Merge pull request #37 from KelvinTegelaar/dev

Merging dev into master

.gitignore

@@ -5,4 +5,5 @@ chocoapps.cache
 *.log
 .vscode/
 Cache_BestPracticeAnalyser/
+Cache_DomainAnalyser/
 ExcludedTenants

AddAPDevice/run.ps1

@@ -11,9 +11,16 @@ Log-Request -user $request.headers.'x-ms-client-principal' -API $APINAME  -messa
 Write-Host "PowerShell HTTP trigger function processed a request."
 $TenantFilter = (Get-Content Tenants.cache.json | ConvertFrom-Json | Where-Object { $_.defaultdomainname -eq $Request.body.TenantFilter }).customerid
 $GroupName = if ($Request.body.Groupname) { $Request.body.Groupname } else { New-Guid }
-$rawDevices = ($Request.body.Devices | ConvertFrom-Csv -Header "SerialNumber", "oemManufacturerName", "modelName", "productKey", "hardwareHash" -Delimiter ",")
+$rawDevices = if ($Request.body.devices -like "Device serial number,Windows product ID,Hardware hash,Manufacturer name,Device Model*") {
+    Write-Host "csvupload"
+    ($Request.body.Devices | ConvertFrom-Csv -Delimiter "," -Header "SerialNumber", "productKey", "hardwareHash", "oemManufacturerName", "modelName") | Select-Object -Skip 1
+}
+else {
+    Write-Host "Standard table request"
+    ($Request.body.Devices | ConvertFrom-Csv -Header "SerialNumber", "oemManufacturerName", "modelName", "productKey", "hardwareHash" -Delimiter ",")
+}
 $Devices = ConvertTo-Json @($rawDevices)
-
+Write-Host $Devices
 $Result = try {
     $CurrentStatus = (New-GraphgetRequest -uri "https://api.partnercenter.microsoft.com/v1/customers/$tenantfilter/DeviceBatches" -scope 'https://api.partnercenter.microsoft.com/user_impersonation')
     if ($groupname -in $CurrentStatus.items.id) { throw "This device batch name already exists. Please try with another name." }

AddPolicy/run.ps1

@@ -12,12 +12,23 @@ $displayname = $request.body.Displayname
 $description = $request.body.Description
 $AssignTo = if ($request.body.Assignto -ne "on") { $request.body.Assignto }
 $RawJSON = $Request.body.RawJSON
+
 $results = foreach ($Tenant in $tenants) {
     try {
-        $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}'
-        $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations" -tenantid $tenant -type POST -body $CreateBody
-        $UpdateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('$($CreateRequest.id)')/updateDefinitionValues" -tenantid $tenant -type POST -body $RawJSON
-
+        switch ($Request.body.TemplateType) {
+            "Admin" {
+                $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}'
+                $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations" -tenantid $tenant -type POST -body $CreateBody
+                $UpdateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/groupPolicyConfigurations('$($CreateRequest.id)')/updateDefinitionValues" -tenantid $tenant -type POST -body $RawJSON
+            }
+            "Device" {
+                $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations" -tenantid $tenant -type POST -body $RawJSON
+            }
+            "Catalog" {
+                $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" -tenantid $tenant -type POST -body $RawJSON
+            }
+
+        }
         Log-Request -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Added policy $($Displayname)" -Sev "Error"
         if ($AssignTo) {
             $AssignBody = if ($AssignTo -ne "AllDevicesAndUsers") { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' }

AddUser/run.ps1

@@ -11,7 +11,7 @@ $userobj = $Request.body
 Write-Host "PowerShell HTTP trigger function processed a request."
 try {
     $licenses = ($userobj | Select-Object "License_*").psobject.properties.value
-    $aliasses = ($userobj.AddedAliasses).Split([Environment]::NewLine)
+    $Aliases = ($userobj.AddedAliases).Split([Environment]::NewLine)
     $password = if ($userobj.password) { $userobj.password } else { -join ('abcdefghkmnrstuvwxyzABCDEFGHKLMNPRSTUVWXYZ23456789$%&*#'.ToCharArray() | Get-Random -Count 12) }
     $UserprincipalName = "$($UserObj.username)@$($UserObj.domain)"
     $BodyToship = [pscustomobject] @{
@@ -27,7 +27,7 @@ try {
             "password"                      = $password
         }
     } | ConvertTo-Json
-    $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users" -tenantid $Userobj.tenantid-type POST -body $BodyToship  -verbose
+    $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users" -tenantid $Userobj.tenantid -type POST -body $BodyToship  -verbose
     Log-Request -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid)  -message "Created user $($userobj.displayname) with id $($GraphRequest.id) " -Sev "Info"
     $results.add("Created user.")
     $results.add("Username: $($UserprincipalName)")
@@ -60,19 +60,19 @@ catch {
 }
 
 try {
-    if ($aliasses) {
-        foreach ($Alias in $aliasses) {
+    if ($Aliases) {
+        foreach ($Alias in $Aliases) {
             Write-Host $Alias
             New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($GraphRequest.id)" -tenantid $Userobj.tenantid -type "patch" -body "{`"mail`": `"$Alias`"}" -verbose
         }
         New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($GraphRequest.id)" -tenantid $Userobj.tenantid -type "patch" -body "{`"mail`": `"$UserprincipalName`"}" -verbose
         Log-Request -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid)  -message "Added alias $($Alias) to $($userobj.displayname)" -Sev "Info"
-        $body = $results.add("Added aliasses: $($aliasses -join ',')")
+        $body = $results.add("Added Aliases: $($Aliases -join ',')")
     }
 }
 catch {
     Log-Request -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Alias API failed. $($_.Exception.Message)" -Sev "Error"
-    $body = $results.add("We've failed to create the aliasses: $($_.Exception.Message)")
+    $body = $results.add("We've failed to create the Aliases: $($_.Exception.Message)")
 }
 if ($Request.body.CopyFrom -ne "") {
     $MemberIDs = "https://graph.microsoft.com/v1.0/directoryObjects/" + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($GraphRequest.id)" -tenantid $Userobj.tenantid).id 

Applications_Upload/run.ps1

@@ -29,7 +29,7 @@ $EncBody = @{
 Try {
     $ApplicationList = (New-graphGetRequest -Uri $baseuri -tenantid $Tenant) | Where-Object { $_.DisplayName -eq $ChocoApp.ApplicationName }
     if ($ApplicationList.displayname.count -ge 1) { 
-        Log-Request -api "ChocoAppUpload" -API "ChocoApp"  -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) exists. Skipping this application" -Sev "Warning"
+        Log-Request -api "ChocoAppUpload"  -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) exists. Skipping this application" -Sev "Warning"
         continue
     }
     $NewApp = New-GraphPostRequest -Uri $baseuri -Body ($intuneBody | ConvertTo-Json) -Type POST -tenantid $tenant

BestPracticeAnalyser_All/run.ps1

@@ -44,11 +44,13 @@ $Result = [PSCustomObject]@{
     UnusedLicensesCount              = ""
     UnusedLicensesResult             = ""
     UnusedLicenseList                = ""
+    SecureScoreCurrent               = ""
+    SecureScoreMax                   = ""
+    SecureScorePercentage            = ""
 }
 
 # Starting the Best Practice Analyser
-Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Started Best Practice Analyser Durable Function on $($tenant)" -sev "Info"
-
+
 # Get the Secure Default State
 try {
     $SecureDefaultsState = (New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy" -tenantid $tenant)
@@ -257,6 +259,18 @@ catch {
     Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Unused Licenses on $($tenant). Error: $($_.exception.message)" -sev "Error"
 }
 
+# Get Secure Score
+try {
+    $SecureScore = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/security/secureScores?`$top=1" -tenantid $tenant -noPagination $true
+    $Result.SecureScoreCurrent = $SecureScore.currentScore
+    $Result.SecureScoreMax = $SecureScore.maxScore
+    $Result.SecureScorePercentage = [int](($SecureScore.currentScore / $SecureScore.maxScore) * 100)
+    Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Secure Score on $($tenant) is $($Result.SecureScoreCurrent) / $($Result.SecureScoreMax)" -sev "Debug"
+}
+catch {
+    Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Secure Score Retrieval on $($tenant). Error: $($_.exception.message)" -sev "Error" 
+}
+
 
 # Send Output of all the Results to the Stream
 $Result

BestPracticeAnalyser_List/run.ps1

@@ -11,7 +11,12 @@ Log-Request -user $request.headers.'x-ms-client-principal' -API $APINAME  -messa
 Write-Host "PowerShell HTTP trigger function processed a request."
 
 # Get all the things
-$Results = Get-ChildItem ".\Cache_BestPracticeAnalyser\*.json" | ForEach-Object{Get-Content $_.FullName | Out-String | ConvertFrom-Json}
+$UnfilteredResults = Get-ChildItem ".\Cache_BestPracticeAnalyser\*.json" | ForEach-Object{Get-Content $_.FullName | Out-String | ConvertFrom-Json}
+
+# Need to apply exclusion logic
+$Skiplist = Get-Content "ExcludedTenants" | ConvertFrom-Csv -Delimiter "|" -Header "Name", "User", "Date"
+
+$Results = $UnfilteredResults | Where-Object {$_.Tenant -notin $Skiplist.Name}
 
 # Associate values to output bindings by calling 'Push-OutputBinding'.
 Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

DomainAnalyser_All/function.json

@@ -0,0 +1,9 @@
+{
+  "bindings": [
+    {
+      "name": "tenant",
+      "direction": "in",
+      "type": "activityTrigger"
+    }
+  ]
+}