More info can be found in the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices)", + "addedComponent": [ + { + "type": "number", + "name": "standards.StaleEntraDevices.deviceAgeThreshold", + "label": "Days before stale(Dont set below 30)" + } + ], + "disabledFeatures": { + "report": false, + "warn": false, + "remediate": true + }, + "label": "Cleanup stale Entra devices", + "impact": "High Impact", + "impactColour": "danger", + "powershellEquivalent": "Remove-MgDevice, Update-MgDevice or Graph API", + "recommendedBy": [] + }, { "name": "standards.UndoOauth", "cat": "Entra (AAD) Standards", From e7deb88791df7392412f59c03aa61c36e0f90feb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 19 Jan 2025 21:27:38 +0100 Subject: [PATCH 3/3] Update device actions and remove unused offCanvas configuration --- .../identity/administration/devices/index.js | 25 +++---------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/src/pages/identity/administration/devices/index.js b/src/pages/identity/administration/devices/index.js index 7985b4bcebd9..d58914fdcbec 100644 --- a/src/pages/identity/administration/devices/index.js +++ b/src/pages/identity/administration/devices/index.js @@ -10,7 +10,7 @@ const Page = () => { url: "/api/ExecDeviceDelete", data: { ID: "id", - action: "Enable", + action: "!Enable", }, confirmText: "Are you sure you want to enable this device?", multiPost: false, @@ -21,7 +21,7 @@ const Page = () => { url: "/api/ExecDeviceDelete", data: { ID: "id", - action: "Disable", + action: "!Disable", }, confirmText: "Are you sure you want to disable this device?", multiPost: false, @@ -42,31 +42,13 @@ const Page = () => { url: "/api/ExecDeviceDelete", data: { ID: "id", - action: "Delete", + action: "!Delete", }, confirmText: "Are you sure you want to delete this device?", multiPost: false, }, ]; - const offCanvas = { - extendedInfoFields: [ - "accountEnabled", - "displayName", - "id", - "recipientType", - "enrollmentType", - "manufacturer", - "model", - "operatingSystem", - "operatingSystemVersion", - "profileType", - "createdDateTime", - "approximateLastSignInDateTime", - ], - actions: actions, - }; - return ( { }} apiDataKey="Results" actions={actions} - offCanvas={offCanvas} simpleColumns={[ "displayName", "accountEnabled",