Merge branch 'KelvinTegelaar:master' into master

Author: Simon-Psenner

Activity_AddOrUpdateTableRows/run.ps1

@@ -3,11 +3,10 @@ $TableName = ($TableParams.Context['TableName'])
 $Table = Get-CippTable -tablename $TableName
 
 foreach ($param in $TableParams.Entity) {
-  try {
-    #Sending each item indivually, if it fails, log an error.
-    Add-CIPPAzDataTableEntity @Table -Entity $param -Force
-  }
-  catch {
-    Write-LogMessage -API 'Activity_AddOrUpdateTableRows' -message "Unable to write to '$($TableParams.TableName)' Using RowKey $($param.RowKey) table: $($_.Exception.Message)" -sev error
-  }
+    try {
+        #Sending each item indivually, if it fails, log an error.
+        Add-CIPPAzDataTableEntity @Table -Entity $param -Force
+    } catch {
+        Write-LogMessage -API 'Activity_AddOrUpdateTableRows' -message "Unable to write to '$($TableParams.TableName)' Using RowKey $($param.RowKey)" -LogData (Get-CippException -Exception $_) -sev error
+    }
 }

Applications_Orchestrator/run.ps1

@@ -17,7 +17,7 @@ try {
   $Outputs = Wait-ActivityFunction -Task $ParallelTasks
   Write-Host $Outputs
 }
-catch { 
+catch {
   Write-Host "Applications_Orchestrator exception: $($_.Exception.Message)"
 }
 finally {

Applications_Upload/run.ps1

@@ -1,14 +1,14 @@
 param($name)
 $Table = Get-CippTable -tablename 'apps'
-$Filter = "PartitionKey eq 'apps' and RowKey eq '$name'" 
+$Filter = "PartitionKey eq 'apps' and RowKey eq '$name'"
 Set-Location (Get-Item $PSScriptRoot).Parent.FullName
 $ChocoApp = (Get-CIPPAzDataTableEntity @Table -filter $Filter).JSON | ConvertFrom-Json
 $intuneBody = $ChocoApp.IntuneBody
-$tenants = if ($chocoapp.Tenant -eq 'AllTenants') { 
+$tenants = if ($chocoapp.Tenant -eq 'AllTenants') {
     (Get-tenants).defaultDomainName
 } else {
     $chocoapp.Tenant
-} 
+}
 if ($chocoApp.type -eq 'MSPApp') {
     [xml]$Intunexml = Get-Content "AddMSPApp\$($ChocoApp.MSPAppName).app.xml"
     $intunewinFilesize = (Get-Item "AddMSPApp\$($ChocoApp.MSPAppName).intunewin")
@@ -25,7 +25,7 @@ $ContentBody = ConvertTo-Json @{
     name          = $intunexml.ApplicationInfo.FileName
     size          = [int64]$intunexml.ApplicationInfo.UnencryptedContentSize
     sizeEncrypted = [int64]($intunewinFilesize).length
-} 
+}
 $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter
 $RemoveCacheFile = if ($chocoapp.Tenant -ne 'AllTenants') {
     Remove-AzDataTableEntity @Table -Entity $clearRow
@@ -54,11 +54,11 @@ foreach ($tenant in $tenants) {
     Try {
 
         $ApplicationList = (New-graphGetRequest -Uri $baseuri -tenantid $Tenant) | Where-Object { $_.DisplayName -eq $ChocoApp.ApplicationName }
-        if ($ApplicationList.displayname.count -ge 1) { 
+        if ($ApplicationList.displayname.count -ge 1) {
             Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) exists. Skipping this application" -Sev 'Info'
             continue
         }
-        if ($chocoApp.type -eq 'WinGet') { 
+        if ($chocoApp.type -eq 'WinGet') {
             Write-Host 'Winget!'
             Write-Host ($intuneBody | ConvertTo-Json -Compress)
             $NewApp = New-GraphPostRequest -Uri $baseuri -Body ($intuneBody | ConvertTo-Json -Compress) -Type POST -tenantid $tenant
@@ -79,8 +79,8 @@ foreach ($tenant in $tenants) {
             $AzFileUri = New-graphGetRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)" -tenantid $tenant
             if ($AZfileuri.uploadState -like '*fail*') { break }
             Start-Sleep -Milliseconds 300
-        } while ($AzFileUri.AzureStorageUri -eq $null) 
-        
+        } while ($AzFileUri.AzureStorageUri -eq $null)
+
         $chunkSizeInBytes = 4mb
         [byte[]]$bytes = [System.IO.File]::ReadAllBytes($($intunewinFilesize.fullname))
         $chunks = [Math]::Ceiling($bytes.Length / $chunkSizeInBytes)
@@ -89,15 +89,15 @@ foreach ($tenant in $tenants) {
         $Upload = Invoke-RestMethod -Uri "$($AzFileUri.azureStorageUri)&comp=block&blockid=$id" -Method Put -Headers @{'x-ms-blob-type' = 'BlockBlob' } -InFile $inFile -ContentType 'application/octet-stream'
         $ConfirmUpload = Invoke-RestMethod -Uri "$($AzFileUri.azureStorageUri)&comp=blocklist" -Method Put -Body "<?xml version=`"1.0`" encoding=`"utf-8`"?><BlockList><Latest>$id</Latest></BlockList>"
         $CommitReq = New-graphPostRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)/commit" -Body $EncBody -Type POST -tenantid $tenant
-         
+
         do {
             $CommitStateReq = New-graphGetRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)" -tenantid $tenant
             if ($CommitStateReq.uploadState -like '*fail*') {
                 Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) Commit failed. Please check if app uploaded succesful" -Sev 'Warning'
-                break 
+                break
             }
             Start-Sleep -Milliseconds 300
-        } while ($CommitStateReq.uploadState -eq 'commitFilePending')        
+        } while ($CommitStateReq.uploadState -eq 'commitFilePending')
         $CommitFinalizeReq = New-graphPostRequest -Uri "$($BaseURI)/$($NewApp.id)" -tenantid $tenant -Body '{"@odata.type":"#microsoft.graph.win32lobapp","committedContentVersion":"1"}' -type PATCH
         Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Added Application $($chocoApp.ApplicationName)" -Sev 'Info'
         if ($AssignTo -ne 'On') {
@@ -108,7 +108,7 @@ foreach ($tenant in $tenants) {
         Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message 'Successfully added Application' -Sev 'Info'
     } catch {
         "Failed to add Application for $($Tenant): $($_.Exception.Message)"
-        Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Failed adding Application $($ChocoApp.ApplicationName). Error: $($_.Exception.Message)" -Sev 'Error'
+        Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Failed adding Application $($ChocoApp.ApplicationName). Error: $($_.Exception.Message)" -LogData (Get-CippException -Exception $_) -Sev 'Error'
         continue
     }
 

BestPracticeAnalyser_All/run.ps1

@@ -107,7 +107,7 @@ $AddRow = foreach ($Template in $templates) {
         try {
             Add-CIPPAzDataTableEntity @Table -Entity $Result -Force
         } catch {
-            Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error
+            Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -LogData (Get-CippException -Exception $_) -sev Error
 
         }
     }

DomainAnalyser_All/run.ps1

@@ -36,6 +36,7 @@ try {
 
 $Result = [PSCustomObject]@{
     Tenant               = $Tenant.Tenant
+    TenantID             = $Tenant.TenantGUID
     GUID                 = $($Domain.Replace('.', ''))
     LastRefresh          = $(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
     Domain               = $Domain
@@ -116,8 +117,8 @@ try {
         $ScoreExplanation.Add('No SPF Record Found') | Out-Null
     }
 } catch {
-    $Message = 'SPF Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
-    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
+    $Message = 'SPF Error'
+    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error
     throw $Message
 }
 
@@ -179,8 +180,8 @@ try {
         }
     }
 } catch {
-    $Message = 'DMARC Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
-    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
+    $Message = 'DMARC Error'
+    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error
     throw $Message
 }
 
@@ -197,8 +198,8 @@ try {
         $ScoreExplanation.Add('DNSSEC Not Configured or Enabled') | Out-Null
     }
 } catch {
-    $Message = 'DNSSEC Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
-    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
+    $Message = 'DNSSEC Error'
+    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error
     throw $Message
 }
 
@@ -226,8 +227,8 @@ try {
         $ScoreExplanation.Add('DKIM Not Configured') | Out-Null
     }
 } catch {
-    $Message = 'DKIM Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message
-    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error
+    $Message = 'DKIM Exception'
+    Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error
     throw $Message
 }
 # Final Score

DomainAnalyser_GetTenantDomains/run.ps1

@@ -9,10 +9,13 @@ $TenantDomains = $Tenants | ForEach-Object -Parallel {
     $Tenant = $_
     # Get Domains to Lookup
     try {
-        $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains' -tenantid $Tenant.defaultDomainName | Where-Object { ($_.id -notlike '*.microsoftonline.com' -and $_.id -NotLike '*.exclaimer.cloud' -and $_.id -NotLike '*.codetwo.online' -and $_.id -NotLike '*.call2teams.com' -and $_.isVerified) }
+        $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains' -tenantid $Tenant.defaultDomainName | Where-Object { ($_.id -notlike '*.microsoftonline.com' -and $_.id -NotLike '*.exclaimer.cloud' -and $_.id -Notlike '*.excl.cloud' -and $_.id -NotLike '*.codetwo.online' -and $_.id -NotLike '*.call2teams.com' -and $_.isVerified) }
+
         foreach ($d in $domains) {
             [PSCustomObject]@{
                 Tenant             = $Tenant.defaultDomainName
+                TenantGUID         = $Tenant.customerId
+                InitialDomainName  = $Tenant.initialDomainName
                 Domain             = $d.id
                 AuthenticationType = $d.authenticationType
                 IsAdminManaged     = $d.isAdminManaged
@@ -24,7 +27,7 @@ $TenantDomains = $Tenants | ForEach-Object -Parallel {
             }
         }
     } catch {
-        Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.defaultDomainName -message "DNS Analyser GraphGetRequest Exception: $($_.Exception.Message)" -sev Error
+        Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.defaultDomainName -message 'DNS Analyser GraphGetRequest' -LogData (Get-CippException -Exception $_) -sev Error
     }
 } | Sort-Object -Unique -Property Domain
 
@@ -57,11 +60,12 @@ if ($TenantCount -gt 0) {
             $Filter = "PartitionKey eq 'TenantDomains' and RowKey eq '{0}'" -f $Tenant.Domain
             $Domain = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter
 
-            if (!$Domain) {
+            if (!$Domain -or $null -eq $Domain.TenantGUID) {
                 $DomainObject = [pscustomobject]@{
                     DomainAnalyser = ''
                     TenantDetails  = $TenantDetails
                     TenantId       = $Tenant.Tenant
+                    TenantGUID     = $Tenant.TenantGUID
                     DkimSelectors  = ''
                     MailProviders  = ''
                     RowKey         = $Tenant.Domain
@@ -87,6 +91,6 @@ if ($TenantCount -gt 0) {
         # Batch insert all tenant domains
         try {
             Add-CIPPAzDataTableEntity @DomainTable -Entity $TenantDomainObjects -Force
-        } catch { Write-LogMessage -API 'DomainAnalyser' -message "Domain Analyser GetTenantDomains Error $($_.Exception.Message)" -sev info }
-    } catch { Write-LogMessage -API 'DomainAnalyser' -message "GetTenantDomains loop exception: $($_.Exception.Message) line $($_.InvocationInfo.ScriptLineNumber)" -sev 'Error' }
+        } catch { Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser GetTenantDomains error' -sev info -LogData (Get-CippException -Exception $_) }
+    } catch { Write-LogMessage -API 'DomainAnalyser' -message 'GetTenantDomains loop error' -sev 'Error' -LogData (Get-CippException -Exception $_) }
 }

DomainAnalyser_Orchestration/run.ps1

@@ -33,7 +33,7 @@ try {
         Write-Host "Orchestrator exception UpdateDomains $($_.Exception.Message)"
     }
 } catch {
-    Write-LogMessage -API 'DomainAnalyser' -message "Domain Analyser Orchestrator Error $($_.Exception.Message)" -sev info
+    Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser Orchestrator Error' -sev info -LogData (Get-CippException -Exception $_)
     #Write-Host $_.Exception | ConvertTo-Json
 } finally {
     Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser has Finished' -sev Info

ExecSchedulerBillingRun/run.ps1

@@ -3,20 +3,19 @@ param($QueueItem)
 
 # Get the current universal time in the default string format.
 try {
-    Write-LogMessage -API "Scheduler_Billing" -tenant "none" -message "Starting billing processing." -sev Info
+    Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message 'Starting billing processing.' -sev Info
 
     $Table = Get-CIPPTable -TableName Extensionsconfig
     $Configuration = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -Depth 10
     foreach ($ConfigItem in $Configuration.psobject.properties.name) {
         switch ($ConfigItem) {
-            "Gradient" {
+            'Gradient' {
                 If ($Configuration.Gradient.enabled -and $Configuration.Gradient.BillingEnabled) {
                     New-GradientServiceSyncRun
                 }
             }
         }
     }
-}
-catch {
-    Write-LogMessage -API "Scheduler_Billing" -tenant "none" -message "Could not start billing processing $($_.Exception.Message)" -sev Error
+} catch {
+    Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message 'Could not start billing processing' -sev Error -LogData (Get-CippException -Exception $_)
 }

Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1

@@ -9,7 +9,7 @@ function Add-CIPPAzDataTableEntity {
 
     foreach ($SingleEnt in $Entity) {
         try {
-            Add-AzDataTableEntity -context $Context -force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $SingleEnt
+            Add-AzDataTableEntity -context $Context -force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $SingleEnt -ErrorAction Stop
         } catch [System.Exception] {
             if ($_.Exception.ErrorCode -eq 'PropertyValueTooLarge' -or $_.Exception.ErrorCode -eq 'EntityTooLarge') {
                 try {
@@ -52,6 +52,8 @@ function Add-CIPPAzDataTableEntity {
                     throw "Error processing entity: $($_.Exception.Message)."
                 }
             } else {
+                Write-Host "THE ERROR IS $($_.Exception.ErrorCode)"
+
                 throw $_
             }
         }

Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1

@@ -1,18 +1,18 @@
 function Add-CIPPGroupMember(
     [string]$ExecutingUser,
-    [string]$GroupType, 
+    [string]$GroupType,
     [string]$GroupId,
-    [string]$Member, 
+    [string]$Member,
     [string]$TenantFilter,
     [string]$APIName = 'Add Group Member'
 ) {
     try {
         if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
-        $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id 
+        $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id
         $addmemberbody = "{ `"members@odata.bind`": $(ConvertTo-Json @($MemberIDs)) }"
         if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
             $Params = @{ Identity = $GroupId; Member = $member; BypassSecurityGroupManagerCheck = $true }
-            New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true 
+            New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
         } else {
             New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose
         }
@@ -21,9 +21,9 @@ function Add-CIPPGroupMember(
         return $message
         return
     } catch {
-        $message = "Failed to add user $($Member) to $($GroupId): $($_.Exception.Message)"
-        Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error'
-        return $message 
+        $message = "Failed to add user $($Member) to $($GroupId)"
+        Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData (Get-CippException -Exception $_)
+        return $message
     }
 
 }

Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1

@@ -18,8 +18,7 @@ function Add-CIPPScheduledTask {
                 $ht[$p.Key] = $p.Value
             }
             $Parameters[$Key] = [PSCustomObject]$ht
-        }
-        else {
+        } else {
             $Parameters[$Key] = $Param
         }
     }
@@ -30,10 +29,15 @@ function Add-CIPPScheduledTask {
     }
     $AdditionalProperties = ([PSCustomObject]$AdditionalProperties | ConvertTo-Json -Compress)
     if ($Parameters -eq 'null') { $Parameters = '' }
+    if (!$Task.RowKey) {
+        $RowKey = (New-Guid).Guid
+    } else {
+        $RowKey = $Task.RowKey
+    }
     $entity = @{
         PartitionKey         = [string]'ScheduledTask'
         TaskState            = [string]'Planned'
-        RowKey               = [string]"$(New-Guid)"
+        RowKey               = [string]$RowKey
         Tenant               = [string]$task.TenantFilter
         Name                 = [string]$task.Name
         Command              = [string]$task.Command.value
@@ -46,10 +50,9 @@ function Add-CIPPScheduledTask {
         Results              = 'Planned'
     }
     try {
-        Add-CIPPAzDataTableEntity @Table -Entity $entity
-    }
-    catch {
+        Add-CIPPAzDataTableEntity @Table -Entity $entity -Force
+    } catch {
         return "Could not add task: $($_.Exception.Message)"
     }
-    return "Successfully added task"
+    return 'Successfully added task'
 }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1

@@ -6,7 +6,7 @@ function Push-CIPPAlertMFAAlertUsers {
     )
     try {
 
-        $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($Item.tenant)
+        $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$top=999&filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($Item.tenant)
         if ($users.UserPrincipalName) {
             Write-AlertMessage -tenant $Item.tenant -message "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')"
         }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1

@@ -6,7 +6,7 @@ function Push-CIPPAlertNewAppApproval {
         [pscustomobject]$Item
     )
     try {
-        $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant
+        $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant | Where-Object -Property requestStatus -EQ 'inProgress'
         if ($Approvals.count -gt 1) {
             Write-AlertMessage -tenant $($Item.tenant) -message "There is are $($Approvals.count) App Approvals waiting."
         }