Merge remote-tracking branch 'upstream/dev' into dev

JohnDuprey · Jul 9, 2024 · b30405d · b30405d
2 parents 5d9c4f1 + e77f40d
commit b30405d
Show file tree

Hide file tree

Showing 6 changed files with 196 additions and 167 deletions.
diff --git a/src/data/AuditLogSchema.json b/src/data/AuditLogSchema.json
@@ -70,12 +70,12 @@
   },
   "List:Operation": [
     { "value": "UserLoggedIn", "name": "A user logged in" },
-    { "value": "accessed mailbox items", "name": "accessed mailbox items" },
+    { "value": "mailitemsaccessed", "name": "accessed mailbox items" },
     { "value": "add delegation entry.", "name": "added delegation entry" },
     { "value": "add domain to company.", "name": "added domain to company" },
     { "value": "add group.", "name": "added group" },
     { "value": "add member to group.", "name": "added member to group" },
-    { "value": "add mailboxpermission", "name": "added delegate mailbox permissions" },
+    { "value": "add-mailboxpermission", "name": "added delegate mailbox permissions" },
     { "value": "add member to role.", "name": "added member to role" },
     { "value": "add partner to company.", "name": "added a partner to the directory" },
     { "value": "add service principal.", "name": "added service principal" },
@@ -111,7 +111,7 @@
       "value": "remove service principal credentials.",
       "name": "removed credentials from a service principal"
     },
-    { "value": "remove mailboxpermission", "name": "removed delegate mailbox permissions" },
+    { "value": "remove-mailboxpermission", "name": "removed delegate mailbox permissions" },
     { "value": "remove member from role.", "name": "removed a user from a directory role" },
     { "value": "remove partner from company.", "name": "removed a partner from the directory" },
     { "value": "removefolderpermissions", "name": "removed permissions from folder" },
@@ -132,7 +132,7 @@
       "value": "set force change user password.",
       "name": "set property that forces user to change password"
     },
-    { "value": "set inboxrule", "name": "modified inbox rule from outlook web app" },
+    { "value": "set-inboxrule", "name": "modified inbox rule from outlook web app" },
     { "value": "set license properties.", "name": "set license properties" },
     { "value": "set password policy.", "name": "set password policy" },
     { "value": "softdelete", "name": "deleted messages from deleted items folder" },

diff --git a/src/data/standards.json b/src/data/standards.json
@@ -224,6 +224,25 @@
     "powershellEquivalent": "Portal or Graph API",
     "recommendedBy": ["CIS"]
   },
+  {
+    "name": "standards.AppDeploy",
+    "cat": "Entra (AAD) Standards",
+    "tag": ["lowimpact"],
+    "helpText": "Deploys selected applications to the tenant. Use a comma separated list of application IDs to deploy multiple applications. Permissions will be copied from the source application.",
+    "docsDescription": "Uses the CIPP functionality that deploys applications across an entire tenant base as a standard.",
+    "addedComponent": [
+      {
+        "type": "input",
+        "name": "standards.AppDeploy.appids",
+        "label": "Application IDs, comma separated"
+      }
+    ],
+    "label": "Deploy Application",
+    "impact": "Low Impact",
+    "impactColour": "info",
+    "powershellEquivalent": "Portal or Graph API",
+    "recommendedBy": []
+  },
   {
     "name": "standards.laps",
     "cat": "Entra (AAD) Standards",
@@ -1797,6 +1816,88 @@
     "powershellEquivalent": "Update-MgBetaAdminSharepointSetting",
     "recommendedBy": []
   },
+  {
+    "name": "standards.SPAzureB2B",
+    "cat": "SharePoint Standards",
+    "tag": ["lowimpact", "CIS"],
+    "helpText": "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled",
+    "addedComponent": [],
+    "label": "Enable SharePoint and OneDrive integration with Azure AD B2B",
+    "impact": "Low Impact",
+    "impactColour": "info",
+    "powershellEquivalent": "Set-SPOTenant -EnableAzureADB2BIntegration $true",
+    "recommendedBy": [
+      "CIS 3.0"
+    ]
+  },
+  {
+    "name": "standards.SPDisallowInfectedFiles",
+    "cat": "SharePoint Standards",
+    "tag": ["lowimpact", "CIS"],
+    "helpText": "Ensure Office 365 SharePoint infected files are disallowed for download",
+    "addedComponent": [],
+    "label": "Disallow downloading infected files from SharePoint",
+    "impact": "Low Impact",
+    "impactColour": "info",
+    "powershellEquivalent": "Set-SPOTenant -DisallowInfectedFileDownload $true",
+    "recommendedBy": [
+      "CIS 3.0"
+    ]
+  },
+  {
+    "name": "standards.SPDirectSharing",
+    "cat": "SharePoint Standards",
+    "tag": ["mediumimpact", "CIS"],
+    "helpText": "Ensure default link sharing is set to Direct in SharePoint and OneDrive",
+    "addedComponent": [],
+    "label": "Default sharing to Direct users",
+    "impact": "Medium Impact",
+    "impactColour": "warning",
+    "powershellEquivalent": "Set-SPOTenant -DefaultSharingLinkType Direct",
+    "recommendedBy": [
+      "CIS 3.0"
+    ]
+  },
+  {
+    "name": "standards.SPExternalUserExpiration",
+    "cat": "SharePoint Standards",
+    "tag": ["mediumimpact", "CIS"],
+    "helpText": "Ensure guest access to a site or OneDrive will expire automatically",
+    "addedComponent": [
+      {
+        "type": "number",
+        "name": "standards.SPExternalUserExpiration.Days",
+        "label": "Days until expiration (Default 60)"
+      }
+    ],
+    "label": "Set guest access to expire automatically",
+    "impact": "Medium Impact",
+    "impactColour": "warning",
+    "powershellEquivalent": "Set-SPOTenant -ExternalUserExpireInDays 30 -ExternalUserExpirationRequired $True",
+    "recommendedBy": [
+      "CIS 3.0"
+    ]
+  },
+  {
+    "name": "standards.SPEmailAttestation",
+    "cat": "SharePoint Standards",
+    "tag": ["mediumimpact", "CIS"],
+    "helpText": "Ensure reauthentication with verification code is restricted",
+    "addedComponent": [
+      {
+        "type": "number",
+        "name": "standards.SPEmailAttestation.Days",
+        "label": "Require reauth every X Days (Default 15)"
+      }
+    ],
+    "label": "Require reauthentication with verification code",
+    "impact": "Medium Impact",
+    "impactColour": "warning",
+    "powershellEquivalent": "Set-SPOTenant -EmailAttestationRequired $true -EmailAttestationReAuthDays 15",
+    "recommendedBy": [
+      "CIS 3.0"
+    ]
+  },
   {
     "name": "standards.DisableAddShortcutsToOneDrive",
     "cat": "SharePoint Standards",

diff --git a/src/views/identity/administration/OffboardingWizard.jsx b/src/views/identity/administration/OffboardingWizard.jsx
@@ -82,6 +82,7 @@ const OffboardingWizard = () => {
       HideFromGAL: values.HideFromGAL,
       DisableSignIn: values.DisableSignIn,
       RemoveGroups: values.RemoveGroups,
+      removeCalendarInvites: values.removeCalendarInvites,
       RemoveLicenses: values.RemoveLicenses,
       ResetPass: values.ResetPass,
       RevokeSessions: values.RevokeSessions,
@@ -175,6 +176,7 @@ const OffboardingWizard = () => {
               <RFFCFormSwitch name="DisableSignIn" label="Disable Sign in" />
               <RFFCFormSwitch name="ResetPass" label="Reset Password" />
               <RFFCFormSwitch name="RemoveGroups" label="Remove from all groups" />
+              <RFFCFormSwitch name="removeCalendarInvites" label="Cancel all calendar invites" />
               <RFFCFormSwitch name="HideFromGAL" label="Hide from Global Address List" />
               <RFFCFormSwitch name="DeleteUser" label="Delete user" />
             </CCol>
@@ -397,6 +399,14 @@ const OffboardingWizard = () => {
                             icon={props.values.RemoveGroups ? faCheck : faTimes}
                           />
                         </CListGroupItem>
+                        <CListGroupItem className="d-flex justify-content-between align-items-center">
+                          Cancel all calendar invites
+                          <FontAwesomeIcon
+                            color="#f77f00"
+                            size="lg"
+                            icon={props.values.removeCalendarInvites ? faCheck : faTimes}
+                          />
+                        </CListGroupItem>
                         <CListGroupItem className="d-flex justify-content-between align-items-center">
                           Hide from Global Address List
                           <FontAwesomeIcon

diff --git a/src/views/tenant/administration/GDAPInviteWizard.jsx b/src/views/tenant/administration/GDAPInviteWizard.jsx
@@ -114,6 +114,12 @@ const GDAPInviteWizard = () => {
           const filteredResults = results.data.filter((role) =>
             defaultRolesArray.some((defaultRole) => defaultRole.ObjectId === role.roleDefinitionId),
           )
+          const uniqueFilteredResults = filteredResults.filter(
+            (role, index, self) =>
+              index === self.findIndex((t) => t.roleDefinitionId === role.roleDefinitionId),
+          )
+          filteredResults.length = 0
+          Array.prototype.push.apply(filteredResults, uniqueFilteredResults)
           setEasyMode(true)
           const resultsarr = []
           setLoopRunning(true)

diff --git a/src/views/tenant/backup/CreateBackup.jsx b/src/views/tenant/backup/CreateBackup.jsx
@@ -37,11 +37,12 @@ const CreateBackup = () => {
       ScheduledTime: unixTime,
       Recurrence: { value: '1d' },
     }
-    genericPostRequest({ path: '/api/AddScheduledItem?hidden=true', values: shippedValues }).then(
-      (res) => {
-        setRefreshState(res.requestId)
-      },
-    )
+    genericPostRequest({
+      path: '/api/AddScheduledItem?hidden=true&DisallowDuplicateName=true',
+      values: shippedValues,
+    }).then((res) => {
+      setRefreshState(res.requestId)
+    })
   }
   const Offcanvas = (row, rowIndex, formatExtraData) => {
     const handleDeleteSchedule = (apiurl, message) => {
@@ -179,9 +180,7 @@ const CreateBackup = () => {
                           <RFFCFormSwitch name="users" label="User List" />
                           <RFFCFormSwitch name="groups" label="Groups" />
                           <h3 className="underline mb-4">Conditional Access</h3>
-                          <RFFCFormSwitch name="ca" label="Conditional Access" />
-                          <RFFCFormSwitch name="namedlocations" label="Named Locations" />
-                          <RFFCFormSwitch name="authstrengths" label="Authentication Strengths" />
+                          <RFFCFormSwitch name="ca" label="Conditional Access Configuration" />
                           <h3 className="underline mb-4">Intune</h3>
                           <RFFCFormSwitch
                             name="intuneconfig"
@@ -196,7 +195,14 @@ const CreateBackup = () => {
                             label="Intune Protection Policies"
                           />
                           <h3 className="underline mb-4">CIPP</h3>
-                          <RFFCFormSwitch name="CippAlerts" label="Alerts Configuration" />
+                          <RFFCFormSwitch
+                            name="CippWebhookAlerts"
+                            label="Webhook Alerts Configuration"
+                          />
+                          <RFFCFormSwitch
+                            name="CippScriptedAlerts"
+                            label="Scripted Alerts Configuration"
+                          />
                           <RFFCFormSwitch name="CippStandards" label="Standards Configuration" />
                         </CCol>
                       </CRow>