From a49cd4da2e719be082644ea576122e435082f1f1 Mon Sep 17 00:00:00 2001
From: chase-vgo <168204519+chase-vgo@users.noreply.github.com>
Date: Sat, 6 Jul 2024 16:52:59 -0500
Subject: [PATCH 01/14] Added removeCalendarInvites
---
.../identity/administration/OffboardingWizard.jsx | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/views/identity/administration/OffboardingWizard.jsx b/src/views/identity/administration/OffboardingWizard.jsx
index bb724ad3593d..d7008c071724 100644
--- a/src/views/identity/administration/OffboardingWizard.jsx
+++ b/src/views/identity/administration/OffboardingWizard.jsx
@@ -82,6 +82,7 @@ const OffboardingWizard = () => {
HideFromGAL: values.HideFromGAL,
DisableSignIn: values.DisableSignIn,
RemoveGroups: values.RemoveGroups,
+ removeCalendarInvites: values.removeCalendarInvites,
RemoveLicenses: values.RemoveLicenses,
ResetPass: values.ResetPass,
RevokeSessions: values.RevokeSessions,
@@ -175,6 +176,7 @@ const OffboardingWizard = () => {
+
@@ -397,6 +399,14 @@ const OffboardingWizard = () => {
icon={props.values.RemoveGroups ? faCheck : faTimes}
/>
+
+ Cancel all calendar invites
+
+
Hide from Global Address List
Date: Sun, 7 Jul 2024 19:49:53 +0200
Subject: [PATCH 02/14] allow app deployment via standards
---
src/data/standards.json | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/data/standards.json b/src/data/standards.json
index 803199755bdc..df673c360d2f 100644
--- a/src/data/standards.json
+++ b/src/data/standards.json
@@ -224,6 +224,25 @@
"powershellEquivalent": "Portal or Graph API",
"recommendedBy": ["CIS"]
},
+ {
+ "name": "standards.AppDeploy",
+ "cat": "Entra (AAD) Standards",
+ "tag": ["lowimpact"],
+ "helpText": "Deploys selected applications to the tenant. Use a comma separated list of application IDs to deploy multiple applications. Permissions will be copied from the source application.",
+ "docsDescription": "Uses the CIPP functionality that deploys applications across an entire tenant base as a standard.",
+ "addedComponent": [
+ {
+ "type": "input",
+ "name": "standards.AppDeploy.appids",
+ "label": "Application IDs, comma separated"
+ }
+ ],
+ "label": "Deploy Application",
+ "impact": "Low Impact",
+ "impactColour": "info",
+ "powershellEquivalent": "Portal or Graph API",
+ "recommendedBy": []
+ },
{
"name": "standards.laps",
"cat": "Entra (AAD) Standards",
From 130237c5aa54530f4bac671eb957d0a5e84d6711 Mon Sep 17 00:00:00 2001
From: Esco
Date: Fri, 5 Jul 2024 16:04:24 +0200
Subject: [PATCH 03/14] Added SPAzureB2B standard
---
src/data/standards.json | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/data/standards.json b/src/data/standards.json
index df673c360d2f..506dcd63cdce 100644
--- a/src/data/standards.json
+++ b/src/data/standards.json
@@ -1816,6 +1816,20 @@
"powershellEquivalent": "Update-MgBetaAdminSharepointSetting",
"recommendedBy": []
},
+ {
+ "name": "standards.SPAzureB2B",
+ "cat": "SharePoint Standards",
+ "tag": ["lowimpact", "CIS"],
+ "helpText": "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled",
+ "addedComponent": [],
+ "label": "Enable SharePoint and OneDrive integration with Azure AD B2B",
+ "impact": "Low Impact",
+ "impactColour": "info",
+ "powershellEquivalent": "Set-SPOTenant -EnableAzureADB2BIntegration $true",
+ "recommendedBy": [
+ "CIS 3.0"
+ ]
+ },
{
"name": "standards.DisableAddShortcutsToOneDrive",
"cat": "SharePoint Standards",
From c12f31e81da059aa88abcac2ac6e88196093d573 Mon Sep 17 00:00:00 2001
From: Esco
Date: Fri, 5 Jul 2024 16:04:51 +0200
Subject: [PATCH 04/14] Added SPDirectSharing standard
---
src/data/standards.json | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/data/standards.json b/src/data/standards.json
index 506dcd63cdce..c91e5c593515 100644
--- a/src/data/standards.json
+++ b/src/data/standards.json
@@ -1830,6 +1830,20 @@
"CIS 3.0"
]
},
+ {
+ "name": "standards.SPDirectSharing",
+ "cat": "SharePoint Standards",
+ "tag": ["mediumimpact", "CIS"],
+ "helpText": "Ensure default link sharing is set to Direct in SharePoint and OneDrive",
+ "addedComponent": [],
+ "label": "Default sharing to Direct users",
+ "impact": "Medium Impact",
+ "impactColour": "warning",
+ "powershellEquivalent": "Set-SPOTenant -DefaultSharingLinkType Direct",
+ "recommendedBy": [
+ "CIS 3.0"
+ ]
+ },
{
"name": "standards.DisableAddShortcutsToOneDrive",
"cat": "SharePoint Standards",
From c178380bb3c1c6b6858506dcd4c40d626d867977 Mon Sep 17 00:00:00 2001
From: Esco
Date: Mon, 8 Jul 2024 13:38:46 +0200
Subject: [PATCH 05/14] Added SPExternalUserExpiration Standard
---
src/data/standards.json | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/data/standards.json b/src/data/standards.json
index c91e5c593515..adc9f61c5a5f 100644
--- a/src/data/standards.json
+++ b/src/data/standards.json
@@ -1844,6 +1844,26 @@
"CIS 3.0"
]
},
+ {
+ "name": "standards.SPExternalUserExpiration",
+ "cat": "SharePoint Standards",
+ "tag": ["mediumimpact", "CIS"],
+ "helpText": "Ensure guest access to a site or OneDrive will expire automatically",
+ "addedComponent": [
+ {
+ "type": "number",
+ "name": "standards.SPExternalUserExpiration.Days",
+ "label": "Days until expiration (Default 60)"
+ }
+ ],
+ "label": "Set guest access to expire automatically",
+ "impact": "Medium Impact",
+ "impactColour": "warning",
+ "powershellEquivalent": "Set-SPOTenant -ExternalUserExpireInDays 30 -ExternalUserExpirationRequired $True",
+ "recommendedBy": [
+ "CIS 3.0"
+ ]
+ },
{
"name": "standards.DisableAddShortcutsToOneDrive",
"cat": "SharePoint Standards",
From e1e1a5a9655ebfa934ecb5679d6649f4080a5994 Mon Sep 17 00:00:00 2001
From: Esco
Date: Mon, 8 Jul 2024 14:02:42 +0200
Subject: [PATCH 06/14] Added SPEmailAttestation standard
---
src/data/standards.json | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/data/standards.json b/src/data/standards.json
index adc9f61c5a5f..c1c338253bc1 100644
--- a/src/data/standards.json
+++ b/src/data/standards.json
@@ -1864,6 +1864,26 @@
"CIS 3.0"
]
},
+ {
+ "name": "standards.SPEmailAttestation",
+ "cat": "SharePoint Standards",
+ "tag": ["mediumimpact", "CIS"],
+ "helpText": "Ensure reauthentication with verification code is restricted",
+ "addedComponent": [
+ {
+ "type": "number",
+ "name": "standards.SPEmailAttestation.Days",
+ "label": "Require reauth every X Days (Default 15)"
+ }
+ ],
+ "label": "Require reauthentication with verification code",
+ "impact": "Medium Impact",
+ "impactColour": "warning",
+ "powershellEquivalent": "Set-SPOTenant -EmailAttestationRequired $true -EmailAttestationReAuthDays 15",
+ "recommendedBy": [
+ "CIS 3.0"
+ ]
+ },
{
"name": "standards.DisableAddShortcutsToOneDrive",
"cat": "SharePoint Standards",
From 2ab99a075637d7690c99d343b841cc12a3ada307 Mon Sep 17 00:00:00 2001
From: Esco
Date: Mon, 8 Jul 2024 14:15:37 +0200
Subject: [PATCH 07/14] Added SPDisallowInfectedFiles standard
---
src/data/standards.json | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/data/standards.json b/src/data/standards.json
index c1c338253bc1..ff0286d5f381 100644
--- a/src/data/standards.json
+++ b/src/data/standards.json
@@ -1830,6 +1830,20 @@
"CIS 3.0"
]
},
+ {
+ "name": "standards.SPDisallowInfectedFiles",
+ "cat": "SharePoint Standards",
+ "tag": ["lowimpact", "CIS"],
+ "helpText": "Ensure Office 365 SharePoint infected files are disallowed for download",
+ "addedComponent": [],
+ "label": "Disallow downloading infected files from SharePoint",
+ "impact": "Low Impact",
+ "impactColour": "info",
+ "powershellEquivalent": "Set-SPOTenant -DisallowInfectedFileDownload $true",
+ "recommendedBy": [
+ "CIS 3.0"
+ ]
+ },
{
"name": "standards.SPDirectSharing",
"cat": "SharePoint Standards",
From 924d661a5738bb4db9ba9f71203aa1e55e0ed04f Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Mon, 8 Jul 2024 14:25:55 +0200
Subject: [PATCH 08/14] added task to restore
---
src/views/tenant/backup/RestoreBackup.jsx | 215 ++++++----------------
1 file changed, 61 insertions(+), 154 deletions(-)
diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx
index d106469d8949..aa34d219f9ac 100644
--- a/src/views/tenant/backup/RestoreBackup.jsx
+++ b/src/views/tenant/backup/RestoreBackup.jsx
@@ -42,34 +42,22 @@ const OffboardingWizard = () => {
const [genericPostRequest, postResults] = useLazyGenericPostRequestQuery()
- const handleSubmit = async (values) => {
+ const handleSubmit = (values) => {
+ const startDate = new Date()
+ const unixTime = Math.floor(startDate.getTime() / 1000) - 45
const shippedValues = {
TenantFilter: tenantDomain,
- OOO: values.OOO ? values.OOO : '',
- forward: values.forward ? values.forward.value : '',
- OnedriveAccess: values.OnedriveAccess ? values.OnedriveAccess : '',
- AccessNoAutomap: values.AccessNoAutomap ? values.AccessNoAutomap : '',
- AccessAutomap: values.AccessAutomap ? values.AccessAutomap : '',
- ConvertToShared: values.ConvertToShared,
- HideFromGAL: values.HideFromGAL,
- DisableSignIn: values.DisableSignIn,
- RemoveGroups: values.RemoveGroups,
- RemoveLicenses: values.RemoveLicenses,
- ResetPass: values.ResetPass,
- RevokeSessions: values.RevokeSessions,
- user: values.User,
- deleteuser: values.DeleteUser,
- removeRules: values.RemoveRules,
- removeMobile: values.RemoveMobile,
- keepCopy: values.keepCopy,
- removePermissions: values.removePermissions,
- PostExecution: values.Scheduled?.enabled
- ? { webhook: values.webhook, psa: values.psa, email: values.email }
- : '',
+ Name: `CIPP Restore ${tenantDomain}`,
+ Command: { value: `New-CIPPRestore` },
+ Parameters: { Type: 'Scheduled', ScheduledBackupValues: { ...values } },
+ ScheduledTime: unixTime,
+ PostExecution: {
+ Webhook: values.webhook,
+ Email: values.email,
+ PSA: values.psa,
+ },
}
-
- //alert(JSON.stringify(values, null, 2))
- genericPostRequest({ path: '/api/ExecOffboardUser', values: shippedValues })
+ genericPostRequest({ path: '/api/AddScheduledItem', values: shippedValues }).then((res) => {})
}
return (
@@ -101,7 +89,7 @@ const OffboardingWizard = () => {
name: `${backup.RowKey}`,
}))}
placeholder={!currentBackupsIsFetching ? 'Select a backup' : 'Loading...'}
- name="User"
+ name="backup"
/>
{currentBackupsError && Failed to load list of Current Backups }
@@ -117,21 +105,21 @@ const OffboardingWizard = () => {
Identity
-
-
+
+
Conditional Access
-
-
-
+
+
+
Intune
-
-
-
+
+
+
CIPP
-
-
+
+
@@ -139,22 +127,31 @@ const OffboardingWizard = () => {
-
-
-
- Warning
-
- Overwriting existing entries will remove the current settings and replace them with
- the backup settings. If you have selected to restore users, all properties will be
- overwritten with the backup settings.
-
+
+
+ Warning
+
+ Overwriting existing entries will remove the current settings and replace them
+ with the backup settings. If you have selected to restore users, all properties
+ will be overwritten with the backup settings.
+
-
- To prevent and skip already existing entries, deselect the setting from the list
- above, or disable overwrite.
-
-
-
+
+ To prevent and skip already existing entries, deselect the setting from the list
+ above, or disable overwrite.
+
+
+
+
+
+
+
+ Send Restore results to:
+
+
+
+
+
@@ -170,13 +167,7 @@ const OffboardingWizard = () => {
Loading
)}
- {postResults.isSuccess && (
-
- {postResults.data.Results.map((message, idx) => {
- return {message}
- })}
-
- )}
+ {postResults.isSuccess && {postResults.data.Results} }
{!postResults.isSuccess && (
{/* eslint-disable react/prop-types */}
@@ -189,6 +180,10 @@ const OffboardingWizard = () => {
Selected Tenant:
{tenantDomain}
+
+ Selected Backup:
+ {props.values.backup.value}
+
@@ -197,123 +192,35 @@ const OffboardingWizard = () => {
- Revoke Sessions
-
-
-
- Remove all mobile devices
-
-
-
- Remove all mailbox rules
-
-
-
- Remove all mailbox permissions
-
-
-
- Remove Licenses
-
-
-
- Convert to Shared
-
-
-
- Disable Sign-in
-
-
-
- Reset Password
-
-
-
- Remove from all groups
-
-
-
- Hide from Global Address List
-
-
-
- Set Out of Office
-
-
-
- Give another user access to the mailbox with automap
+ Overwrite existing configuration
- Give another user access to the mailbox without automap
+ Send results to Webhook
- Give another user access to OneDrive
+ Send results to E-Mail
- Forward all e-mail to another user
+ Send results to PSA
From 2c4ef81d2fc7911b5bad6519d8e29a6ab0cb3c42 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Mon, 8 Jul 2024 15:14:34 +0200
Subject: [PATCH 09/14] restore wizard updates
---
src/views/tenant/backup/RestoreBackup.jsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx
index aa34d219f9ac..3712473e2be4 100644
--- a/src/views/tenant/backup/RestoreBackup.jsx
+++ b/src/views/tenant/backup/RestoreBackup.jsx
@@ -49,7 +49,7 @@ const OffboardingWizard = () => {
TenantFilter: tenantDomain,
Name: `CIPP Restore ${tenantDomain}`,
Command: { value: `New-CIPPRestore` },
- Parameters: { Type: 'Scheduled', ScheduledBackupValues: { ...values } },
+ Parameters: { Type: 'Scheduled', RestoreValues: { ...values } },
ScheduledTime: unixTime,
PostExecution: {
Webhook: values.webhook,
From 6a3dc6876e17f779630a54105059ffe73e2986e7 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Tue, 9 Jul 2024 10:54:41 +0200
Subject: [PATCH 10/14] updated backup to allot alert backups
---
src/views/tenant/backup/CreateBackup.jsx | 13 +++++++++----
src/views/tenant/backup/RestoreBackup.jsx | 3 ++-
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/views/tenant/backup/CreateBackup.jsx b/src/views/tenant/backup/CreateBackup.jsx
index 028b3c91f31d..8a3821001f88 100644
--- a/src/views/tenant/backup/CreateBackup.jsx
+++ b/src/views/tenant/backup/CreateBackup.jsx
@@ -179,9 +179,7 @@ const CreateBackup = () => {
Conditional Access
-
-
-
+
Intune
{
label="Intune Protection Policies"
/>
CIPP
-
+
+
diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx
index 3712473e2be4..1afd3267f716 100644
--- a/src/views/tenant/backup/RestoreBackup.jsx
+++ b/src/views/tenant/backup/RestoreBackup.jsx
@@ -118,7 +118,8 @@ const OffboardingWizard = () => {
CIPP
-
+
+
From 9f1de9cbbf4573bf7f454b57b2672f4c3d2d9c42 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Tue, 9 Jul 2024 13:57:00 +0200
Subject: [PATCH 11/14] finished restore settings
---
src/views/tenant/backup/RestoreBackup.jsx | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx
index 1afd3267f716..e2d3d1ec9a61 100644
--- a/src/views/tenant/backup/RestoreBackup.jsx
+++ b/src/views/tenant/backup/RestoreBackup.jsx
@@ -108,9 +108,7 @@ const OffboardingWizard = () => {
Conditional Access
-
-
-
+
Intune
From f836fd8e4d7ee4dcbaebbd3b9ffb916e61fab5d9 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Tue, 9 Jul 2024 14:01:43 +0200
Subject: [PATCH 12/14] do not allow duplicate backups to be set.
---
src/views/tenant/backup/CreateBackup.jsx | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/views/tenant/backup/CreateBackup.jsx b/src/views/tenant/backup/CreateBackup.jsx
index 8a3821001f88..faec25e074a3 100644
--- a/src/views/tenant/backup/CreateBackup.jsx
+++ b/src/views/tenant/backup/CreateBackup.jsx
@@ -37,11 +37,12 @@ const CreateBackup = () => {
ScheduledTime: unixTime,
Recurrence: { value: '1d' },
}
- genericPostRequest({ path: '/api/AddScheduledItem?hidden=true', values: shippedValues }).then(
- (res) => {
- setRefreshState(res.requestId)
- },
- )
+ genericPostRequest({
+ path: '/api/AddScheduledItem?hidden=true&DisallowDuplicateName=true',
+ values: shippedValues,
+ }).then((res) => {
+ setRefreshState(res.requestId)
+ })
}
const Offcanvas = (row, rowIndex, formatExtraData) => {
const handleDeleteSchedule = (apiurl, message) => {
From 8ec1c9e62077037ef7ff0fcf0f51fd0ae64468fa Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Tue, 9 Jul 2024 14:04:21 +0200
Subject: [PATCH 13/14] fixes to auditlog schema
---
src/data/AuditLogSchema.json | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/data/AuditLogSchema.json b/src/data/AuditLogSchema.json
index d29cdb5cffea..f58b08322473 100644
--- a/src/data/AuditLogSchema.json
+++ b/src/data/AuditLogSchema.json
@@ -70,12 +70,12 @@
},
"List:Operation": [
{ "value": "UserLoggedIn", "name": "A user logged in" },
- { "value": "accessed mailbox items", "name": "accessed mailbox items" },
+ { "value": "mailitemsaccessed", "name": "accessed mailbox items" },
{ "value": "add delegation entry.", "name": "added delegation entry" },
{ "value": "add domain to company.", "name": "added domain to company" },
{ "value": "add group.", "name": "added group" },
{ "value": "add member to group.", "name": "added member to group" },
- { "value": "add mailboxpermission", "name": "added delegate mailbox permissions" },
+ { "value": "add-mailboxpermission", "name": "added delegate mailbox permissions" },
{ "value": "add member to role.", "name": "added member to role" },
{ "value": "add partner to company.", "name": "added a partner to the directory" },
{ "value": "add service principal.", "name": "added service principal" },
@@ -111,7 +111,7 @@
"value": "remove service principal credentials.",
"name": "removed credentials from a service principal"
},
- { "value": "remove mailboxpermission", "name": "removed delegate mailbox permissions" },
+ { "value": "remove-mailboxpermission", "name": "removed delegate mailbox permissions" },
{ "value": "remove member from role.", "name": "removed a user from a directory role" },
{ "value": "remove partner from company.", "name": "removed a partner from the directory" },
{ "value": "removefolderpermissions", "name": "removed permissions from folder" },
@@ -132,7 +132,7 @@
"value": "set force change user password.",
"name": "set property that forces user to change password"
},
- { "value": "set inboxrule", "name": "modified inbox rule from outlook web app" },
+ { "value": "set-inboxrule", "name": "modified inbox rule from outlook web app" },
{ "value": "set license properties.", "name": "set license properties" },
{ "value": "set password policy.", "name": "set password policy" },
{ "value": "softdelete", "name": "deleted messages from deleted items folder" },
From 674131c1fb4edf247c6679cab4fe3bfc12da40c1 Mon Sep 17 00:00:00 2001
From: KelvinTegelaar
Date: Tue, 9 Jul 2024 15:02:45 +0200
Subject: [PATCH 14/14] fixes issue with duplicate group mappings.
---
src/views/tenant/administration/GDAPInviteWizard.jsx | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/views/tenant/administration/GDAPInviteWizard.jsx b/src/views/tenant/administration/GDAPInviteWizard.jsx
index 956b8a374f00..5f303a3c827f 100644
--- a/src/views/tenant/administration/GDAPInviteWizard.jsx
+++ b/src/views/tenant/administration/GDAPInviteWizard.jsx
@@ -114,6 +114,12 @@ const GDAPInviteWizard = () => {
const filteredResults = results.data.filter((role) =>
defaultRolesArray.some((defaultRole) => defaultRole.ObjectId === role.roleDefinitionId),
)
+ const uniqueFilteredResults = filteredResults.filter(
+ (role, index, self) =>
+ index === self.findIndex((t) => t.roleDefinitionId === role.roleDefinitionId),
+ )
+ filteredResults.length = 0
+ Array.prototype.push.apply(filteredResults, uniqueFilteredResults)
setEasyMode(true)
const resultsarr = []
setLoopRunning(true)