From a49cd4da2e719be082644ea576122e435082f1f1 Mon Sep 17 00:00:00 2001 From: chase-vgo <168204519+chase-vgo@users.noreply.github.com> Date: Sat, 6 Jul 2024 16:52:59 -0500 Subject: [PATCH 01/14] Added removeCalendarInvites --- .../identity/administration/OffboardingWizard.jsx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/views/identity/administration/OffboardingWizard.jsx b/src/views/identity/administration/OffboardingWizard.jsx index bb724ad3593d..d7008c071724 100644 --- a/src/views/identity/administration/OffboardingWizard.jsx +++ b/src/views/identity/administration/OffboardingWizard.jsx @@ -82,6 +82,7 @@ const OffboardingWizard = () => { HideFromGAL: values.HideFromGAL, DisableSignIn: values.DisableSignIn, RemoveGroups: values.RemoveGroups, + removeCalendarInvites: values.removeCalendarInvites, RemoveLicenses: values.RemoveLicenses, ResetPass: values.ResetPass, RevokeSessions: values.RevokeSessions, @@ -175,6 +176,7 @@ const OffboardingWizard = () => { + @@ -397,6 +399,14 @@ const OffboardingWizard = () => { icon={props.values.RemoveGroups ? faCheck : faTimes} /> + + Cancel all calendar invites + + Hide from Global Address List Date: Sun, 7 Jul 2024 19:49:53 +0200 Subject: [PATCH 02/14] allow app deployment via standards --- src/data/standards.json | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index 803199755bdc..df673c360d2f 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -224,6 +224,25 @@ "powershellEquivalent": "Portal or Graph API", "recommendedBy": ["CIS"] }, + { + "name": "standards.AppDeploy", + "cat": "Entra (AAD) Standards", + "tag": ["lowimpact"], + "helpText": "Deploys selected applications to the tenant. Use a comma separated list of application IDs to deploy multiple applications. Permissions will be copied from the source application.", + "docsDescription": "Uses the CIPP functionality that deploys applications across an entire tenant base as a standard.", + "addedComponent": [ + { + "type": "input", + "name": "standards.AppDeploy.appids", + "label": "Application IDs, comma separated" + } + ], + "label": "Deploy Application", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "Portal or Graph API", + "recommendedBy": [] + }, { "name": "standards.laps", "cat": "Entra (AAD) Standards", From 130237c5aa54530f4bac671eb957d0a5e84d6711 Mon Sep 17 00:00:00 2001 From: Esco Date: Fri, 5 Jul 2024 16:04:24 +0200 Subject: [PATCH 03/14] Added SPAzureB2B standard --- src/data/standards.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index df673c360d2f..506dcd63cdce 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -1816,6 +1816,20 @@ "powershellEquivalent": "Update-MgBetaAdminSharepointSetting", "recommendedBy": [] }, + { + "name": "standards.SPAzureB2B", + "cat": "SharePoint Standards", + "tag": ["lowimpact", "CIS"], + "helpText": "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled", + "addedComponent": [], + "label": "Enable SharePoint and OneDrive integration with Azure AD B2B", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "Set-SPOTenant -EnableAzureADB2BIntegration $true", + "recommendedBy": [ + "CIS 3.0" + ] + }, { "name": "standards.DisableAddShortcutsToOneDrive", "cat": "SharePoint Standards", From c12f31e81da059aa88abcac2ac6e88196093d573 Mon Sep 17 00:00:00 2001 From: Esco Date: Fri, 5 Jul 2024 16:04:51 +0200 Subject: [PATCH 04/14] Added SPDirectSharing standard --- src/data/standards.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index 506dcd63cdce..c91e5c593515 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -1830,6 +1830,20 @@ "CIS 3.0" ] }, + { + "name": "standards.SPDirectSharing", + "cat": "SharePoint Standards", + "tag": ["mediumimpact", "CIS"], + "helpText": "Ensure default link sharing is set to Direct in SharePoint and OneDrive", + "addedComponent": [], + "label": "Default sharing to Direct users", + "impact": "Medium Impact", + "impactColour": "warning", + "powershellEquivalent": "Set-SPOTenant -DefaultSharingLinkType Direct", + "recommendedBy": [ + "CIS 3.0" + ] + }, { "name": "standards.DisableAddShortcutsToOneDrive", "cat": "SharePoint Standards", From c178380bb3c1c6b6858506dcd4c40d626d867977 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 8 Jul 2024 13:38:46 +0200 Subject: [PATCH 05/14] Added SPExternalUserExpiration Standard --- src/data/standards.json | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index c91e5c593515..adc9f61c5a5f 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -1844,6 +1844,26 @@ "CIS 3.0" ] }, + { + "name": "standards.SPExternalUserExpiration", + "cat": "SharePoint Standards", + "tag": ["mediumimpact", "CIS"], + "helpText": "Ensure guest access to a site or OneDrive will expire automatically", + "addedComponent": [ + { + "type": "number", + "name": "standards.SPExternalUserExpiration.Days", + "label": "Days until expiration (Default 60)" + } + ], + "label": "Set guest access to expire automatically", + "impact": "Medium Impact", + "impactColour": "warning", + "powershellEquivalent": "Set-SPOTenant -ExternalUserExpireInDays 30 -ExternalUserExpirationRequired $True", + "recommendedBy": [ + "CIS 3.0" + ] + }, { "name": "standards.DisableAddShortcutsToOneDrive", "cat": "SharePoint Standards", From e1e1a5a9655ebfa934ecb5679d6649f4080a5994 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 8 Jul 2024 14:02:42 +0200 Subject: [PATCH 06/14] Added SPEmailAttestation standard --- src/data/standards.json | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index adc9f61c5a5f..c1c338253bc1 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -1864,6 +1864,26 @@ "CIS 3.0" ] }, + { + "name": "standards.SPEmailAttestation", + "cat": "SharePoint Standards", + "tag": ["mediumimpact", "CIS"], + "helpText": "Ensure reauthentication with verification code is restricted", + "addedComponent": [ + { + "type": "number", + "name": "standards.SPEmailAttestation.Days", + "label": "Require reauth every X Days (Default 15)" + } + ], + "label": "Require reauthentication with verification code", + "impact": "Medium Impact", + "impactColour": "warning", + "powershellEquivalent": "Set-SPOTenant -EmailAttestationRequired $true -EmailAttestationReAuthDays 15", + "recommendedBy": [ + "CIS 3.0" + ] + }, { "name": "standards.DisableAddShortcutsToOneDrive", "cat": "SharePoint Standards", From 2ab99a075637d7690c99d343b841cc12a3ada307 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 8 Jul 2024 14:15:37 +0200 Subject: [PATCH 07/14] Added SPDisallowInfectedFiles standard --- src/data/standards.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/data/standards.json b/src/data/standards.json index c1c338253bc1..ff0286d5f381 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -1830,6 +1830,20 @@ "CIS 3.0" ] }, + { + "name": "standards.SPDisallowInfectedFiles", + "cat": "SharePoint Standards", + "tag": ["lowimpact", "CIS"], + "helpText": "Ensure Office 365 SharePoint infected files are disallowed for download", + "addedComponent": [], + "label": "Disallow downloading infected files from SharePoint", + "impact": "Low Impact", + "impactColour": "info", + "powershellEquivalent": "Set-SPOTenant -DisallowInfectedFileDownload $true", + "recommendedBy": [ + "CIS 3.0" + ] + }, { "name": "standards.SPDirectSharing", "cat": "SharePoint Standards", From 924d661a5738bb4db9ba9f71203aa1e55e0ed04f Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jul 2024 14:25:55 +0200 Subject: [PATCH 08/14] added task to restore --- src/views/tenant/backup/RestoreBackup.jsx | 215 ++++++---------------- 1 file changed, 61 insertions(+), 154 deletions(-) diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx index d106469d8949..aa34d219f9ac 100644 --- a/src/views/tenant/backup/RestoreBackup.jsx +++ b/src/views/tenant/backup/RestoreBackup.jsx @@ -42,34 +42,22 @@ const OffboardingWizard = () => { const [genericPostRequest, postResults] = useLazyGenericPostRequestQuery() - const handleSubmit = async (values) => { + const handleSubmit = (values) => { + const startDate = new Date() + const unixTime = Math.floor(startDate.getTime() / 1000) - 45 const shippedValues = { TenantFilter: tenantDomain, - OOO: values.OOO ? values.OOO : '', - forward: values.forward ? values.forward.value : '', - OnedriveAccess: values.OnedriveAccess ? values.OnedriveAccess : '', - AccessNoAutomap: values.AccessNoAutomap ? values.AccessNoAutomap : '', - AccessAutomap: values.AccessAutomap ? values.AccessAutomap : '', - ConvertToShared: values.ConvertToShared, - HideFromGAL: values.HideFromGAL, - DisableSignIn: values.DisableSignIn, - RemoveGroups: values.RemoveGroups, - RemoveLicenses: values.RemoveLicenses, - ResetPass: values.ResetPass, - RevokeSessions: values.RevokeSessions, - user: values.User, - deleteuser: values.DeleteUser, - removeRules: values.RemoveRules, - removeMobile: values.RemoveMobile, - keepCopy: values.keepCopy, - removePermissions: values.removePermissions, - PostExecution: values.Scheduled?.enabled - ? { webhook: values.webhook, psa: values.psa, email: values.email } - : '', + Name: `CIPP Restore ${tenantDomain}`, + Command: { value: `New-CIPPRestore` }, + Parameters: { Type: 'Scheduled', ScheduledBackupValues: { ...values } }, + ScheduledTime: unixTime, + PostExecution: { + Webhook: values.webhook, + Email: values.email, + PSA: values.psa, + }, } - - //alert(JSON.stringify(values, null, 2)) - genericPostRequest({ path: '/api/ExecOffboardUser', values: shippedValues }) + genericPostRequest({ path: '/api/AddScheduledItem', values: shippedValues }).then((res) => {}) } return ( @@ -101,7 +89,7 @@ const OffboardingWizard = () => { name: `${backup.RowKey}`, }))} placeholder={!currentBackupsIsFetching ? 'Select a backup' : 'Loading...'} - name="User" + name="backup" /> {currentBackupsError && Failed to load list of Current Backups} @@ -117,21 +105,21 @@ const OffboardingWizard = () => {

Identity

- - + +

Conditional Access

- - - + + +

Intune

- - - + + +

CIPP

- - + +
@@ -139,22 +127,31 @@ const OffboardingWizard = () => { - - - -
Warning
-

- Overwriting existing entries will remove the current settings and replace them with - the backup settings. If you have selected to restore users, all properties will be - overwritten with the backup settings. -

+ + +
Warning
+

+ Overwriting existing entries will remove the current settings and replace them + with the backup settings. If you have selected to restore users, all properties + will be overwritten with the backup settings. +

-

- To prevent and skip already existing entries, deselect the setting from the list - above, or disable overwrite. -

- - +

+ To prevent and skip already existing entries, deselect the setting from the list + above, or disable overwrite. +

+ + + +
+ + + + + + + +
@@ -170,13 +167,7 @@ const OffboardingWizard = () => { Loading )} - {postResults.isSuccess && ( - - {postResults.data.Results.map((message, idx) => { - return
  • {message}
    • - })} -     - )} + {postResults.isSuccess && {postResults.data.Results}} {!postResults.isSuccess && ( {/* eslint-disable react/prop-types */} @@ -189,6 +180,10 @@ const OffboardingWizard = () => {
    Selected Tenant:
    {tenantDomain}     + +
    Selected Backup:
    + {props.values.backup.value} +
    @@ -197,123 +192,35 @@ const OffboardingWizard = () => { - Revoke Sessions - - - - Remove all mobile devices - - - - Remove all mailbox rules - - - - Remove all mailbox permissions - - - - Remove Licenses - - - - Convert to Shared - - - - Disable Sign-in - - - - Reset Password - - - - Remove from all groups - - - - Hide from Global Address List - - - - Set Out of Office - - - - Give another user access to the mailbox with automap + Overwrite existing configuration - Give another user access to the mailbox without automap + Send results to Webhook - Give another user access to OneDrive + Send results to E-Mail - Forward all e-mail to another user + Send results to PSA From 2c4ef81d2fc7911b5bad6519d8e29a6ab0cb3c42 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Jul 2024 15:14:34 +0200 Subject: [PATCH 09/14] restore wizard updates --- src/views/tenant/backup/RestoreBackup.jsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx index aa34d219f9ac..3712473e2be4 100644 --- a/src/views/tenant/backup/RestoreBackup.jsx +++ b/src/views/tenant/backup/RestoreBackup.jsx @@ -49,7 +49,7 @@ const OffboardingWizard = () => { TenantFilter: tenantDomain, Name: `CIPP Restore ${tenantDomain}`, Command: { value: `New-CIPPRestore` }, - Parameters: { Type: 'Scheduled', ScheduledBackupValues: { ...values } }, + Parameters: { Type: 'Scheduled', RestoreValues: { ...values } }, ScheduledTime: unixTime, PostExecution: { Webhook: values.webhook, From 6a3dc6876e17f779630a54105059ffe73e2986e7 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Jul 2024 10:54:41 +0200 Subject: [PATCH 10/14] updated backup to allot alert backups --- src/views/tenant/backup/CreateBackup.jsx | 13 +++++++++---- src/views/tenant/backup/RestoreBackup.jsx | 3 ++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/views/tenant/backup/CreateBackup.jsx b/src/views/tenant/backup/CreateBackup.jsx index 028b3c91f31d..8a3821001f88 100644 --- a/src/views/tenant/backup/CreateBackup.jsx +++ b/src/views/tenant/backup/CreateBackup.jsx @@ -179,9 +179,7 @@ const CreateBackup = () => {

    Conditional Access

    - - - +

    Intune

    { label="Intune Protection Policies" />

    CIPP

    - + +     diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx index 3712473e2be4..1afd3267f716 100644 --- a/src/views/tenant/backup/RestoreBackup.jsx +++ b/src/views/tenant/backup/RestoreBackup.jsx @@ -118,7 +118,8 @@ const OffboardingWizard = () => {

    CIPP

    - + + From 9f1de9cbbf4573bf7f454b57b2672f4c3d2d9c42 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Jul 2024 13:57:00 +0200 Subject: [PATCH 11/14] finished restore settings --- src/views/tenant/backup/RestoreBackup.jsx | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/views/tenant/backup/RestoreBackup.jsx b/src/views/tenant/backup/RestoreBackup.jsx index 1afd3267f716..e2d3d1ec9a61 100644 --- a/src/views/tenant/backup/RestoreBackup.jsx +++ b/src/views/tenant/backup/RestoreBackup.jsx @@ -108,9 +108,7 @@ const OffboardingWizard = () => {

    Conditional Access

    - - - +

    Intune

    From f836fd8e4d7ee4dcbaebbd3b9ffb916e61fab5d9 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Jul 2024 14:01:43 +0200 Subject: [PATCH 12/14] do not allow duplicate backups to be set. --- src/views/tenant/backup/CreateBackup.jsx | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/views/tenant/backup/CreateBackup.jsx b/src/views/tenant/backup/CreateBackup.jsx index 8a3821001f88..faec25e074a3 100644 --- a/src/views/tenant/backup/CreateBackup.jsx +++ b/src/views/tenant/backup/CreateBackup.jsx @@ -37,11 +37,12 @@ const CreateBackup = () => { ScheduledTime: unixTime, Recurrence: { value: '1d' }, } - genericPostRequest({ path: '/api/AddScheduledItem?hidden=true', values: shippedValues }).then( - (res) => { - setRefreshState(res.requestId) - }, - ) + genericPostRequest({ + path: '/api/AddScheduledItem?hidden=true&DisallowDuplicateName=true', + values: shippedValues, + }).then((res) => { + setRefreshState(res.requestId) + }) } const Offcanvas = (row, rowIndex, formatExtraData) => { const handleDeleteSchedule = (apiurl, message) => { From 8ec1c9e62077037ef7ff0fcf0f51fd0ae64468fa Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Jul 2024 14:04:21 +0200 Subject: [PATCH 13/14] fixes to auditlog schema --- src/data/AuditLogSchema.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/data/AuditLogSchema.json b/src/data/AuditLogSchema.json index d29cdb5cffea..f58b08322473 100644 --- a/src/data/AuditLogSchema.json +++ b/src/data/AuditLogSchema.json @@ -70,12 +70,12 @@ }, "List:Operation": [ { "value": "UserLoggedIn", "name": "A user logged in" }, - { "value": "accessed mailbox items", "name": "accessed mailbox items" }, + { "value": "mailitemsaccessed", "name": "accessed mailbox items" }, { "value": "add delegation entry.", "name": "added delegation entry" }, { "value": "add domain to company.", "name": "added domain to company" }, { "value": "add group.", "name": "added group" }, { "value": "add member to group.", "name": "added member to group" }, - { "value": "add mailboxpermission", "name": "added delegate mailbox permissions" }, + { "value": "add-mailboxpermission", "name": "added delegate mailbox permissions" }, { "value": "add member to role.", "name": "added member to role" }, { "value": "add partner to company.", "name": "added a partner to the directory" }, { "value": "add service principal.", "name": "added service principal" }, @@ -111,7 +111,7 @@ "value": "remove service principal credentials.", "name": "removed credentials from a service principal" }, - { "value": "remove mailboxpermission", "name": "removed delegate mailbox permissions" }, + { "value": "remove-mailboxpermission", "name": "removed delegate mailbox permissions" }, { "value": "remove member from role.", "name": "removed a user from a directory role" }, { "value": "remove partner from company.", "name": "removed a partner from the directory" }, { "value": "removefolderpermissions", "name": "removed permissions from folder" }, @@ -132,7 +132,7 @@ "value": "set force change user password.", "name": "set property that forces user to change password" }, - { "value": "set inboxrule", "name": "modified inbox rule from outlook web app" }, + { "value": "set-inboxrule", "name": "modified inbox rule from outlook web app" }, { "value": "set license properties.", "name": "set license properties" }, { "value": "set password policy.", "name": "set password policy" }, { "value": "softdelete", "name": "deleted messages from deleted items folder" }, From 674131c1fb4edf247c6679cab4fe3bfc12da40c1 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Jul 2024 15:02:45 +0200 Subject: [PATCH 14/14] fixes issue with duplicate group mappings. --- src/views/tenant/administration/GDAPInviteWizard.jsx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/views/tenant/administration/GDAPInviteWizard.jsx b/src/views/tenant/administration/GDAPInviteWizard.jsx index 956b8a374f00..5f303a3c827f 100644 --- a/src/views/tenant/administration/GDAPInviteWizard.jsx +++ b/src/views/tenant/administration/GDAPInviteWizard.jsx @@ -114,6 +114,12 @@ const GDAPInviteWizard = () => { const filteredResults = results.data.filter((role) => defaultRolesArray.some((defaultRole) => defaultRole.ObjectId === role.roleDefinitionId), ) + const uniqueFilteredResults = filteredResults.filter( + (role, index, self) => + index === self.findIndex((t) => t.roleDefinitionId === role.roleDefinitionId), + ) + filteredResults.length = 0 + Array.prototype.push.apply(filteredResults, uniqueFilteredResults) setEasyMode(true) const resultsarr = [] setLoopRunning(true)