CIPPAPIModule.psm1
|
#Region './private/Connect-CIPP.ps1' -1 <# .SYNOPSIS Connects to the CIPP API using the provided credentials. .DESCRIPTION The Connect-CIPP function establishes a connection to the CIPP API by obtaining an access token using the client credentials flow. It requires the CIPP API URL, client ID, client secret, and tenant ID as input parameters. .PARAMETER CIPPAPIUrl The URL of the CIPP API. .PARAMETER CIPPClientID The client ID used to authenticate with the CIPP API. .PARAMETER CIPPClientSecret The client secret used to authenticate with the CIPP API. .PARAMETER TenantID The ID of the tenant associated with the CIPP API. .EXAMPLE Connect-CIPP -CIPPAPIUrl "https://api.cipp.com" -CIPPClientID "12345678-1234-1234-1234-1234567890ab" -CIPPClientSecret "MyClientSecret" -TenantID "98765432-4321-4321-4321-0987654321ba" Connects to the CIPP API using the specified credentials. #> function Connect-CIPP { [CmdletBinding()] Param( [string]$CIPPAPIUrl, [string]$CIPPClientID, [string]$CIPPClientSecret, [string]$TenantID ) $Script:AuthBody = @{ client_id = $script:CIPPClientID client_secret = $script:CIPPClientSecret scope = "api://$($script:CIPPClientID)/.default" grant_type = 'client_credentials' } $token = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$script:TenantId/oauth2/v2.0/token" -Method POST -Body $AuthBody $script:AuthHeader = @{ Authorization = "Bearer $($token.access_token)" } $script:TokenAcquiredTime = Get-Date $script:ExpiresIn = $token.expires_in } #EndRegion './private/Connect-CIPP.ps1' 47 #Region './private/Get-TokenExpiry.ps1' -1 <# .SYNOPSIS Calculates the expiry date and time for a token. .DESCRIPTION The Get-TokenExpiry function calculates the expiry date and time for a token based on the token's expiration time in seconds. .PARAMETER ExpiresIn Specifies the expiration time of the token in seconds. If not provided, the function uses the default expiration time stored in the $script:ExpiresIn variable. .OUTPUTS System.DateTime The calculated expiry date and time for the token. .EXAMPLE Get-TokenExpiry -ExpiresIn 3600 Calculates the expiry date and time for a token that expires in 3600 seconds (1 hour). #> function Get-TokenExpiry { [CmdletBinding()] [OutputType([DateTime])] param ( [Parameter(Mandatory = $false)] [int64]$ExpiresIn = $script:ExpiresIn ) if ($script:ExpiresIn -eq $null) { return } else { $Script:ExpiryDateTime = $script:TokenAcquiredTime.AddSeconds($script:ExpiresIn) Write-Verbose "Calculated token expiry as $Script:ExpiryDateTime" } } #EndRegion './private/Get-TokenExpiry.ps1' 35 #Region './private/Helpers/ConvertTo-FormattedArray.ps1' -1 <# .SYNOPSIS Converts an input array into a formatted array with labels. .DESCRIPTION The ConvertTo-FormattedArray function takes an input array and a label prefix as parameters. It iterates through each item in the input array and creates a formatted array with labels. Each item in the formatted array is a hashtable with two properties: 'value' and 'label'. The 'value' property contains the original item from the input array, and the 'label' property contains the concatenation of the label prefix and the item. .PARAMETER inputArray The input array to be converted into a formatted array. .PARAMETER labelPrefix The prefix to be added to each item in the formatted array as a label. .EXAMPLE $inputArray = 1, 2, 3 $labelPrefix = "Item" ConvertTo-FormattedArray -inputArray $inputArray -labelPrefix $labelPrefix This example will convert the input array [1, 2, 3] into a formatted array with labels. The resulting formatted array will be: [ @{ value = 1 label = "Item - 1" }, @{ value = 2 label = "Item - 2" }, @{ value = 3 label = "Item - 3" } ] #> function ConvertTo-FormattedArray { param ( [array]$inputArray, [string]$labelPrefix ) $formattedArray = @() foreach ($item in $inputArray) { $formattedArray += @{ value = $item label = "$labelPrefix - $item" } } return $formattedArray } #EndRegion './private/Helpers/ConvertTo-FormattedArray.ps1' 51 #Region './private/Invoke-CIPPPreFlightCheck.ps1' -1 <# .SYNOPSIS Invokes the pre-flight check before connecting to the CIPP API. .DESCRIPTION This function performs a pre-flight check before connecting to the CIPP API. It checks if the required CIPP API information is available and if the token has expired. If the information is not found or the token has expired, it connects to the CIPP API using the provided credentials. .PARAMETER None This function does not accept any parameters. .EXAMPLE Invoke-CIPPPreFlightCheck #> function Invoke-CIPPPreFlightCheck { [CmdletBinding()] param () if ($null -eq $Script:CIPPClientID -or $null -eq $Script:CIPPClientSecret -or $null -eq $Script:CIPPAPIUrl -or $null -eq $Script:TenantID) { throw 'Cannot continue: CIPP API information not found. Please run Set-CIPPAPIDetails before connecting to the API.' break } Get-TokenExpiry if ((-not $Script:ExpiryDateTime) -or ($script:ExpiryDateTime -lt (Get-Date))) { Write-Verbose 'Token expired or not found. Connecting to CIPP' $request = @{ CIPPClientID = $script:CIPPClientID CIPPClientSecret = $script:CIPPClientSecret CIPPAPIUrl = $script:CIPPAPIUrl TenantID = $TenantID } Connect-CIPP @request } } #EndRegion './private/Invoke-CIPPPreFlightCheck.ps1' 38 #Region './public/CIPP/Core/Get-CIPPAccessCheck.ps1' -1 <# .SYNOPSIS Performs a tenant access check for the specified customer tenant ID. .DESCRIPTION The Get-CIPPAccessCheck function performs a tenant access check for the specified customer tenant ID. It sends a POST request to the "/api/execaccesschecks" endpoint with the provided tenant ID. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the access check needs to be performed. .EXAMPLE Get-CIPPAccessCheck -CustomerTenantID "87654321-4321-4321-4321-0987654321BA" Runs a tenant access check for the customer tenant ID "87654321-4321-4321-4321-0987654321BA". #> function Get-CIPPAccessCheck { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string[]]$CustomerTenantID ) Write-Verbose "Running tenant access check for $CustomerTenantID" $Endpoint = '/api/execaccesschecks' $params = @{ tenants = 'true' } $body = @{ tenantid = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Params $params -Method POST } #EndRegion './public/CIPP/Core/Get-CIPPAccessCheck.ps1' 34 #Region './public/CIPP/Core/Get-CIPPExecAPIPermissionsList.ps1' -1 <# .SYNOPSIS Retrieves the list of CIPP execution API permissions. .DESCRIPTION The Get-CIPPExecAPIPermissionsList function retrieves the list of CIPP execution API permissions by making a REST API call to the specified endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPExecAPIPermissionsList Retrieves the list of CIPP execution API permissions. #> function Get-CIPPExecAPIPermissionsList { [CmdletBinding()] Param() Write-Verbose 'Getting CIPP Logs' $endpoint = '/api/ExecAPIPermissionList' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/CIPP/Core/Get-CIPPExecAPIPermissionsList.ps1' 27 #Region './public/CIPP/Core/Get-CIPPFunctionParameters.ps1' -1 <# .SYNOPSIS Retrieves the parameters of a CIPP function. .DESCRIPTION The Get-CIPPFunctionParameters function is used to retrieve the parameters of a CIPP function. It sends a request to the "/api/ListFunctionParameters" endpoint and returns the response. .PARAMETER Module Specifies the name of the module containing the function. This parameter is optional. .PARAMETER Function Specifies the name of the function. This parameter is optional. .PARAMETER Compliance Specifies whether to retrieve compliance-related parameters. This parameter is optional and defaults to $false. .EXAMPLE Get-CIPPFunctionParameters -Module "CIPPCore" -Function "Set-CIPPUserLicense" Retrieves the compliance-related parameters of the specified function in the specified module. .EXAMPLE Get-CIPPFunctionParameters -Module "CIPPCore" Retrieves all parameters of all functions in the specified module. #> function Get-CIPPFunctionParameters { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$Module, [Parameter(Mandatory = $false)] [string]$Function, [parameter(Mandatory = $false)] [bool]$Compliance = $false ) Write-Verbose 'Getting Function Parameters' $Endpoint = '/api/ListFunctionParameters' $params = @{ Module = $Module Function = $Function Compliance = $Compliance } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPFunctionParameters.ps1' 48 #Region './public/CIPP/Core/Get-CIPPKnownIPDB.ps1' -1 <# .SYNOPSIS Retrieves the Known IP Database for a specific customer tenant. .DESCRIPTION The Get-CIPPKnownIPDB function retrieves the Known IP Database for a specific customer tenant by making a REST API call to the "/api/listknownipdb" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the Known IP Database. .EXAMPLE Get-CIPPKnownIPDB -CustomerTenantID "12345678" Retrieves the Known IP Database for the customer tenant with ID "12345678". .INPUTS None. .OUTPUTS System.Object .NOTES This function requires the Invoke-CIPPRestMethod function to be available. .LINK Invoke-CIPPRestMethod #> function Get-CIPPKnownIPDB { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID ) Write-Verbose "Getting Known IP Database for $CustomerTenantID" $endpoint = '/api/listknownipdb' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPKnownIPDB.ps1' 41 #Region './public/CIPP/Core/Get-CIPPLogs.ps1' -1 <# .SYNOPSIS Retrieves CIPP logs from the API. .DESCRIPTION The Get-CIPPLogs function retrieves logs from the CIPP API by invoking the "/api/ListLogs" endpoint. .PARAMETER Severity Accepts any of: debug,info,warn,error,critical,alert. If DateFilter is not specified alongside, it assumes current date in local time. .PARAMETER DateFilter Date in "yyyyMMdd" format. This should be in the time zone of your CIPP instance (default UTC). .EXAMPLE Get-CIPPLogs Retrieves CIPP logs from the API. .EXAMPLE Get-CIPPLogs -Severity "Alert" -DateFilter "20240711" Retrieves CIPP logs matching "alert" on 20240711 #> function Get-CIPPLogs { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [ValidateSet( 'error', 'alert', 'debug', 'info', 'warn', 'critical' )] [string]$Severity, [Parameter(Mandatory = $false)] [string]$DateFilter = (Get-Date -Format 'yyyyMMdd') ) $endpoint = '/api/ListLogs' $Params = @{ 'Filter' = $True 'DateFilter' = $DateFilter } if ($Severity) { $Params['Severity'] = $Severity } Write-Verbose 'Getting CIPP Logs' Invoke-CIPPRestMethod -Endpoint $endpoint -Param $Params } #EndRegion './public/CIPP/Core/Get-CIPPLogs.ps1' 56 #Region './public/CIPP/Core/Get-CIPPPublicPhishingCheck.ps1' -1 <# .SYNOPSIS Retrieves public phishing check for a specific customer tenant. .DESCRIPTION The Get-CIPPPublicPhishingCheck function retrieves the public phishing check for a specific customer tenant. It makes an API call to the "/api/publicphishingcheck" endpoint with the provided tenant ID. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the public phishing check. .EXAMPLE Get-CIPPPublicPhishingCheck -CustomerTenantID "87654321-4321-4321-4321-0987654321BA" Retrieves the public phishing check for the customer tenant with the ID "87654321-4321-4321-4321-0987654321BA". #> function Get-CIPPPublicPhishingCheck { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting public phishing check $CustomerTenantID" $endpoint = '/api/publicphishingcheck' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPPublicPhishingCheck.ps1' 30 #Region './public/CIPP/Core/Set-CIPPExecCPVPerms.ps1' -1 <# .SYNOPSIS Sets the CPV (Customer Provided Values) permissions for a specific customer tenant. .DESCRIPTION The Set-CIPPExecCPVPerms function is used to refresh the CPV permissions for a specified customer tenant. It calls the Invoke-CIPPRestMethod function internally to make the REST API call. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the CPV permissions need to be refreshed. This parameter is mandatory. .PARAMETER resetsp Specifies whether to reset the Stored Procedure (SP) associated with the CPV permissions. The valid values are "true" and "false". This parameter is optional and defaults to "false". .EXAMPLE Set-CIPPExecCPVPerms -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -resetsp "true" Refreshes the CPV permissions for the customer tenant with the ID "12345678-1234-1234-1234-1234567890AB" and resets the associated Stored Procedure. .EXAMPLE Set-CIPPExecCPVPerms -CustomerTenantID "87654321-4321-4321-4321-0987654321BA" Refreshes the CPV permissions for the customer tenant with the ID "87654321-4321-4321-4321-0987654321BA" without resetting the associated Stored Procedure. #> function Set-CIPPExecCPVPerms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [guid]$CustomerTenantID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$resetsp = 'false' ) Write-Verbose "Refreshing CPV for $CustomerTenantID" $endpoint = '/api/execcpvpermissions' $params = @{ tenantfilter = $CustomerTenantID ResetSP = $resetsp } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Set-CIPPExecCPVPerms.ps1' 43 #Region './public/CIPP/Settings/Get-CIPPExcludedLicenses.ps1' -1 <# .SYNOPSIS Retrieves the list of excluded licenses from CIPP. .DESCRIPTION The Get-CIPPExcludedLicenses function is used to retrieve the list of excluded licenses from CIPP. It sends a request to the API endpoint "/api/execexcludelicenses" with the parameter "List" set to "true" to get the excluded license list. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPExcludedLicenses # Retrieves the list of excluded licenses from the CIPP API. .NOTES This function requires the Invoke-CIPPRestMethod function to be available in the current session. #> function Get-CIPPExcludedLicenses { [CmdletBinding()] Param() Write-Verbose 'Getting Excluded License List' $endpoint = '/api/execexcludelicenses' $params = @{ List = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Settings/Get-CIPPExcludedLicenses.ps1' 32 #Region './public/CIPP/Settings/Get-CIPPExcludedTenants.ps1' -1 <# .SYNOPSIS Retrieves a list of excluded tenants. .DESCRIPTION The Get-CIPPExcludedTenants function retrieves a list of excluded tenants from CIPP. It can retrieve all tenants or only the ones that are currently excluded. .PARAMETER ListAll Specifies whether to retrieve all tenants or only the ones that are currently excluded. By default, it retrieves only the excluded tenants. .EXAMPLE Get-CIPPExcludedTenants Retrieves the list of currently excluded tenants. .EXAMPLE Get-CIPPExcludedTenants -ListAll Retrieves the list of all tenants, including the ones that are not currently excluded. #> function Get-CIPPExcludedTenants { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [switch]$ListAll ) Write-Verbose 'Getting Excluded Tenants List' $endpoint = '/api/execexcludetenant' if (!$listAll) { $params = @{ List = 'true' } } else { $params = @{ ListAll = 'true' } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Settings/Get-CIPPExcludedTenants.ps1' 44 #Region './public/CIPP/Settings/Get-CIPPVersion.ps1' -1 <# .SYNOPSIS Retrieves the version of the CIPP application. .DESCRIPTION The Get-CIPPVersion function retrieves the version of the CIPP application by making a REST API call to the "/api/Getversion" endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPVersion Retrieves the version of the CIPP application. #> function Get-CIPPVersion { [CmdletBinding()] Param() Write-Verbose 'Getting CIPP Version' $endpoint = '/api/Getversion' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/CIPP/Settings/Get-CIPPVersion.ps1' 25 #Region './public/CIPP/Settings/Set-CIPPExcludeLicense.ps1' -1 <# .SYNOPSIS Sets the exclusion status of a license in CIPP. .DESCRIPTION The Set-CIPPExcludeLicense function is used to set the exclusion status of a license in CIPP. It allows you to add or remove a license from the exclusion list. .PARAMETER LicenseGUID Specifies the GUID of the license to be excluded or included. .PARAMETER SKUName Specifies the SKU name of the license. .PARAMETER RemoveExclusion Indicates whether to remove the license from the exclusion list. This switch cannot be used together with the -AddExclusion switch. .PARAMETER AddExclusion Indicates whether to add the license to the exclusion list. This switch cannot be used together with the -RemoveExclusion switch. .EXAMPLE Set-CIPPExcludeLicense -LicenseGUID "12345678-1234-1234-1234-1234567890AB" -SKUName "ExampleSKU" -RemoveExclusion Removes the license with the specified GUID from the exclusion list. .EXAMPLE Set-CIPPExcludeLicense -LicenseGUID "12345678-1234-1234-1234-1234567890AB" -SKUName "ExampleSKU" -AddExclusion Adds the license with the specified GUID to the exclusion list. #> function Set-CIPPExcludeLicense { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [guid]$LicenseGUID, [Parameter(Mandatory = $true)] [string]$SKUName, [Parameter()] [switch]$RemoveExclusion, [Parameter()] [switch]$AddExclusion ) # Ensure only one of the switches is used if ($AddExclusion -and $RemoveExclusion) { throw 'You cannot use both -AddExclusion and -RemoveExclusion switches at the same time.' } if (-not $AddExclusion -and -not $RemoveExclusion) { throw 'You must specify either -AddExclusion or -RemoveExclusion switch.' } $endpoint = '/api/execexcludelicenses' if ($RemoveExclusion) { $params = @{ GUID = $LicenseGUID RemoveExclusion = $true } Write-Verbose "Removing License $LicenseGUID from the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } else { $params = @{ AddExclusion = $true } $body = @{ GUID = $LicenseGUID SKUName = $SKUName } Write-Verbose "Adding License $LicenseGUID to the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Body $body -Method POST } } #EndRegion './public/CIPP/Settings/Set-CIPPExcludeLicense.ps1' 72 #Region './public/CIPP/Settings/Set-CIPPExcludeTenant.ps1' -1 <# .SYNOPSIS Sets the exclusion status for a customer tenant in the CIPP system. .DESCRIPTION The Set-CIPPExcludeTenant function is used to add or remove a customer tenant from the exclusion list in the CIPP system. Exclusion means that the tenant will be excluded from certain operations or processes in the system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. If you are adding a tenant, this needs to be their default domain (contoso.onmicrosoft.com), if you are excluding a tenant this needs to be the tenant ID Guid (1fefeb73-0947-4803-a720-92be0e9a7d8e) .PARAMETER AddExclusion Indicates whether to add the customer tenant to the exclusion list. This switch cannot be used together with the RemoveExclusion switch. .PARAMETER RemoveExclusion Indicates whether to remove the customer tenant from the exclusion list. This switch cannot be used together with the AddExclusion switch. .EXAMPLE Set-CIPPExcludeTenant -CustomerTenantID "1fefeb73-0947-4803-a720-92be0e9a7d8e" -AddExclusion Adds the customer tenant with ID "1fefeb73-0947-4803-a720-92be0e9a7d8e" to the exclusion list. .EXAMPLE Set-CIPPExcludeTenant -CustomerTenantID "contoso.onmicrosoft.com" -RemoveExclusion Removes the customer tenant with ID "contoso.onmicrosoft.com" from the exclusion list. #> function Set-CIPPExcludeTenant { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter()] [switch]$AddExclusion, [Parameter()] [switch]$RemoveExclusion ) # Ensure only one of the switches is used if ($AddExclusion -and $RemoveExclusion) { throw 'You cannot use both -AddExclusion and -RemoveExclusion switches at the same time.' } if (-not $AddExclusion -and -not $RemoveExclusion) { throw 'You must specify either -AddExclusion or -RemoveExclusion switch.' } $endpoint = '/api/execexcludetenant' if ($RemoveExclusion) { $params = @{ TenantFilter = $CustomerTenantID RemoveExclusion = $true } Write-Verbose "Removing Tenant $CustomerTenantID from the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } else { $params = @{ AddExclusion = $true } $body = @{ value = $CustomerTenantID } Write-Verbose "Adding Tenant $CustomerTenantID to the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Body $body -Method POST } } #EndRegion './public/CIPP/Settings/Set-CIPPExcludeTenant.ps1' 68 #Region './public/CIPP/Settings/Set-CIPPPasswordSettings.ps1' -1 <# .SYNOPSIS Sets or gets the CIPP password settings. .DESCRIPTION The Set-CIPPPasswordSettings function is used to view the password settings for CIPP or to set them. .PARAMETER Type Specifies the type of password settings to be set. Valid values are "Correct-Battery-Horse" and "Classic". .PARAMETER List Specifies whether to list the current password settings. If set to $true, the function will retrieve the current password settings. .EXAMPLE Set-CIPPPasswordSettings -Type "Correct-Battery-Horse" Sets the password settings to "Correct-Battery-Horse". .EXAMPLE Set-CIPPPasswordSettings -List $true Lists the current password settings. #> function Set-CIPPPasswordSettings { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [ValidateSet( 'Correct-Battery-Horse', 'Classic' )] [string]$Type, [Parameter(Mandatory = $false)] [bool]$List ) Write-Verbose 'Getting CIPP Password Settings' $endpoint = '/api/execpasswordconfig' if ($List) { $params = @{ List = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } else { $body = @{ passwordType = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } } #EndRegion './public/CIPP/Settings/Set-CIPPPasswordSettings.ps1' 53 #Region './public/Email-Exchange/Add-CIPPContact.ps1' -1 <# .SYNOPSIS Adds a contact to a customer's tenant. .DESCRIPTION The Add-CIPPContact function adds a contact to a customer's tenant using the CIPP API. It requires the customer's tenant ID, display name, external email address, first name, and last name as mandatory parameters. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER DisplayName The display name of the contact. .PARAMETER ExternalEmailAddress The external email address of the contact. .PARAMETER FirstName The first name of the contact. .PARAMETER LastName The last name of the contact. .EXAMPLE Add-CIPPContact -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -DisplayName "John Doe" -ExternalEmailAddress "john.doe@example.com" -FirstName "John" -LastName "Doe" Adds a contact with the specified details to the customer's tenant. #> function Add-CIPPContact { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$ExternalEmailAddress, [Parameter(Mandatory = $true)] [string]$FirstName, [Parameter(Mandatory = $true)] [string]$LastName ) Write-Verbose "Adding Contact in tenant: $CustomerTenantID" $Endpoint = '/api/addcontact' $body = @{ tenantid = $CustomerTenantID displayName = $DisplayName email = $ExternalEmailAddress FirstName = $FirstName LastName = $LastName } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email-Exchange/Add-CIPPContact.ps1' 55 #Region './public/Email-Exchange/Add-CIPPRoomMailbox.ps1' -1 <# .SYNOPSIS Adds a room mailbox to a specified tenant. .DESCRIPTION This function adds a room mailbox to a specified tenant by calling the CIPP API endpoint '/api/AddRoomMailbox'. It requires the tenant ID, display name, domain, and username as mandatory parameters. Optionally, the resource capacity can also be specified. .PARAMETER CustomerTenantID The ID of the customer tenant where the room mailbox will be added. Either TenantID or Default domain can be used to identify the tenant. .PARAMETER DisplayName The display name for the room mailbox. .PARAMETER Domain The domain for the room mailbox. .PARAMETER Username The username for the room mailbox. .PARAMETER ResourceCapacity The resource capacity for the room mailbox. This parameter is optional. .EXAMPLE Add-RoomMailbox -CustomerTenantID "7e3effb6-6efe-42f2-b071-48ce318eaf95" -DisplayName "Conference Room 1" -Domain "example.com" -Username "confroom1" -ResourceCapacity 10 .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to make a POST request to the CIPP API. #> function Add-CIPPRoomMailbox { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$Domain, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $false)] [int]$ResourceCapacity ) Write-Verbose "Adding room mailbox in tenant: $CustomerTenantID" $Endpoint = '/api/AddRoomMailbox' $body = @{ tenantID = $CustomerTenantID displayName = $DisplayName username = $Username domain = $Domain userPrincipalName = "$Username@$Domain" resourceCapacity = $ResourceCapacity } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email-Exchange/Add-CIPPRoomMailbox.ps1' 60 #Region './public/Email-Exchange/Add-CIPPSharedMailbox.ps1' -1 <# .SYNOPSIS Adds a shared mailbox to a specified tenant. .DESCRIPTION This function adds a shared mailbox to a specified tenant using the provided tenant ID, display name, domain, and username. Optionally, additional aliases can be added. .PARAMETER CustomerTenantID The ID of the customer tenant where the shared mailbox will be added. This parameter is mandatory. Either TenantID or Default domain can be used to identify the tenant. .PARAMETER DisplayName The display name for the shared mailbox. This parameter is mandatory. .PARAMETER Domain The domain for the shared mailbox. This parameter is mandatory. .PARAMETER Username The username for the shared mailbox. This parameter is mandatory. .PARAMETER AddedAliases An array of additional aliases to be added to the shared mailbox. This parameter is optional. .EXAMPLE Add-CIPPSharedMailbox -CustomerTenantID "d6766bb9-44e0-4a4b-b8d0-3d9c4d1d15cc" -DisplayName "Support" -Domain "example.com" -Username "support" This example adds a shared mailbox with the display name "Support" and the username "support" to the tenant "d6766bb9-44e0-4a4b-b8d0-3d9c4d1d15cc". .EXAMPLE Add-CIPPSharedMailbox -CustomerTenantID "example.com" -DisplayName "Support" -Domain "example.com" -Username "support" -AddedAliases "itsupport@example.com" This example adds a shared mailbox with the display name "Support" and the username "support" to the tenant "example.com". One additional alias is also added to the mailbox. .EXAMPLE Add-CIPPSharedMailbox -CustomerTenantID "example.com" -DisplayName "Support" -Domain "example.com" -Username "support" -AddedAliases 'itsupport@example.com','helpdesk@example.com','sos@example.com' This example adds a shared mailbox with the display name "Support" and the username "support" to the tenant "example.com". Three additional aliases is also added to the mailbox. The AddedAliases parameter accepts an array of strings. .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to send a POST request to the /api/AddSharedMailbox endpoint. #> function Add-CIPPSharedMailbox { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$Domain, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $false)] [array]$AddedAliases ) Write-Verbose "Adding Shared mailbox in tenant: $CustomerTenantID" $Endpoint = '/api/AddSharedMailbox' $body = @{ tenantID = $CustomerTenantID displayName = $DisplayName username = $Username domain = $Domain AddedAliases = $AddedAliases } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email-Exchange/Add-CIPPSharedMailbox.ps1' 69 #Region './public/Email-Exchange/Get-CIPPCalendarPerms.ps1' -1 <# .SYNOPSIS Retrieves calendar permissions for a user in a specified customer tenant. .DESCRIPTION The Get-CIPPCalendarPerms function retrieves the calendar permissions for a user in a specified customer tenant using the CIPP API. It sends a request to the "/api/listcalendarpermissions" endpoint with the provided customer tenant ID and user ID. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPCalendarPerms -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "john.doe@example.com" Retrieves the calendar permissions for the user "john.doe@example.com" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPCalendarPerms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user calendar permissions for user: $UserID" $Endpoint = '/api/listcalendarpermissions' $Params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Email-Exchange/Get-CIPPCalendarPerms.ps1' 37 #Region './public/Email-Exchange/Get-CIPPContacts.ps1' -1 <# .SYNOPSIS Retrieves contact details for a specific contact or all contacts for a given tenant. .DESCRIPTION The Get-CIPPContacts function retrieves contact details for a specific contact or all contacts for a given tenant in the CIPP system. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the contacts. This parameter is mandatory. .PARAMETER ContactID Specifies the ID of the contact to retrieve details for. If not provided, details for all contacts in the specified tenant will be retrieved. This parameter is optional. .EXAMPLE Get-CIPPContacts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -ContactID "65be49bb-85cb-4d92-9e34-9e855d0c830c" Retrieves contact details for the contact with ID "65be49bb-85cb-4d92-9e34-9e855d0c830c" in the tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPContacts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves contact details for all contacts in the tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPContacts { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [GUID]$ContactID ) if ($ContactID) { Write-Verbose "Getting Contact details for Contact: $ContactID" } else { Write-Verbose "Getting all Contacts for tenant $CustomerTenantID" } $endpoint = '/api/listcontacts' $params = @{ tenantfilter = $CustomerTenantID contactid = $ContactID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPContacts.ps1' 45 #Region './public/Email-Exchange/Get-CIPPEnabledSharedMailboxes.ps1' -1 <# .SYNOPSIS Retrieves shared mailboxes with account enabled for a specific customer tenant ID. .DESCRIPTION The Get-CIPPEnabledSharedMailboxes function retrieves shared mailboxes with account enabled for a specific customer tenant ID. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API and retrieve the shared mailboxes. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the shared mailboxes. .EXAMPLE Get-CIPPEnabledSharedMailboxes -CustomerTenantID "contoso.onmicrosoft.com" Retrieves shared mailboxes with account enabled for the "contoso.onmicrosoft.com" customer tenant ID. #> function Get-CIPPEnabledSharedMailboxes { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting shared mailboxes with account enabled for $CustomerTenantID" $endpoint = '/api/listsharedmailboxaccountenabled' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPEnabledSharedMailboxes.ps1' 30 #Region './public/Email-Exchange/Get-CIPPExchangeConnectors.ps1' -1 <# .SYNOPSIS Retrieves Exchange Connectors for a specific customer. .DESCRIPTION The Get-CIPPExchangeConnectors function retrieves Exchange Connectors for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the unique identifier of the customer's tenant. .EXAMPLE Get-CIPPExchangeConnectors -CustomerTenantID "Get-CIPPEnabledSharedMailboxes" Retrieves the Exchange Connectors for the customer with the tenant ID "Get-CIPPEnabledSharedMailboxes". #> function Get-CIPPExchangeConnectors { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Exchange Connectors for customer: $CustomerTenantID" $endpoint = '/api/listexchangeconnectors' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPExchangeConnectors.ps1' 31 #Region './public/Email-Exchange/Get-CIPPExchangeConnectorTemplates.ps1' -1 <# .SYNOPSIS Retrieves the Exchange Connector Templates. .DESCRIPTION The Get-CIPPExchangeConnectorTemplates function retrieves the Exchange Connector Templates by making a REST API call to the specified endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPExchangeConnectorTemplates This example demonstrates how to use the Get-CIPPExchangeConnectorTemplates function to retrieve the Exchange Connector Templates. #> function Get-CIPPExchangeConnectorTemplates { [CmdletBinding()] Param() Write-Verbose 'Getting Exchange Connectors Templates' $endpoint = '/api/listexconnectortemplates' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Email-Exchange/Get-CIPPExchangeConnectorTemplates.ps1' 26 #Region './public/Email-Exchange/Get-CIPPMailboxCAS.ps1' -1 <# .SYNOPSIS Retrieves the Mailbox Client Access Settings for a specific customer tenant. .DESCRIPTION The Get-CIPPMailboxCAS function retrieves the Mailbox Client Access Settings for a specified customer tenant ID. It makes use of the Invoke-CIPPRestMethod function to send a request to the '/api/listmailboxcas' endpoint and returns the results. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the Mailbox Client Access Settings. This parameter is mandatory. .EXAMPLE Get-CIPPMailboxCAS -CustomerTenantID "d25d58b0-7f7e-4b81-af6c-b5e6451dafcc" Retrieves the Mailbox Client Access Settings for the customer tenant with the ID "d25d58b0-7f7e-4b81-af6c-b5e6451dafcc". .INPUTS None. You cannot pipe input to this function. .OUTPUTS System.Object. The function returns an object representing the Mailbox Client Access Settings. .NOTES This function requires the Invoke-CIPPRestMethod function to be available. .LINK Invoke-CIPPRestMethod #> function Get-CIPPMailboxCAS { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Mailbox Client Access Settings for $CustomerTenantID" $endpoint = '/api/listmailboxcas' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxCAS.ps1' 42 #Region './public/Email-Exchange/Get-CIPPMailboxes.ps1' -1 <# .SYNOPSIS Retrieves a list of mailboxes for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMailboxes function retrieves a list of mailboxes for a specified customer tenant ID. It can also include soft-deleted mailboxes if the -SoftDeletedMailboxes switch is used. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the mailbox list. .PARAMETER SoftDeletedMailboxes Indicates whether to include soft-deleted mailboxes in the result. By default, this parameter is set to $false. .EXAMPLE Get-CIPPMailboxes -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the list of mailboxes for the "contoso.onmicrosoft.com" tenant. .EXAMPLE Get-CIPPMailboxes -CustomerTenantID "contoso.onmicrosoft.com" -SoftDeletedMailboxes Retrieves the list of soft-deleted mailboxes for the "contoso.onmicrosoft.com" tenant. #> function Get-CIPPMailboxes { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$SoftDeletedMailboxes ) Write-Verbose "Getting Mailbox List for $CustomerTenantID" $endpoint = '/api/ListMailboxes' $params = @{ tenantfilter = $CustomerTenantID } if ($SoftDeletedMailboxes) { $params.Add('SoftDeletedMailbox', 'true') } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxes.ps1' 42 #Region './public/Email-Exchange/Get-CIPPMailboxMobileDevices.ps1' -1 <# .SYNOPSIS Retrieves the mobile devices associated with a mailbox. .DESCRIPTION The Get-CIPPMailboxMobileDevices function retrieves the mobile devices associated with a mailbox in the CIPP system. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API and retrieve the mobile devices. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .PARAMETER Mailbox Specifies the mailbox for which to retrieve the mobile devices. .EXAMPLE Get-CIPPMailboxMobileDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Mailbox "user@example.com" Retrieves the mobile devices associated with the mailbox "user@example.com" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPMailboxMobileDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Mailbox ) Write-Verbose "Getting mailbox mobile devices for $Mailbox" $endpoint = '/api/listmailboxmobiledevices' $params = @{ tenantfilter = $CustomerTenantID mailbox = $Mailbox } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxMobileDevices.ps1' 36 #Region './public/Email-Exchange/Get-CIPPMailboxPermissions.ps1' -1 <# .SYNOPSIS Retrieves mailbox permissions for a specified customer tenant and user ID. .DESCRIPTION The Get-CIPPMailboxPermissions function retrieves mailbox permissions for a specified customer tenant and user ID. It makes an API call to the "/api/listmailboxpermissions" endpoint with the provided parameters. .PARAMETER CustomerTenantID The ID of the customer tenant for which mailbox permissions are to be retrieved. This parameter is mandatory. .PARAMETER UserID The ID of the user for which mailbox permissions are to be retrieved. This parameter is mandatory. .EXAMPLE Get-CIPPMailboxPermissions -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user1@domain.com" This example retrieves mailbox permissions for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and the user with ID "user1@domain.com". #> function Get-CIPPMailboxPermissions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting mailbox permissions for $CustomerTenantID" $endpoint = '/api/listmailboxpermissions' $params = @{ tenantfilter = $CustomerTenantID userid = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxPermissions.ps1' 38 #Region './public/Email-Exchange/Get-CIPPMailboxRestores.ps1' -1 <# .SYNOPSIS Retrieves mailbox restores for a specified customer tenant. .DESCRIPTION The Get-CIPPMailboxRestores function retrieves mailbox restores for a specified customer tenant in the CIPP project. It uses the Invoke-CIPPRestMethod function to make a REST API call to the "/api/listmailboxrestores" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which mailbox restores should be retrieved. This parameter is mandatory. .PARAMETER Identity Specifies the identity of the mailbox for which restores should be retrieved. This parameter is optional. .PARAMETER Includereport Indicates whether to include the restore report in the results. This parameter is optional. .PARAMETER Statistics Indicates whether to include statistics about the restores in the results. This parameter is optional. .EXAMPLE Get-CIPPMailboxRestores -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Identity "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -Includereport -Statistics Retrieves mailbox restores for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and includes the restore report and statistics in the results. #> function Get-CIPPMailboxRestores { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$Identity, [Parameter(Mandatory = $false)] [switch]$Includereport, [Parameter(Mandatory = $false)] [switch]$Statistics ) Write-Verbose "Getting mailbox restores for $CustomerTenantID" $endpoint = '/api/listmailboxrestores' $params = @{ tenantfilter = $CustomerTenantID identity = $Identity } if ($Includereport) { $params.IncludeReport = 'true' } if ($Statistics) { $params.Statistics = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxRestores.ps1' 55 #Region './public/Email-Exchange/Get-CIPPMailboxRules.ps1' -1 <# .SYNOPSIS Retrieves mailbox rules for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMailboxRules function retrieves mailbox rules for a specified customer tenant ID by making a REST API call to the "/api/listmailboxrules" endpoint. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve mailbox rules. .EXAMPLE Get-CIPPMailboxRules -CustomerTenantID "contoso.onmicrosoft.com" This example retrieves mailbox rules for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPMailboxRules { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting mailbox rules for $CustomerTenantID" $endpoint = '/api/listmailboxrules' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxRules.ps1' 31 #Region './public/Email-Exchange/Get-CIPPMailboxStatistics.ps1' -1 <# .SYNOPSIS Retrieves mailbox statistics for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMailboxStatistics function retrieves mailbox statistics for a specified customer tenant ID by making a REST API call to the "/api/listmailboxstatistics" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which mailbox statistics need to be retrieved. .EXAMPLE Get-CIPPMailboxStatistics -CustomerTenantID "contoso.onmicrosoft.com" Retrieves mailbox statistics for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPMailboxStatistics { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting mailbox statistics for $CustomerTenantID" $endpoint = '/api/listmailboxstatistics' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailboxStatistics.ps1' 30 #Region './public/Email-Exchange/Get-CIPPMailQuarantine.ps1' -1 <# .SYNOPSIS Retrieves the mail quarantine for a specific customer tenant. .DESCRIPTION The Get-CIPPMailQuarantine function retrieves the mail quarantine for a specific customer tenant by making a REST API call to the "/api/listmailquarantine" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the mail quarantine. .EXAMPLE Get-CIPPMailQuarantine -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the mail quarantine for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPMailQuarantine { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting mail quarantine for $CustomerTenantID" $endpoint = '/api/listmailquarantine' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMailQuarantine.ps1' 30 #Region './public/Email-Exchange/Get-CIPPMessageTrace.ps1' -1 <# .SYNOPSIS Retrieves the message trace for a specific customer tenant ID. .DESCRIPTION The Get-CIPPMessageTrace function retrieves the message trace for a specific customer tenant ID within a specified number of days. It can also filter the results based on the sender and recipient email addresses. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the message trace needs to be retrieved. This parameter is mandatory. .PARAMETER Days Specifies the number of days within which the message trace needs to be retrieved. This parameter is mandatory. .PARAMETER Sender Specifies the sender email address to filter the message trace results. This parameter is optional. .PARAMETER Recipient Specifies the recipient email address to filter the message trace results. This parameter is optional. .EXAMPLE Get-CIPPMessageTrace -CustomerTenantID "contoso.onmicrosoft.com" -Days 7 Retrieves the message trace for the customer tenant ID "contoso.onmicrosoft.com" within the last 7 days. .EXAMPLE Get-CIPPMessageTrace -CustomerTenantID "contoso.onmicrosoft.com" -Days 30 -Sender "john.doe@contoso.com" Retrieves the message trace for the customer tenant ID "contoso.onmicrosoft.com" within the last 30 days, filtering the results to include only messages sent by "john.doe@contoso.com". .EXAMPLE Get-CIPPMessageTrace -CustomerTenantID "contoso.onmicrosoft.com" -Days 14 -Recipient "jane.smith@contoso.com" Retrieves the message trace for the customer tenant ID "contoso.onmicrosoft.com" within the last 14 days, filtering the results to include only messages received by "jane.smith@contoso.com". #> function Get-CIPPMessageTrace { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Days, [Parameter(Mandatory = $false)] [string]$Sender, [Parameter(Mandatory = $false)] [string]$Recipient ) Write-Verbose "Getting message trace for $CustomerTenantID" $endpoint = '/api/listmessagetrace' $params = @{ tenantfilter = $CustomerTenantID days = $Days sender = $Sender recipient = $Recipient } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPMessageTrace.ps1' 58 #Region './public/Email-Exchange/Get-CIPPOutOfOffice.ps1' -1 <# .SYNOPSIS Retrieves the out of office status for a specified user. .DESCRIPTION The Get-CIPPOutOfOffice function retrieves the out of office status for a specified user in a customer's tenant. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER UserID Specifies the ID of the user. .EXAMPLE Get-CIPPOutOfOffice -CustomerTenantID "contoso.onmicrosoft.com" -UserID "john.doe@domain.com" Retrieves the out of office status for the user with the ID "john.doe@domain.com" in the customer's tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPOutOfOffice { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting out of office for $UserID" $endpoint = '/api/listooo' $params = @{ tenantfilter = $CustomerTenantID userid = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPOutOfOffice.ps1' 36 #Region './public/Email-Exchange/Get-CIPPPhishPolicies.ps1' -1 <# .SYNOPSIS Retrieves the phishing policies for a specific customer tenant. .DESCRIPTION The Get-CIPPPhishPolicies function retrieves the phishing policies for a specific customer tenant by making a REST API call to the "/api/listphishpolicies" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the phishing policies. .EXAMPLE Get-CIPPPhishPolicies -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the phishing policies for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPPhishPolicies { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Phish Policies for $CustomerTenantID" $endpoint = '/api/listphishpolicies' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPPhishPolicies.ps1' 30 #Region './public/Email-Exchange/Get-CIPPRecipients.ps1' -1 <# .SYNOPSIS Retrieves recipients for a specified customer tenant ID. .DESCRIPTION The Get-CIPPRecipients function retrieves recipients for a specified customer tenant ID by making a REST API call to the "/api/listrecipients" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve recipients. .EXAMPLE Get-CIPPRecipients -CustomerTenantID "contoso.onmicrosoft.com" Retrieves recipients for the customer tenant ID "contoso.onmicrosoft.com". #> function Get-CIPPRecipients { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting recipients for $CustomerTenantID" $endpoint = '/api/listrecipients' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPRecipients.ps1' 30 #Region './public/Email-Exchange/Get-CIPPSpamFilter.ps1' -1 <# .SYNOPSIS Retrieves the spam filter settings for a specified customer tenant ID. .DESCRIPTION The Get-CIPPSpamFilter function retrieves the spam filter settings for a specified customer tenant ID using the CIPP API. It sends a request to the "/api/listspamfilter" endpoint with the provided tenant ID as a filter parameter. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve the spam filter settings. This parameter is mandatory. .EXAMPLE Get-CIPPSpamFilter -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the spam filter settings for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPSpamFilter { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting spam filter settings for $CustomerTenantID" $endpoint = '/api/listspamfilter' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPSpamFilter.ps1' 30 #Region './public/Email-Exchange/Get-CIPPSpamFilterTemplates.ps1' -1 <# .SYNOPSIS Retrieves spam filter templates from the CIPP API. .DESCRIPTION The Get-CIPPSpamFilterTemplates function retrieves spam filter templates from the CIPP API. It makes a REST API call to the "/api/listspamfiltertemplates" endpoint and returns the templates. .PARAMETER TemplateID Specifies the ID of the template to retrieve. This parameter is optional. .EXAMPLE Get-CIPPSpamFilterTemplates -TemplateID "12345" Retrieves the spam filter template with the ID "12345" from the CIPP API. #> function Get-CIPPSpamFilterTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$TemplateID ) Write-Verbose 'Getting spam filter templates' $endpoint = '/api/listspamfiltertemplates' $params = @{ id = $TemplateID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPSpamFilterTemplates.ps1' 30 #Region './public/Email-Exchange/Get-CIPPTransportRules.ps1' -1 <# .SYNOPSIS Retrieves transport rules for a specified customer tenant ID. .DESCRIPTION The Get-CIPPTransportRules function retrieves transport rules for a specified customer tenant ID using the CIPP API. .PARAMETER CustomerTenantID The unique identifier of the customer tenant for which to retrieve the transport rules. .EXAMPLE Get-CIPPTransportRules -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the transport rules for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPTransportRules { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting transport rules for $CustomerTenantID" $endpoint = '/api/listtransportrulestemplates' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPTransportRules.ps1' 30 #Region './public/Email-Exchange/Get-CIPPUserMailboxDetails.ps1' -1 <# .SYNOPSIS Retrieves the mailbox details for a specific user in the CIPP system. .DESCRIPTION The Get-CIPPUserMailboxDetails function retrieves the mailbox details for a specific user in the CIPP system. It makes an API call to the "/api/listusermailboxdetails" endpoint, passing the customer tenant ID and user ID as parameters. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the mailbox details. .PARAMETER UserID The ID of the user for which to retrieve the mailbox details. .EXAMPLE Get-CIPPUserMailboxDetails -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user@domain.com" Retrieves the mailbox details for the user with ID "user@domain.com" in the customer tenant with ID "contoso.onmicrosoft.com". #> function Get-CIPPUserMailboxDetails { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user Mailbox Details for $userID" $endpoint = '/api/listusermailboxdetails' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPUserMailboxDetails.ps1' 38 #Region './public/Email-Exchange/Get-CIPPUserMailboxRules.ps1' -1 <# .SYNOPSIS Retrieves the mailbox rules for a specific user in the CIPP system. .DESCRIPTION The Get-CIPPUserMailboxRules function retrieves the mailbox rules for a specific user in the CIPP system. It makes an API call to the "/api/listusermailboxrules" endpoint, passing the customer tenant ID and user ID as parameters. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPUserMailboxRules -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user@domain.com" Retrieves the mailbox rules for the user with the ID "user@domain.com" in the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPUserMailboxRules { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user Mailbox Rules for $userID" $endpoint = '/api/listusermailboxrules' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Get-CIPPUserMailboxRules.ps1' 38 #Region './public/Email-Exchange/Set-CIPPCalendarPermissions.ps1' -1 <# .SYNOPSIS Sets calendar permissions for a user in a customer's tenant. .DESCRIPTION The Set-CIPPCalendarPermissions function is used to edit calendar permissions for a specified user in a customer's tenant. It allows you to set different levels of permissions for the user on the calendar folder. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER Permissions Specifies the level of permissions to be set for the user on the calendar folder. Valid values are: - Author - Contributor - Editor - Owner - Non Editing Author - Publishing Author - Publishing Editor - Reviewer - LimitedDetails - AvailabilityOnly .PARAMETER Userid Specifies the ID of the user for whom the calendar permissions are being set. .PARAMETER RemoveAccess Specifies whether to remove the user's access to the calendar folder. This parameter is optional. .PARAMETER usertogetpermissions Specifies the ID of the user for whom you are giving permission to. This parameter is optional. .PARAMETER FolderName Specifies the name of the calendar folder. The default value is "Calendar". .EXAMPLE Set-CIPPCalendarPermissions -CustomerTenantID "contoso.onmicrosoft.com" -Permissions "Editor" -Userid "user@example.com" This example sets the calendar permissions for the user with the ID "user@example.com" in the customer's tenant with the ID "contoso.onmicrosoft.com" to "Editor" level. #> function Set-CIPPCalendarPermissions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [ValidateSet( 'Author', 'Contributor', 'Editor', 'Owner', 'Non Editing Author', 'Publishing Author', 'Publishing Editor', 'Reviewer', 'LimitedDetails', 'AvailabilityOnly' )] [string]$Permissions, [Parameter(Mandatory = $true)] [string]$Userid, [Parameter(Mandatory = $false)] [string]$RemoveAccess, [Parameter(Mandatory = $false)] [string]$usertogetpermissions, [Parameter(Mandatory = $false)] [string]$FolderName = 'Calendar' ) Write-Verbose "Editing calendar permissions for $Userid" $endpoint = '/api/execeditcalendarpermissions' $params = @{ TenantFilter = $CustomerTenantID permissions = $Permissions userid = $Userid removeaccess = $RemoveAccess usertogetpermissions = $usertogetpermissions FolderName = $FolderName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPCalendarPermissions.ps1' 86 #Region './public/Email-Exchange/Set-CIPPContact.ps1' -1 <# .SYNOPSIS Modifies a contact in the CIPP API. .DESCRIPTION The Set-CIPPContact function is used to edit a contact in the CIPP API. It allows you to modify various properties of the contact, such as display name, email address, first name, last name, job title, address, phone numbers, etc. .PARAMETER CustomerTenantID The ID of the customer tenant where the contact belongs. .PARAMETER ContactID The ID of the contact to be edited. .PARAMETER DisplayName The new display name for the contact. If not provided, the existing display name will be used. .PARAMETER ExternalEmailAddress The new external email address for the contact. If not provided, the existing email address will be used. .PARAMETER FirstName The new first name for the contact. If not provided, the existing first name will be used. .PARAMETER LastName The new last name for the contact. If not provided, the existing last name will be used. .PARAMETER JobTitle The new job title for the contact. If not provided, the existing job title will be used. .PARAMETER StreetAddress The new street address for the contact. If not provided, the existing street address will be used. .PARAMETER PostalCode The new postal code for the contact. If not provided, the existing postal code will be used. .PARAMETER City The new city for the contact. If not provided, the existing city will be used. .PARAMETER Country The new country for the contact. If not provided, the existing country will be used. This must be a valid ISO 3166-1 alpha-2 country code. .PARAMETER MobilePhone The new mobile phone number for the contact. If not provided, the existing mobile phone number will be used. .PARAMETER PhoneNumber The new business phone number for the contact. If not provided, the existing business phone number will be used. .EXAMPLE Set-CIPPContact -CustomerTenantID "contoso.onmicrosoft.com" -ContactID "46200db7-45cd-447e-a7d9-1d2feb91bb10" -DisplayName "John Doe" -JobTitle "Manager" This example edits the contact with ID "46200db7-45cd-447e-a7d9-1d2feb91bb10" in the customer tenant "contoso.onmicrosoft.com". It sets the display name to "John Doe" and the job title to "Manager". Other properties remain unchanged. #> function Set-CIPPContact { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ContactID, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$ExternalEmailAddress, [Parameter(Mandatory = $false)] [string]$FirstName, [Parameter(Mandatory = $false)] [string]$LastName, [Parameter(Mandatory = $false)] [string]$JobTitle, [Parameter(Mandatory = $false)] [string]$StreetAddress, [Parameter(Mandatory = $false)] [string]$PostalCode, [Parameter(Mandatory = $false)] [string]$City, [Parameter(Mandatory = $false)] [string]$Country, [Parameter(Mandatory = $false)] [string]$MobilePhone, [Parameter(Mandatory = $false)] [string]$PhoneNumber ) Write-Verbose "Editing Contact in tenant: $CustomerTenantID" $existingContact = Get-CIPPContacts -CustomerTenantID $CustomerTenantID -ContactID $ContactID # Filter to get the mobile and business phone numbers from the phones collection $existingMobilePhone = ($existingContact.phones | Where-Object { $_.type -eq 'mobile' }).number $existingBusinessPhone = ($existingContact.phones | Where-Object { $_.type -eq 'business' }).number $Endpoint = '/api/Editcontact' $body = @{ tenantID = $CustomerTenantID ContactID = $ContactID DisplayName = $DisplayName ? $DisplayName : $existingContact.DisplayName mail = $ExternalEmailAddress ? $ExternalEmailAddress : $existingContact.mail firstName = $FirstName ? $FirstName : $existingContact.givenName LastName = $LastName ? $LastName : $existingContact.surname jobTitle = $JobTitle ? $JobTitle : $existingContact.jobTitle Country = $Country ? $Country : $existingContact.addresses.CountryOrRegion PostalCode = $PostalCode ? $PostalCode : $existingContact.addresses.postalcode CompanyName = $CompanyName ? $CompanyName : $existingContact.companyName StreetAddress = $StreetAddress ? $StreetAddress : $existingContact.addresses.street MobilePhone = $MobilePhone ? $MobilePhone : $existingMobilePhone BusinessPhone = $PhoneNumber ? $PhoneNumber : $existingBusinessPhone City = $City ? $City : $existingContact.addresses.city } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email-Exchange/Set-CIPPContact.ps1' 114 #Region './public/Email-Exchange/Set-CIPPConvertMailbox.ps1' -1 <# .SYNOPSIS Converts a mailbox to a shared mailbox or user mailbox in the CIPP system. .DESCRIPTION The Set-CIPPConvertMailbox function is used to convert a mailbox in the CIPP system to either a shared mailbox or a user mailbox. It sends a request to the CIPP API to perform the conversion. .PARAMETER CustomerTenantID The ID of the customer tenant where the mailbox belongs. .PARAMETER UserID The ID of the user whose mailbox needs to be converted. .PARAMETER ConvertToUserMailbox Specifies whether the mailbox should be converted to a user mailbox. If this switch is provided, the mailbox will be converted to a user mailbox. If not provided, the mailbox will be converted to a shared mailbox. .EXAMPLE Set-CIPPConvertMailbox -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user@domain.com" -ConvertToUserMailbox Converts the mailbox of user "user1" in the customer tenant "contoso.onmicrosoft.com" to a user mailbox. .EXAMPLE Set-CIPPConvertMailbox -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user@domain.com" Converts the mailbox of user "user@domain.com" in the customer tenant "contoso.onmicrosoft.com" to a shared mailbox. #> function Set-CIPPConvertMailbox { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [switch]$ConvertToUserMailbox ) Write-Verbose "Converting Mailbox $userID" $endpoint = '/api/execconverttosharedmailbox' $params = @{ tenantfilter = $CustomerTenantID id = $UserID ConvertToUser = if ($ConvertToUserMailbox) { 'true' } else { 'false' } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPConvertMailbox.ps1' 48 #Region './public/Email-Exchange/Set-CIPPCopyToSent.ps1' -1 <# .SYNOPSIS Sets the option to copy sent items to a shared mailbox for a specific user. .DESCRIPTION The Set-CIPPCopyToSent function sets the option to copy sent items to a shared mailbox for a specific user in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER UserID Specifies the ID of the user. .PARAMETER MessageCopyForSentAsEnabled Specifies whether to enable or disable the option to copy sent items for the user. Valid values are "true" or "false". The default value is "true". .EXAMPLE Set-CIPPCopyToSent -CustomerTenantID "contoso.onmicrosoft.com" -UserID "john.doe@domain.com" -MessageCopyForSentAsEnabled "true" This example sets the option to copy sent items to a shared mailbox for the user "john.doe@domain.com" in the customer's tenant with ID "contoso.onmicrosoft.com". #> function Set-CIPPCopyToSent { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$MessageCopyForSentAsEnabled = 'true' ) Write-Verbose "Copy Sent Items to Shared Mailbox for $userID $MessageCopyForSentAsEnabled" $endpoint = '/api/execcopyforsent' $params = @{ tenantfilter = $CustomerTenantID id = $UserID MessageCopyForSentAsEnabled = $MessageCopyForSentAsEnabled } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPCopyToSent.ps1' 50 #Region './public/Email-Exchange/Set-CIPPEnableArchive.ps1' -1 <# .SYNOPSIS Enables email archiving for a specified user in the CIPP system. .DESCRIPTION The Set-CIPPEnableArchive function enables email archiving for a specified user in the CIPP system. It sends a request to the CIPP API to enable email archiving for the user identified by the provided CustomerTenantID and UserID. .PARAMETER CustomerTenantID The unique identifier of the customer tenant. .PARAMETER UserID The unique identifier of the user. .EXAMPLE Set-CIPPEnableArchive -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user@domain.com" Enables email archiving for the user with the CustomerTenantID "contoso.onmicrosoft.com" and UserID "user@domain.com". #> function Set-CIPPEnableArchive { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Enabling Email Archive for $userID" $endpoint = '/api/execenablearchive' $params = @{ tenantfilter = $CustomerTenantID id = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPEnableArchive.ps1' 40 #Region './public/Email-Exchange/Set-CIPPExchConnector.ps1' -1 <# .SYNOPSIS Sets the state and type of an Exchange Connector for a specific customer tenant. .DESCRIPTION The Set-CIPPExchConnector function is used to edit the state and type of an Exchange Connector for a specific customer tenant. It sends a REST API request to update the connector settings. .PARAMETER CustomerTenantID The ID of the customer tenant for which the Exchange Connector needs to be edited. .PARAMETER State The state of the Exchange Connector. Valid values are "Enable" and "Disabled". .PARAMETER Guid The GUID of the Exchange Connector. .PARAMETER Type The type of the Exchange Connector. .EXAMPLE Set-CIPPExchConnector -CustomerTenantID "contoso.onmicrosoft.com" -State "Enable" -Guid "abcdefg" -Type "Inbound" This example sets the state of the Exchange Connector for the customer tenant with ID "contoso.onmicrosoft.com" to "Enable", using the GUID "abcdefg" and the type "Inbound". #> function Set-CIPPExchConnector { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory)] [ValidateSet('Enable', 'Disabled')] [string]$State, [Parameter(Mandatory = $true)] [guid]$Guid, [Parameter(Mandatory = $true)] [string]$Type ) Write-Verbose "Editing Exchange Connector for tenant $CustomerTenantID" $endpoint = '/api/editexconnector' $params = @{ TenantFilter = $CustomerTenantID state = $State GUID = $Guid Type = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPExchConnector.ps1' 52 #Region './public/Email-Exchange/Set-CIPPHideFromGAL.ps1' -1 <# .SYNOPSIS Sets the "hide from Global Address List (GAL)" property for a user in a customer's tenant. .DESCRIPTION The Set-CIPPHideFromGAL function is used to set the "hide from GAL" property for a specified user in a customer's tenant. This property determines whether the user's email address is visible in the Global Address List (GAL) or not. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER UserID Specifies the ID of the user for whom the "hide from GAL" property needs to be set. .PARAMETER hidefromgal Specifies whether the user's email address should be hidden from the GAL or not. Valid values are 'true' and 'false'. .EXAMPLE Set-CIPPHideFromGAL -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user1@example.com" -hidefromgal "true" Sets the "hide from GAL" property to true for the user with the email address "user1@example.com" in the customer's tenant with ID "contoso.onmicrosoft.com". .EXAMPLE Set-CIPPHideFromGAL -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user2@example.com" -hidefromgal "false" Sets the "hide from GAL" property to false for the user with the email address "user2@example.com" in the customer's tenant with ID "contoso.onmicrosoft.com". #> function Set-CIPPHideFromGAL { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [validateset( 'true', 'false' )] [string]$hidefromgal ) Write-Verbose "Setting hide from GAL to $hidefromgal for $UserID" $endpoint = '/api/exechidefromgal' $params = @{ tenantfilter = $CustomerTenantID id = $UserID hidefromgal = $hidefromgal } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPHideFromGAL.ps1' 51 #Region './public/Email-Exchange/Set-CIPPMailboxForwarding.ps1' -1 <# .SYNOPSIS Sets mailbox forwarding for a user. .DESCRIPTION The Set-CIPPMailboxForwarding function sets mailbox forwarding for a user. It allows you to specify the customer tenant ID, user ID, and various forwarding options such as external and internal email addresses, disabling forwarding, and keeping a copy of forwarded emails. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user whose mailbox forwarding needs to be set. .PARAMETER DisableForwarding Specifies whether to disable mailbox forwarding. By default, it is set to $false. .PARAMETER ForwardExternalEmailAddress The external email address to forward emails to. .PARAMETER ForwardInternalEmailAddress The internal email address to forward emails to. This parameter accepts an array of email addresses. .PARAMETER KeepCopy Specifies whether to keep a copy of forwarded emails. By default, it is set to $false. .EXAMPLE Set-CIPPMailboxForwarding -CustomerTenantID "contoso.onmicrosoft.com" -UserID "john.doe@contoso.onmicrosoft.com" -ForwardExternalEmailAddress "john.doe@example.com" -KeepCopy $true This example sets mailbox forwarding for the user "john.doe@contoso.onmicrosoft.com" in the customer tenant with ID "contoso.onmicrosoft.com". Emails will be forwarded to the external email address "john.doe@example.com". A copy of forwarded emails will be kept. #> function Set-CIPPMailboxForwarding { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [bool]$DisableForwarding, [Parameter(Mandatory = $false)] [string]$ForwardExternalEmailAddress, [Parameter(Mandatory = $false)] [string]$ForwardInternalEmailAddress, [Parameter(Mandatory = $false)] [bool]$KeepCopy ) Write-Verbose "Forwarding Mailbox for $UserID to $ForwardExternalEmailAddress $ForwardInternalEmailAddress" $endpoint = '/api/execemailforward' $body = @{ tenantFilter = $CustomerTenantID ForwardExternal = $ForwardExternalEmailAddress ForwardInternal = (ConvertTo-FormattedArray -inputArray $ForwardInternalEmailAddress -labelPrefix $ForwardInternalEmailAddress) KeepCopy = $KeepCopy userid = $UserID disableForwarding = $DisableForwarding } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body } #EndRegion './public/Email-Exchange/Set-CIPPMailboxForwarding.ps1' 62 #Region './public/Email-Exchange/Set-CIPPMailboxMobileDevices.ps1' -1 <# .SYNOPSIS Edits the mobile device settings for a specified user in a customer's tenant. .DESCRIPTION The Set-CIPPMailboxMobileDevices function allows you to edit the mobile device settings for a specified user in a customer's tenant. You can set the device ID, user ID, quarantine status, delete status, and device GUID. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER DeviceID Specifies the ID of the mobile device. .PARAMETER UserID Specifies the ID of the user. .PARAMETER Quarantine Specifies whether the mobile device should be quarantined. Valid values are "true" or "False". .PARAMETER Delete Specifies whether the mobile device should be deleted. Valid values are "true" or "False". The default value is "False". .PARAMETER DeviceGUID Specifies the GUID of the mobile device. .EXAMPLE Set-CIPPMailboxMobileDevices -CustomerTenantID "contoso.onmicrosoft.com" -DeviceID "ABCD1234" -UserID "user1@domain.com" -Quarantine "true" This example sets the mobile device with the ID "ABCD1234" for the user "user1@domain.com" in the customer's tenant with the ID "contoso.onmicrosoft.com" to be quarantined. .EXAMPLE Set-CIPPMailboxMobileDevices -CustomerTenantID "contoso.onmicrosoft.com" -UserID "user1@domain.com" -Delete "true" -DeviceGUID "EFGH5678" This example deletes the mobile device with the GUID "EFGH5678" for the user "user1@domain.com" in the customer's tenant with the ID "contoso.onmicrosoft.com". #> function Set-CIPPMailboxMobileDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$DeviceID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [ValidateSet('true', 'False')] [string]$Quarantine, [Parameter(Mandatory = $false)] [ValidateSet('true', 'False')] [string]$Delete = 'False', [Parameter(Mandatory = $false)] [guid]$DeviceGUID ) Write-Verbose "Editing Mobile Device for $UserID" $endpoint = '/api/execmailboxmobiledevices' if ($Quarantine) { $params = @{ tenantfilter = $CustomerTenantID DeviceID = $DeviceID Userid = $UserID Quarantine = $Quarantine } } else { $params = @{ tenantfilter = $CustomerTenantID Userid = $UserID Delete = $Delete GUID = $DeviceGUID } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPMailboxMobileDevices.ps1' 77 #Region './public/Email-Exchange/Set-CIPPMailboxPermissions.ps1' -1 <# .SYNOPSIS Sets mailbox permissions for a user in the CIPP system. .DESCRIPTION The Set-CIPPMailboxPermissions function is used to edit mailbox permissions for a specified user in the CIPP system. It allows you to add or remove full access, send as, and send on behalf permissions for the user's mailbox. .PARAMETER CustomerTenantID The ID of the customer's tenant in the CIPP system. .PARAMETER Userid The ID of the user whose mailbox permissions need to be edited. .PARAMETER RemoveFullAccess An optional array of mailboxes from which to remove full access permissions for the user. .PARAMETER AddFullAccessAutoMap An optional array of mailboxes to which to add full access permissions with automapping enabled for the user. .PARAMETER AddFullAccessNoAutoMap An optional array of mailboxes to which to add full access permissions with automapping disabled for the user. .PARAMETER AddSendAs An optional array of mailboxes to which to add send as permissions for the user. .PARAMETER RemoveSendAs An optional array of mailboxes from which to remove send as permissions for the user. .PARAMETER AddSendOnBehalf An optional array of mailboxes to which to add send on behalf permissions for the user. .PARAMETER RemoveSendOnBehalf An optional array of mailboxes from which to remove send on behalf permissions for the user. .EXAMPLE Set-CIPPMailboxPermissions -CustomerTenantID "contoso.onmicrosoft.com" -Userid "john.doe@example.com" -AddFullAccessAutoMap "mailbox1@example.com", "mailbox2@example.com" -AddSendAs "mailbox3@example.com" This example sets mailbox permissions for the user "john.doe@example.com" in the CIPP system. It adds full access permissions with automapping enabled to "mailbox1@example.com" and "mailbox2@example.com", and adds send as permissions to "mailbox3@example.com". #> function Set-CIPPMailboxPermissions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Userid, [Parameter(Mandatory = $false)] [array]$RemoveFullAccess = @(), [Parameter(Mandatory = $false)] [array]$AddFullAccessAutoMap = @(), [Parameter(Mandatory = $false)] [array]$AddFullAccessNoAutoMap = @(), [Parameter(Mandatory = $false)] [array]$AddSendAs = @(), [Parameter(Mandatory = $false)] [array]$RemoveSendAs = @(), [Parameter(Mandatory = $false)] [array]$AddSendOnBehalf = @(), [Parameter(Mandatory = $false)] [array]$RemoveSendOnBehalf = @() ) Write-Verbose "Editing Mailbox permissions for $Userid" $endpoint = '/api/execeditmailboxpermissions' $body = @{ TenantFilter = $CustomerTenantID UserID = $Userid RemoveFullAccess = (ConvertTo-FormattedArray -inputArray $RemoveFullAccess -labelPrefix 'Remove Full Access') AddFullAccess = (ConvertTo-FormattedArray -inputArray $AddFullAccessAutoMap -labelPrefix 'Add Full Access AutoMap') AddFullAccessNoAutoMap = (ConvertTo-FormattedArray -inputArray $AddFullAccessNoAutoMap -labelPrefix 'Add Full Access No AutoMap') AddSendAs = (ConvertTo-FormattedArray -inputArray $AddSendAs -labelPrefix 'Add Send As') RemoveSendAs = (ConvertTo-FormattedArray -inputArray $RemoveSendAs -labelPrefix 'Remove Send As') AddSendOnBehalf = (ConvertTo-FormattedArray -inputArray $AddSendOnBehalf -labelPrefix 'Add Send On Behalf') RemoveSendOnBehalf = (ConvertTo-FormattedArray -inputArray $RemoveSendOnBehalf -labelPrefix 'Remove Send On Behalf') } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Email-Exchange/Set-CIPPMailboxPermissions.ps1' 81 #Region './public/Email-Exchange/Set-CIPPMailboxQuota.ps1' -1 <# .SYNOPSIS Sets the mailbox quota for a user .DESCRIPTION The Set-CIPPMailboxQuota function is used to set the mailbox quota for a user. It allows you to specify the customer tenant ID, user ID, and the mailbox quota limits such as ProhibitSendQuota, IssueWarningQuota, and ProhibitSendReceiveQuota. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .PARAMETER ProhibitSendQuota The maximum mailbox size (in MB, GB or TB) at which sending messages is prohibited. .PARAMETER IssueWarningQuota The mailbox size (in MB, GB or TB) at which a warning is issued to the user. .PARAMETER ProhibitSendReceiveQuota The maximum mailbox size (in MB, GB or TB) at which sending and receiving messages is prohibited. .EXAMPLE Set-CIPPMailboxQuota -CustomerTenantID "contoso.onmicrosoft.com" -UserID "john.doe@contoso.com" -ProhibitSendQuota "1GB" Sets the mailbox quota for the user "john.doe" in the customer tenant with ID "contoso.onmicrosoft.com". The ProhibitSendQuota is set to 1GB .EXAMPLE Set-CIPPMailboxQuota -CustomerTenantID "contoso.onmicrosoft.com" -UserID "john.doe@contoso.com" -ProhibitSendReceiveQuota "5GB" Sets the mailbox quota for the user "john.doe" in the customer tenant with ID "contoso.onmicrosoft.com". The ProhibitSendReceiveQuota is set to 5GB .NOTES This function requires the Invoke-CIPPRestMethod function to be available. You can only use one parameter at a time: ProhibitSendQuota, IssueWarningQuota, or ProhibitSendReceiveQuota. #> function Set-CIPPMailboxQuota { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [string]$ProhibitSendQuota, [Parameter(Mandatory = $false)] [string]$IssueWarningQuota, [Parameter(Mandatory = $false)] [string]$ProhibitSendReceiveQuota ) Write-Verbose "Setting Mailbox Quota for $userID" $endpoint = '/api/execsetmailboxquota' $body = @{ tenantfilter = $CustomerTenantID user = $UserID } if ($ProhibitSendQuota) { $body.Add('ProhibitSendQuota', 'true') $body.Input = $ProhibitSendQuota } elseif ($IssueWarningQuota) { $body.Add('IssueWarningQuota', 'true') $body.input = $IssueWarningQuota } elseif ($ProhibitSendReceiveQuota) { $body.Add('ProhibitSendReceiveQuota', 'true') $body.input = $ProhibitSendReceiveQuota } else { throw 'At least one of the following parameters must be provided: ProhibitSendQuota, IssueWarningQuota, ProhibitSendReceiveQuota' } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Email-Exchange/Set-CIPPMailboxQuota.ps1' 74 #Region './public/Email-Exchange/Set-CIPPOOO.ps1' -1 <# .SYNOPSIS Sets the out of office settings for a user. .DESCRIPTION The Set-CIPPOOO function is used to set the out of office settings for a user in a customer's Exchange environment. It allows you to specify the customer tenant ID, user, auto reply state, external message, internal message, start time, and end time for the out of office settings. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER User The user for whom the out of office settings should be set. .PARAMETER autoreplystate The auto reply state. Valid values are 'Scheduled', 'Disabled', or 'Enabled'. .PARAMETER externalmessage The external message to be sent as an auto reply. .PARAMETER internalmessage The internal message to be sent as an auto reply. .PARAMETER endtime The end time for the out of office settings. This parameter is mandatory when autoreplystate is 'Scheduled'. .PARAMETER starttime The start time for the out of office settings. This parameter is mandatory when autoreplystate is 'Scheduled'. .EXAMPLE Set-CIPPOOO -CustomerTenantID "contoso.onmicrosoft.com" -User "john.doe@contoso.onmicrosoft.com" -autoreplystate "Disabled" Sets the out of office settings for the user "john.doe@contoso.onmicrosoft.com" in the customer's tenant with ID "contoso.onmicrosoft.com". The auto reply state is set to "Disable" .EXAMPLE Set-CIPPOOO -CustomerTenantID "contoso.onmicrosoft.com" -User "john.doe@contoso.onmicrosoft.com" -autoreplystate "Enabled" Sets the out of office settings for the user "john.doe@contoso.onmicrosoft.com" in the customer's tenant with ID "contoso.onmicrosoft.com". The auto reply state is set to "Enabled" .EXAMPLE Set-CIPPOOO -CustomerTenantID "contoso.onmicrosoft.com" -User "john.doe@contoso.onmicrosoft.com" -autoreplystate "Enabled" -externalmessage "I'm currently out of office." -internalmessage "I'm currently out of office." -starttime 2024-06-21 14:00" -endtime "2024-06-21 14:30"" Sets the out of office settings for the user "john.doe@contoso.onmicrosoft.com" in the customer's tenant with ID "@contoso.onmicrosoft.com". The auto reply state is set to "Enabled" and the external and internal messages are set to "I'm currently out of office.". The out of office settings are scheduled to start on "2024-06-21 14:00" and end on "2024-06-21 14:30". #> function Set-CIPPOOO { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$User, [Parameter(Mandatory = $true)] [ValidateSet( 'Scheduled', 'Disabled', 'Enabled' )] [string]$autoreplystate, [Parameter(Mandatory = $false)] [string]$externalmessage, [Parameter(Mandatory = $false)] [string]$internalmessage, [Parameter(Mandatory = $false)] [datetime]$endtime, [Parameter(Mandatory = $false)] [datetime]$starttime ) Write-Verbose "Setting out of office for $User to $autoreplystate" if ($autoreplystate -eq 'Scheduled') { if (-not $PSBoundParameters.ContainsKey('starttime')) { throw "Start time is mandatory when autoreplystate is 'Scheduled'." } if (-not $PSBoundParameters.ContainsKey('endtime')) { throw "End time is mandatory when autoreplystate is 'Scheduled'." } } $endpoint = '/api/execsetooo' $body = @{ TenantFilter = $CustomerTenantID User = $User AutoReplyState = $autoreplystate externalmessage = $externalmessage internalmessage = $internalmessage endtime = $endtime starttime = $starttime input = $Input } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Email-Exchange/Set-CIPPOOO.ps1' 92 #Region './public/Email-Exchange/Set-CIPPQuarantineManagement.ps1' -1 <# .SYNOPSIS Manages quarantine for a specific customer tenant ID. .DESCRIPTION The Set-CIPPQuarantineManagement function is used to manage quarantine for a specific customer tenant ID. It allows you to set various parameters such as the ID, AllowSender, and Type. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the quarantine management is performed. This parameter is mandatory. .PARAMETER ID Specifies the ID of the quarantine management. This parameter is mandatory. .PARAMETER AllowSender Specifies whether to allow the sender. Valid values are 'true' or 'false'. This parameter is optional. .PARAMETER Type Specifies the type of quarantine management. Valid values are 'Deny' or 'Release'. This parameter is mandatory. .EXAMPLE Set-CIPPQuarantineManagement -CustomerTenantID "contoso.onmicrosoft.com" -ID "67890" -AllowSender "true" -Type "Deny" This example sets the quarantine management for the customer tenant ID "contoso.onmicrosoft.com" with the ID "67890". It allows the sender and sets the type to "Deny". #> function Set-CIPPQuarantineManagement { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$AllowSender, [Parameter(Mandatory = $true)] [ValidateSet( 'Deny', 'Release' )] [string]$Type ) Write-Verbose "Managing Quarantine for $CustomerTenantID" $endpoint = '/api/execquarantinemanagement' $params = @{ tenantfilter = $CustomerTenantID id = $ID allowSender = $AllowSender type = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPQuarantineManagement.ps1' 58 #Region './public/Email-Exchange/Set-CIPPSpamFilter.ps1' -1 <# .SYNOPSIS Sets the state of a spam filter for a customer's tenant. .DESCRIPTION The Set-CIPPSpamFilter function is used to edit the state of a spam filter for a customer's tenant. It takes the customer's tenant ID, a unique identifier (optional), the name of the spam filter, and the desired state (Enable or Disable) as parameters. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER Guid A unique identifier for the spam filter. This parameter is optional. .PARAMETER Name The name of the spam filter. .PARAMETER State The desired state of the spam filter. Valid values are "Enable" or "Disable". .EXAMPLE Set-CIPPSpamFilter -CustomerTenantID "contoso.onmicrosoft.com" -Name "SpamFilter1" -State "Enable" Sets the state of the spam filter named "SpamFilter1" to "Enable" for the customer's tenant with ID "contoso.onmicrosoft.com". .EXAMPLE Set-CIPPSpamFilter -CustomerTenantID "contoso.onmicrosoft.com" -Guid "abcdefg" -Name "SpamFilter2" -State "Disable" Sets the state of the spam filter named "SpamFilter2" to "Disable" for the customer's tenant with ID "contoso.onmicrosoft.com" using the unique identifier "abcdefg". #> function Set-CIPPSpamFilter { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [guid]$Guid, [Parameter(Mandatory = $true)] [string]$Name, [Parameter(Mandatory = $true)] [ValidateSet('Enable', 'Disable')] [string]$State ) Write-Verbose 'Editing Spam Filter' $endpoint = '/api/editspamfilter' $params = @{ tenantfilter = $CustomerTenantID guid = $Guid name = $Name state = $State } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPSpamFilter.ps1' 54 #Region './public/Email-Exchange/Set-CIPPTransportRule.ps1' -1 <# .SYNOPSIS Sets the state of a transport rule for a specific customer tenant. .DESCRIPTION The Set-CIPPTransportRule function is used to set the state of a transport rule for a specific customer tenant in the CIPP API. .PARAMETER CustomerTenantID The ID of the customer tenant for which the transport rule needs to be edited. .PARAMETER State The state to set for the transport rule. Valid values are "Enable" and "Disable". .PARAMETER Guid The GUID of the transport rule to be edited. .EXAMPLE Set-CIPPTransportRule -CustomerTenantID "contoso.onmicrosoft.com" -State "Enable" -Guid "abcdefg" Sets the state of the transport rule with the GUID "abcdefg" to "Enable" for the customer tenant with ID "contoso.onmicrosoft.com". .EXAMPLE Set-CIPPTransportRule -CustomerTenantID "contoso.onmicrosoft.com" -State "Disable" -Guid "hijklmn" Sets the state of the transport rule with the GUID "hijklmn" to "Disable" for the customer tenant with ID "contoso.onmicrosoft.com". #> function Set-CIPPTransportRule { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory)] [ValidateSet('Enable', 'Disable')] [string]$State, [Parameter(Mandatory = $true)] [guid]$Guid ) Write-Verbose "Editing transport rule for tenant $CustomerTenantID" $endpoint = '/api/edittransportrule' $params = @{ TenantFilter = $CustomerTenantID state = $State GUID = $Guid } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email-Exchange/Set-CIPPTransportRule.ps1' 49 #Region './public/Endpoint/Applications/Get-CIPPApps.ps1' -1 <# .SYNOPSIS Retrieves a list of apps for a specific customer tenant ID. .DESCRIPTION The Get-CIPPApps function retrieves a list of apps for a specific customer tenant ID by making a REST API call to the "/api/listapps" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the apps. .EXAMPLE Get-CIPPApps -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves a list of apps for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPApps { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Apps for $CustomerTenantID" $Endpoint = '/api/listapps' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Endpoint/Applications/Get-CIPPApps.ps1' 32 #Region './public/Endpoint/Autopilot/Get-CIPPAPDevices.ps1' -1 <# .SYNOPSIS Retrieves AutoPilot devices for a specific customer tenant. .DESCRIPTION The Get-CIPPAPDevices function retrieves AutoPilot devices for a specific customer tenant by making a REST API call to the "/api/listapdevices" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve AutoPilot devices. .EXAMPLE Get-CIPPAPDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves AutoPilot devices for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAPDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting AutoPilot Devices for $CustomerTenantID" $Endpoint = '/api/listapdevices' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Endpoint/Autopilot/Get-CIPPAPDevices.ps1' 32 #Region './public/Endpoint/Autopilot/Get-CIPPAutoPilotConfig.ps1' -1 <# .SYNOPSIS Retrieves AutoPilot configuration information for a specified customer tenant ID and type. .DESCRIPTION The Get-CIPPAutoPilotConfig function retrieves AutoPilot configuration information for a specified customer tenant ID and type. It makes a REST API call to retrieve the configuration data. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the AutoPilot configuration. .PARAMETER Type Specifies the type of AutoPilot configuration to retrieve. Valid values are "ESP" and "ApProfile". .EXAMPLE Get-CIPPAutoPilotConfig -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Type "ESP" Retrieves the AutoPilot Status Page for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAutoPilotConfig -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Type "ApProfile" Retrieves the AutoPilot Profile for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAutoPilotConfig { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Type ) if ($Type -eq 'ESP') { Write-Verbose "Getting AutoPilot Status Page for $CustomerTenantID" } elseif ($Type -eq 'ApProfile') { Write-Verbose "Getting AutoPilot Profile for customer: $CustomerTenantID" } $Endpoint = '/api/listautopilotconfig' $Params = @{ tenantfilter = $CustomerTenantID type = $Type } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Endpoint/Autopilot/Get-CIPPAutoPilotConfig.ps1' 47 #Region './public/Endpoint/MEM/Set-CIPPMEMPolicy.ps1' -1 <# .SYNOPSIS Sets the CIPP MEM policy for a customer. .DESCRIPTION The Set-CIPPMEMPolicy function is used to set the CIPP (Customer Identity and Protection Platform) MEM (Mobile Endpoint Management) policy for a customer. It allows you to specify the customer tenant ID, policy ID, display name, description, and assignment type. .PARAMETER CustomerTenantID The unique identifier of the customer tenant. .PARAMETER ID The unique identifier of the policy. .PARAMETER DisplayName The display name of the policy. .PARAMETER Description The description of the policy. .PARAMETER AssignTo The assignment type for the policy. Valid values are "allLicensedUsers", "AllDevices", and "AllDevicesAndUsers". .EXAMPLE Set-CIPPMEMPolicy -CustomerTenantID "12345678-1234-1234-1234-1234567890ab" -ID "Policy001" -DisplayName "Policy 1" -Description "This is policy 1" -AssignTo "AllDevices" This example sets the CIPP MEM policy for a customer with the specified parameters. #> function Set-CIPPMEMPolicy { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ID, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$Description, [ValidateSet('allLicensedUsers', 'AllDevices', 'AllDevicesAndUsers')] [string]$AssignTo ) Write-Verbose "Getting app consent requests for customer: $CustomerTenantID" $Endpoint = '/api/editpolicy' $body = @{ Tenant = $CustomerTenantID ID = $ID displayname = $DisplayName description = $Description } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method 'POST' } #EndRegion './public/Endpoint/MEM/Set-CIPPMEMPolicy.ps1' 57 #Region './public/Endpoint/Reports/Get-CIPPDevices.ps1' -1 <# .SYNOPSIS Retrieves a list of devices for a specific customer. .DESCRIPTION The Get-CIPPDevices function retrieves a list of devices associated with a specific customer in the CIPP system. .PARAMETER CustomerTenantID The unique identifier of the customer's tenant. .EXAMPLE Get-CIPPDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves a list of devices for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .INPUTS None. .OUTPUTS System.Object. .NOTES Author: [Your Name] Date: [Current Date] #> function Get-CIPPDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Devices for customer: $CustomerTenantID" $endpoint = '/api/listdevices' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/Reports/Get-CIPPDevices.ps1' 40 #Region './public/Identity/Administration/Get-CIPPRoles.ps1' -1 <# .SYNOPSIS Retrieves the roles for a specific customer tenant ID. .DESCRIPTION The Get-CIPPRoles function retrieves the roles associated with a specific customer tenant ID by making a REST API call to the "/api/listroles" endpoint. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve the roles. .EXAMPLE Get-CIPPRoles -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the roles for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPRoles { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting roles for $CustomerTenantID" $endpoint = '/api/listroles' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Get-CIPPRoles.ps1' 30 #Region './public/Identity/Administration/Groups/Get-CIPPGroups.ps1' -1 <# .SYNOPSIS Retrieves information about CIPP groups. .DESCRIPTION The Get-CIPPGroups function retrieves information about CIPP groups based on the provided parameters. It can retrieve all groups for a specific tenant, group details for a specific group, group members for a specific group, or group owners for a specific group. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the groups. .PARAMETER GroupID Specifies the ID of the group for which to retrieve the information. If not provided, all groups for the specified tenant will be retrieved. .PARAMETER Members Switch parameter. If specified, retrieves the members of the specified group. .PARAMETER Owners Switch parameter. If specified, retrieves the owners of the specified group. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves all groups for the specified customer tenant. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "abcdefg" Retrieves the details of the specified group. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "abcdefg" -Members Retrieves the members of the specified group. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "abcdefg" -Owners Retrieves the owners of the specified group. #> function Get-CIPPGroups { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [GUID]$GroupID, [Parameter(Mandatory = $false)] [switch]$Members, [Parameter(Mandatory = $false)] [switch]$Owners ) $switchCount = 0 if ($Members) { $switchCount++ } if ($Owners) { $switchCount++ } if ($switchCount -gt 1) { Write-Error 'Only one role switch can be specified at a time.' return } if (-not $GroupID) { Write-Verbose "Getting all Groups for tenant $CustomerTenantID" } elseif ($GroupID -and -not $Members -and -not $Owners) { Write-Verbose "Getting Group Details for Group $GroupID" } elseif ($GroupID -and $Members -and -not $Owners) { Write-Verbose "Getting Group Members for Group $GroupID" } elseif ($GroupID -and -not $Members -and $Owners) { Write-Verbose "Getting Group Owners for Group $GroupID" } $endpoint = '/api/listgroups' $params = @{ tenantfilter = $CustomerTenantID groupid = $GroupID } if ($Members) { $params.members = 'true' } if ($Owners) { $params.owners = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Get-CIPPGroups.ps1' 84 #Region './public/Identity/Administration/Groups/Get-CIPPGroupTemplates.ps1' -1 <# .SYNOPSIS Retrieves group templates from the CIPP API. .DESCRIPTION The Get-CIPPGroupTemplates function retrieves group templates from the CIPP API. It can retrieve all group templates or a specific template based on the provided TemplateID. .PARAMETER TemplateID Specifies the ID of the group template to retrieve. If not provided, all group templates will be retrieved. .EXAMPLE Get-CIPPGroupTemplates -TemplateID "12345" Retrieves the group template with the ID "12345" from the CIPP API. .EXAMPLE Get-CIPPGroupTemplates Retrieves all group templates from the CIPP API. #> function Get-CIPPGroupTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$TemplateID ) if ($TemplateID) { Write-Verbose "Getting Group Template $TemplateID" } else { Write-Verbose 'Getting all Group Templates' } $endpoint = '/api/ListGroupTemplates' $params = @{ id = $TemplateID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Get-CIPPGroupTemplates.ps1' 41 #Region './public/Identity/Administration/Groups/Remove-CIPPGroup.ps1' -1 <# .SYNOPSIS Removes a CIPP group. .DESCRIPTION The Remove-CIPPGroup function is used to remove a CIPP group from the specified customer tenant. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER GroupID The ID of the group to be removed. .PARAMETER Grouptype The type of the group. .PARAMETER DisplayName The display name of the group. .EXAMPLE Remove-CIPPGroup -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "98765432-1234-5678-9012-34567890ABCD" -Grouptype "Security" -DisplayName "Admins" This example removes a group with the specified ID, type, and display name from the customer tenant with the specified ID. #> function Remove-CIPPGroup { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$GroupID, [Parameter(Mandatory = $true)] [string]$Grouptype, [Parameter(Mandatory = $true)] [string]$DisplayName ) Write-Verbose "Removing group: $GroupID" $endpoint = '/api/execgroupsdelete' $params = @{ tenantfilter = $CustomerTenantID id = $GroupID grouptype = $Grouptype displayname = $DisplayName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Remove-CIPPGroup.ps1' 50 #Region './public/Identity/Administration/Groups/Set-CIPPGroupDeliveryManagement.ps1' -1 <# .SYNOPSIS Sets the delivery management settings for a group. .DESCRIPTION The Set-CIPPGroupDeliveryManagement function is used to set the delivery management settings for a group in the CIPP project. It allows you to specify the customer tenant ID, group ID, group type, and whether to only allow internal delivery. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER GroupID The ID of the group. .PARAMETER GroupType The type of the group. Valid values are 'Distribution List', 'Mail-Enabled Security', and 'Microsoft 365'. .PARAMETER OnlyAllowInternal Specifies whether to only allow internal delivery. Valid values are 'true' and 'false'. .EXAMPLE Set-CIPPGroupDeliveryManagement -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "67890" -GroupType "Distribution List" -OnlyAllowInternal "true" Sets the delivery management settings for the group with the specified customer tenant ID, group ID, group type, and only allow internal delivery. #> function Set-CIPPGroupDeliveryManagement { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$GroupID, [Parameter(Mandatory = $true)] [validateset( 'Distribution List', 'Mail-Enabled Security', 'Microsoft 365' )] [string]$Grouptype, [Parameter(Mandatory = $true)] [validateset( 'true', 'false' )] [string]$onlyallowinternal ) Write-Verbose "Setting delivery management for group: $GroupID" $endpoint = '/api/execgroupsdeliverymanagement' $params = @{ tenantfilter = $CustomerTenantID id = $GroupID grouptype = $Grouptype onlyallowinternal = $onlyallowinternal } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Set-CIPPGroupDeliveryManagement.ps1' 60 #Region './public/Identity/Administration/Groups/Set-CIPPGroupHideFromGAL.ps1' -1 <# .SYNOPSIS Sets the "hide from GAL" property for a specified group. .DESCRIPTION The Set-CIPPGroupHideFromGAL function is used to set the "hide from GAL" property for a specified group in the CIPP (Cloud Identity and Privacy Protection) system. This function requires the customer tenant ID, group ID, group type, and the hide from GAL value as input parameters. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. This parameter is mandatory. .PARAMETER GroupID Specifies the ID of the group. This parameter is mandatory. .PARAMETER GroupType Specifies the type of the group. Valid values are 'Distribution List', 'Mail-Enabled Security', 'Microsoft 365', and 'Security'. This parameter is mandatory. .PARAMETER HideFromGAL Specifies whether the group should be hidden from the Global Address List (GAL). Valid values are 'true' and 'false'. This parameter is mandatory. .EXAMPLE Set-CIPPGroupHideFromGAL -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -GroupID "98765432-4321-4321-4321-0987654321BA" -GroupType "Distribution List" -HideFromGAL "true" Sets the "hide from GAL" property to true for the specified distribution list group. .EXAMPLE Set-CIPPGroupHideFromGAL -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -GroupID "98765432-4321-4321-4321-0987654321BA" -GroupType "Security" -HideFromGAL "false" Sets the "hide from GAL" property to false for the specified security group. #> function Set-CIPPGroupHideFromGAL { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$GroupID, [Parameter(Mandatory = $true)] [validateset( 'Distribution List', 'Mail-Enabled Security', 'Microsoft 365', 'Security' )] [string]$Grouptype, [Parameter(Mandatory = $true)] [validateset( 'true', 'false' )] [string]$hidefromgal ) Write-Verbose "Setting hide from GAL to $hidefromgal for $GroupID" $endpoint = '/api/execgroupshidefromgal' $params = @{ tenantfilter = $CustomerTenantID id = $GroupID grouptype = $Grouptype hidefromgal = $hidefromgal } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Set-CIPPGroupHideFromGAL.ps1' 64 #Region './public/Identity/Administration/Users/Add-CIPPUser.ps1' -1 <# .SYNOPSIS Adds a user to the specified customer tenant. .DESCRIPTION The Add-CIPPUser function adds a user to the specified customer tenant in the CIPP system. It sends a request to the "/api/adduser" endpoint with the provided user details. .PARAMETER CustomerTenantID The ID of the customer tenant to which the user will be added. .PARAMETER DisplayName The display name of the user. .PARAMETER UserName The username of the user. .PARAMETER AutoPassword Specifies whether to automatically generate a password for the user. Default value is $true. .PARAMETER FirstName The first name of the user. .PARAMETER LastName The last name of the user. .PARAMETER Domain The domain of the user. .PARAMETER AddedAliases Additional aliases for the user. .PARAMETER CopyFrom Specifies the user to copy settings from. .PARAMETER UsageLocation The usage location of the user. .PARAMETER Department The department of the user. .PARAMETER City The city of the user. .PARAMETER Country The country of the user. .PARAMETER Jobtitle The job title of the user. .PARAMETER MobilePhone The mobile phone number of the user. .PARAMETER BusinessPhone The business phone number of the user. .PARAMETER StreetAddress The street address of the user. .PARAMETER PostalCode The postal code of the user. .PARAMETER CompanyName The company name of the user. .PARAMETER Manager The manager of the user. Either the UserPrincipalName(UPN) or the ID of the manager. .PARAMETER ScheduledFor Specifies the date and time when the user should be added. If not specified, the user will be added immediately. Input should be a valid datetime object. Will be converted to Unix time. .PARAMETER SendResultsToEmail Specifies whether to send the results of the scheduled task to the email address specified in the notification settings of your CIPP instance. .PARAMETER SendResultsToPSA Specifies whether to send the results of the scheduled task to the PSA system specified in the notification settings of your CIPP instance. .PARAMETER SendResultsToWebhook Specifies whether to send the results of the scheduled task to the webhook specified in the notification settings of your CIPP instance. .PARAMETER MustChangePass Specifies whether the user must change their password on first login. Default value is $true. .EXAMPLE Add-CIPPUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -DisplayName "John Doe" -UserName "johndoe" -FirstName "John" -LastName "Doe" -Domain "example.com" -UsageLocation "US" Adds a user with the specified details to the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". The user's display name is "John Doe", username is "johndoe", first name is "John", last name is "Doe", domain is "example.com", and usage location is "US". .EXAMPLE Add-CIPPUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -DisplayName "Jane Smith" -UserName "janesmith" -FirstName "Jane" -LastName "Smith" -Domain "example.com" -UsageLocation "US" -Manager "managerPerson@example.com" -ScheduledFor ((Get-Date).AddDays(1)) -SendResultsToEmail Adds a user with the specified details to the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". The user's display name is "Jane Smith", username is "janesmith", first name is "Jane", last name is "Smith", domain is "example.com", and usage location is "US". The user's manager is "managerPerson@example.com". The user will be added one day from the current date. The results of the scheduled task will be sent to the email address specified in the notification settings of your CIPP instance. #> function Add-CIPPUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$UserName, [Parameter(Mandatory = $false)] [bool]$AutoPassword = $true, [Parameter(Mandatory = $true)] [string]$FirstName, [Parameter(Mandatory = $true)] [string]$LastName, [Parameter(Mandatory = $true)] [string]$Domain, [Parameter(Mandatory = $false)] [string]$AddedAliases, [Parameter(Mandatory = $false)] [string]$CopyFrom, [Parameter(Mandatory = $true)] [string]$UsageLocation, [Parameter(Mandatory = $false)] [string]$Department, [Parameter(Mandatory = $false)] [string]$City, [Parameter(Mandatory = $false)] [string]$Country, [Parameter(Mandatory = $false)] [string]$Jobtitle, [Parameter(Mandatory = $false)] [string]$MobilePhone, [Parameter(Mandatory = $false)] [string]$BusinessPhone, [Parameter(Mandatory = $false)] [string]$StreetAddress, [Parameter(Mandatory = $false)] [string]$PostalCode, [Parameter(Mandatory = $false)] [string]$CompanyName, [Parameter(Mandatory = $false)] [string]$Manager, [Parameter(Mandatory = $false)] [bool]$MustChangePass = $true, [Parameter(Mandatory = $false)] [datetime]$ScheduledFor, [switch]$SendResultsToEmail, [switch]$SendResultsToPSA, [switch]$SendResultsToWebhook ) Write-Verbose "Adding User to $CustomerTenantID" $endpoint = '/api/adduser' $body = @{ tenantID = $CustomerTenantID DisplayName = $DisplayName UserName = $UserName AutoPassword = $AutoPassword FirstName = $FirstName LastName = $LastName Domain = $Domain AddedAliases = $AddedAliases CopyFrom = $CopyFrom Usagelocation = $UsageLocation MustChangePass = $MustChangePass } $optionalParams = @{ Country = $Country PostalCode = $PostalCode CompanyName = $CompanyName streetAddress = $StreetAddress MobilePhone = $MobilePhone BusinessPhone = $BusinessPhone Jobtitle = $Jobtitle Department = $Department City = $City setManager = @{ value = $Manager } Scheduled = @{ enabled = $ScheduledFor -ne $null date = if ($ScheduledFor) { ([System.DateTimeOffset]$ScheduledFor).ToUnixTimeSeconds() } else { $null } } PostExecution = @{ webhook = if ($SendResultsToWebhook.IsPresent) { $true } else { $null } psa = if ($SendResultsToPSA.IsPresent) { $true } else { $null } email = if ($SendResultsToEmail.IsPresent) { $true } else { $null } } } # Add optional parameters to the body if they are not null foreach ($key in $optionalParams.Keys) { if ($optionalParams[$key]) { $body[$key] = $optionalParams[$key] } } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Identity/Administration/Users/Add-CIPPUser.ps1' 201 #Region './public/Identity/Administration/Users/Get-CIPPBECCheck.ps1' -1 <# .SYNOPSIS Performs a BEC (Business Email Compromise) check for a user. .DESCRIPTION The Get-CIPPBECCheck function performs a BEC check for a user by making a REST API call to the specified endpoint. It waits for the check to complete and returns the response. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER UserID The ID of the user. .PARAMETER UserName The name of the user. .EXAMPLE Get-CIPPBECCheck -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -UserName "JohnDoe" This example performs a BEC check for the user with the specified CustomerTenantID, UserID, and UserName. #> function Get-CIPPBECCheck { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [string]$UserName ) Write-Verbose "Running BEC Check for $Username" $endpoint = '/api/execbeccheck' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID username = $UserName } $initialResponse = Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params $GUID = $initialResponse.guid Write-Verbose "Initial check complete. GUID returned: $GUID" $params.guid = $GUID do { Start-Sleep -Seconds 10 $response = Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params if ($response.waiting -eq 'True') { Write-Verbose 'BEC Check Still Running.' } else { Write-Verbose 'BEC Check complete' return $response } } while ($response.waiting -eq 'True') } #EndRegion './public/Identity/Administration/Users/Get-CIPPBECCheck.ps1' 62 #Region './public/Identity/Administration/Users/Get-CIPPDeletedItems.ps1' -1 <# .SYNOPSIS Retrieves the deleted items for a specific customer tenant. .DESCRIPTION The Get-CIPPDeletedItems function retrieves the deleted items for a specific customer tenant by making a REST API call to the "/api/listdeleteditems" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the deleted items. .EXAMPLE Get-CIPPDeletedItems -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the deleted items for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDeletedItems { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting deleted items for $CustomerTenantID" $endpoint = '/api/listdeleteditems' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPDeletedItems.ps1' 33 #Region './public/Identity/Administration/Users/Get-CIPPPerUserMFA.ps1' -1 <# .SYNOPSIS Retrieves the per-user Multi-Factor Authentication (MFA) status for a specified user or all users in a given customer tenant. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the per-user MFA status. This parameter is mandatory. .PARAMETER UserId The ID of the user for whom to retrieve the per-user MFA status. This parameter is optional and is ignored if the AllUsers switch is specified. Can be either the user's email address or the user's ID. .PARAMETER AllUsers A switch parameter that, when specified, retrieves the per-user MFA status for all users in the specified customer tenant. If this switch is specified, the UserId parameter is ignored. .EXAMPLE Get-CIPPPerUserMFA -CustomerTenantID "12345" -UserId "user@example.com" Retrieves the per-user MFA status for the user with ID "user@example.com" in the customer tenant with ID "12345". .EXAMPLE Get-CIPPPerUserMFA -CustomerTenantID "12345" -AllUsers Retrieves the per-user MFA status for all users in the customer tenant with ID "12345". .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to make a GET request to the '/api/ListPerUserMFA' endpoint with the specified parameters. #> function Get-CIPPPerUserMFA { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$UserId, [Parameter(Mandatory = $false)] [switch]$AllUsers ) if ($AllUsers.IsPresent -eq $true) { Write-Verbose "Getting Per user MFA for all users in $CustomerTenantID" } else { Write-Verbose "Getting Per user MFA for $UserId in $CustomerTenantID" } $endpoint = '/api/ListPerUserMFA' $params = @{ TenantFilter = $CustomerTenantID userId = $UserId allUsers = $AllUsers.IsPresent } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Identity/Administration/Users/Get-CIPPPerUserMFA.ps1' 51 #Region './public/Identity/Administration/Users/Get-CIPPUniversalSearch.ps1' -1 <# .SYNOPSIS Performs a universal search for a specified name. .DESCRIPTION The Get-CIPPUniversalSearch function performs a universal search for a specified name by making a REST API call to the /api/execuniversalsearch endpoint. .PARAMETER Name The name to search for. .EXAMPLE Get-CIPPUniversalSearch -Name "John Doe" Searches for the name "John Doe" using the universal search functionality. #> function Get-CIPPUniversalSearch { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$Name ) Write-Verbose "Searching for $Name" $endpoint = '/api/execuniversalsearch' $params = @{ name = $Name } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUniversalSearch.ps1' 32 #Region './public/Identity/Administration/Users/Get-CIPPUserCAPolicies.ps1' -1 <# .SYNOPSIS Retrieves the Conditional Access (CA) policies for a specific user in a customer's tenant. .DESCRIPTION The Get-CIPPUserCAPolicies function retrieves the Conditional Access (CA) policies for a specific user in a customer's tenant. It makes use of the Invoke-CIPPRestMethod function to send a request to the API endpoint "/api/listuserconditionalaccesspolicies" and returns the response. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER UserID The ID of the user for whom the CA policies are to be retrieved. .EXAMPLE Get-CIPPUserCAPolicies -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user1@dom.com" This example retrieves the CA policies for the user with the ID "user1@domain.com" in the customer's tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserCAPolicies { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user CA Policies $CustomerTenantID" $endpoint = '/api/listuserconditionalaccesspolicies' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserCAPolicies.ps1' 38 #Region './public/Identity/Administration/Users/Get-CIPPUserCounts.ps1' -1 <# .SYNOPSIS Retrieves user counts for a specific customer tenant ID. .DESCRIPTION The Get-CIPPUserCounts function retrieves user counts for a specific customer tenant ID by making a REST API call to the "/api/listusercounts" endpoint. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve user counts. .EXAMPLE Get-CIPPUserCounts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves user counts for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserCounts { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting User Counts for $CustomerTenantID" $endpoint = '/api/listusercounts' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserCounts.ps1' 31 #Region './public/Identity/Administration/Users/Get-CIPPUserDevices.ps1' -1 <# .SYNOPSIS Retrieves the devices associated with a specific user. .DESCRIPTION The Get-CIPPUserDevices function retrieves the devices associated with a specific user in the CIPP system. It makes a REST API call to the "/api/listuserdevices" endpoint, passing the customer tenant ID and user ID as parameters. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPUserDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user1@domain.com" Retrieves the devices associated with the user "user1@domain.com" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user devices for $userID" $endpoint = '/api/listuserdevices' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserDevices.ps1' 38 #Region './public/Identity/Administration/Users/Get-CIPPUserGroups.ps1' -1 <# .SYNOPSIS Retrieves the groups that a user belongs to. .DESCRIPTION The Get-CIPPUserGroups function retrieves the groups that a user belongs to based on the provided CustomerTenantID and UserID. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPUserGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user@domain.com" Retrieves the groups that the user with the ID "user@domain.com" belongs to in the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserGroups { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user groups for $userID" $endpoint = '/api/listusergroups' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserGroups.ps1' 38 #Region './public/Identity/Administration/Users/Get-CIPPUserPhoto.ps1' -1 <# .SYNOPSIS Retrieves the photo of a user from the CIPP API. .DESCRIPTION The Get-CIPPUserPhoto function is used to retrieve the photo of a user from the CIPP API. It sends a request to the API endpoint "/api/listuserphoto" with the specified customer tenant ID and user ID. .PARAMETER CustomerTenantID The customer tenant ID associated with the user. .PARAMETER UserID The ID of the user whose photo needs to be retrieved. .EXAMPLE Get-CIPPUserPhoto -CustomerTenantID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -UserID "user@domain.com" This example retrieves the photo of the user with the ID "user@domain.com" from the customer tenant with the ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". #> function Get-CIPPUserPhoto { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user photo for $userID" $endpoint = '/api/listuserphoto' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserPhoto.ps1' 39 #Region './public/Identity/Administration/Users/Get-CIPPUsers.ps1' -1 <# .SYNOPSIS Retrieves user information from the CIPP API. .DESCRIPTION The Get-CIPPUsers function is used to retrieve user information from the CIPP API. It can retrieve all users for a specific tenant or retrieve details for a specific user. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve user information. This parameter is mandatory. .PARAMETER UserID Specifies the ID of the user for which to retrieve details. This parameter is optional. .EXAMPLE Get-CIPPUsers -CustomerTenantID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" Retrieves all users for the tenant with ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". .EXAMPLE Get-CIPPUsers -CustomerTenantID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -UserID "user@domain.com" Retrieves details for the user with ID "user@domain.com" in the tenant with ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". #> function Get-CIPPUsers { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$UserID ) if (-not $UserID) { Write-Verbose "Getting all users for tenant $CustomerTenantID" } else { Write-Verbose "Getting user details for user $UserID" } $endpoint = '/api/Listusers' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUsers.ps1' 43 #Region './public/Identity/Administration/Users/Get-CIPPUserSignIns.ps1' -1 <# .SYNOPSIS Retrieves sign-in logs for a specific user in the CIPP system. .DESCRIPTION The Get-CIPPUserSignIns function retrieves the sign-in logs for a specific user in the CIPP system. It requires the customer tenant ID and the user ID as mandatory parameters. .PARAMETER CustomerTenantID The customer tenant ID associated with the user. .PARAMETER UserID The unique identifier of the user. .EXAMPLE Get-CIPPUserSignIns -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" This example retrieves the sign-in logs for the user with the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and the user ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". #> function Get-CIPPUserSignIns { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$UserID ) Write-Verbose "Getting sign-in logs for User $userID" $endpoint = '/api/listusersigninlogs' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserSignIns.ps1' 38 #Region './public/Identity/Administration/Users/New-CIPPUserOffboarding.ps1' -1 <# .SYNOPSIS Offboards a user from a specified customer tenant. .DESCRIPTION The New-CIPPUserOffboarding function automates the offboarding process for a user in a specified customer tenant. It provides various options to customize the offboarding process, including forwarding emails, converting the mailbox to a shared mailbox, disabling sign-in, removing licenses, and more. It is also possible to schedule the offboarding for a later date. .PARAMETER CustomerTenantID The ID of the customer tenant from which the user is being offboarded. This parameter is mandatory. .PARAMETER User The username of the user being offboarded. UserPrincipalName(UPN) should be used. This parameter is mandatory. .PARAMETER OutOfOffice Sets an out-of-office message for the user. This parameter is optional. .PARAMETER ForwardTo Forwards the user's emails to another address. This parameter is optional. .PARAMETER ForwardKeepCopyInMailbox Keeps a copy of forwarded emails in the user's mailbox. This parameter is optional. .PARAMETER OnedriveAccessTo Grants access to the user's OneDrive to another user. UserPrincipalName(UPN) should be used. This parameter is optional. .PARAMETER MailboxAccessNoAutomap Grants access to the user's mailbox without automapping. UserPrincipalName(UPN) should be used. This parameter is optional. .PARAMETER MailboxAccessAutomap Grants access to the user's mailbox with automapping. UserPrincipalName(UPN) should be used. This parameter is optional. .PARAMETER ConvertToSharedMailbox Converts the user's mailbox to a shared mailbox. This parameter is optional. .PARAMETER HideFromGAL Hides the user from the Global Address List (GAL). This parameter is optional. .PARAMETER DisableSignIn Disables sign-in for the user. This parameter is optional. .PARAMETER DeleteUser Deletes the user account. This parameter is optional. .PARAMETER RemoveFromAllGroups Removes the user from all groups. This parameter is optional. .PARAMETER CancelAllCalendarInvites Cancels all calendar invites for the user. This parameter is optional. .PARAMETER RemoveAllLicenses Removes all licenses assigned to the user. This parameter is optional. .PARAMETER ResetPassword Resets the user's password. This parameter is optional. .PARAMETER RevokeAllSessions Revokes all active sessions for the user. This parameter is optional. .PARAMETER RemoveAllMailboxRules Removes all mailbox rules for the user. This parameter is optional. .PARAMETER RemoveAllMobileDevices Removes all mobile devices associated with the user. This parameter is optional. .PARAMETER RemoveAllMailboxPermissions Removes all mailbox permissions for the user. This parameter is optional. .PARAMETER ScheduledFor Specifies the date and time when the user should be added. If not specified, the user will be offboarded immediately. Input should be a valid datetime object. Will be converted to Unix time. This parameter is optional. .PARAMETER SendResultsToEmail Specifies whether to send the results of the scheduled task to the email address specified in the notification settings of your CIPP instance. This parameter is optional. .PARAMETER SendResultsToPSA Specifies whether to send the results of the scheduled task to the PSA system specified in the notification settings of your CIPP instance. This parameter is optional. .PARAMETER SendResultsToWebhook Specifies whether to send the results of the scheduled task to the webhook specified in the notification settings of your CIPP instance. This parameter is optional. .EXAMPLE New-CIPPUserOffboarding -CustomerTenantID "8ad00f9e-1953-47d1-897b-8fec4138cde7" -User "jdoe@domain.com" -DisableSignIn -RemoveAllLicenses -ConvertToSharedMailbox This example immediately offboards the user "jdoe@domain.com" from the customer tenant with ID "8ad00f9e-1953-47d1-897b-8fec4138cde7", disables sign-in, removes all licenses, and converts the user's mailbox to a shared mailbox. .EXAMPLE New-CIPPUserOffboarding -CustomerTenantID "8ad00f9e-1953-47d1-897b-8fec4138cde7" -User "jane.doe@domain.com" -DeleteUser -ScheduledFor ((Get-Date).AddDays(7)) -SendResultsToEmail This example schedules the offboarding of the user "jane.doe@domain.com" from the customer tenant with ID "8ad00f9e-1953-47d1-897b-8fec4138cde7" for 7 days from the current date. The results of the scheduled task will be sent to the email address specified in the notification settings of your CIPP instance. #> function New-CIPPUserOffboarding { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$User, [Parameter(Mandatory = $false)] [string]$OutOfOffice, [Parameter(Mandatory = $false)] [string]$ForwardTo, [switch]$ForwardKeepCopyInMailbox, [Parameter(Mandatory = $false)] [string]$OnedriveAccessTo, [Parameter(Mandatory = $false)] [string]$MailboxAccessNoAutomap, [Parameter(Mandatory = $false)] [string]$MailboxAccessAutomap, [switch]$ConvertToSharedMailbox, [switch]$HideFromGAL, [switch]$DisableSignIn, [switch]$DeleteUser, [switch]$RemoveFromAllGroups, [switch]$CancelAllCalendarInvites, [switch]$RemoveAllLicenses, [switch]$ResetPassword, [switch]$RevokeAllSessions, [switch]$RemoveAllMailboxRules, [switch]$RemoveAllMobileDevices, [switch]$RemoveAllMailboxPermissions, [datetime]$ScheduledFor, [switch]$SendResultsToEmail, [switch]$SendResultsToPSA, [switch]$SendResultsToWebhook ) Write-Verbose "Offboarding user $User from $CustomerTenantID" $endpoint = '/api/ExecOffboardUser' $body = @{ TenantFilter = $CustomerTenantID user = @{ value = $User } } $optionalParams = @{ OOO = $OutOfOffice forward = $ForwardTo keepCopy = $ForwardKeepCopyInMailbox.IsPresent ? $true : $null OnedriveAccess = @{ value = $OnedriveAccessTo } AccessNoAutomap = @{ value = $MailboxAccessNoAutomap } AccessAutomap = @{ value = $MailboxAccessAutomap } ConvertToShared = $ConvertToSharedMailbox.IsPresent ? $true : $null HideFromGAL = $HideFromGAL.IsPresent ? $true : $null DisableSignIn = $DisableSignIn.IsPresent ? $true : $null RemoveGroups = $RemoveFromAllGroups.IsPresent ? $true : $null removeCalendarInvites = $CancelAllCalendarInvites.IsPresent ? $true : $null RemoveLicenses = $RemoveAllLicenses.IsPresent ? $true : $null ResetPass = $ResetPassword.IsPresent ? $true : $null RevokeSessions = $RevokeAllSessions.IsPresent ? $true : $null deleteuser = $DeleteUser.IsPresent ? $true : $null removeRules = $RemoveAllMailboxRules.IsPresent ? $true : $null removeMobile = $RemoveAllMobileDevices.IsPresent ? $true : $null removePermissions = $RemoveAllMailboxPermissions.IsPresent ? $true : $null Scheduled = @{ enabled = $ScheduledFor -ne $null date = if ($ScheduledFor) { ([System.DateTimeOffset]$ScheduledFor).ToUnixTimeSeconds() } else { $null } } PostExecution = @{ webhook = $SendResultsToWebhook.IsPresent ? $true : $null psa = $SendResultsToPSA.IsPresent ? $true : $null email = $SendResultsToEmail.IsPresent ? $true : $null } } # Add optional parameters to the body if they are not null foreach ($key in $optionalParams.Keys) { if ($optionalParams[$key]) { $body[$key] = $optionalParams[$key] } } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Identity/Administration/Users/New-CIPPUserOffboarding.ps1' 185 #Region './public/Identity/Administration/Users/Remove-CIPPUser.ps1' -1 <# .SYNOPSIS Removes a user from a specified tenant. .DESCRIPTION The Remove-CIPPUser function deletes a user identified by their UserID from a specified tenant identified by the CustomerTenantID. It sends a request to the '/api/RemoveUser' endpoint to perform the deletion. .PARAMETER CustomerTenantID The ID of the tenant from which the user will be removed. This parameter is mandatory. .PARAMETER User The unique identifier (GUID) or UserPrincipalName(UPN) of the user to be removed. This parameter is mandatory. .EXAMPLE Remove-CIPPUser -CustomerTenantID "tenant123.domain.com" -UserID "e7402930-efc9-4ba8-a959-ae7fc6c15021" This command removes the user with the specified UserID from the tenant with the specified CustomerTenantID. .EXAMPLE Remove-CIPPUser -CustomerTenantID "3939eb14-06b3-4287-aea7-defe129c6741" -UserID "user@domaion.com" This command removes the user with the specified UserID from the tenant with the specified CustomerTenantID. .NOTES The function uses the Invoke-CIPPRestMethod cmdlet to send the request to the API endpoint. There is a note indicating that the original code uses a GET request, but it might be more appropriate to use a DELETE request. #> function Remove-CIPPUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$User ) Write-Verbose "Deleting user $userID for tenant $CustomerTenantID" $endpoint = '/api/RemoveUser' $params = @{ TenantFilter = $CustomerTenantID ID = $User } # HACK: This is a GET request in the original code, but it should probably be a DELETE request? -Bobby # Modules\CIPPCore\Public\Invoke-RemoveUser.ps1 Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Remove-CIPPUser.ps1' 47 #Region './public/Identity/Administration/Users/Send-CIPPPush.ps1' -1 <# .SYNOPSIS Sends a push notification to a user. .DESCRIPTION The Send-CIPPPush function sends a push notification to a user specified by their email address. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER UserEmail The email address of the user to send the push notification to. .EXAMPLE Send-CIPPPush -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserEmail "user@example.com" Sends a push notification to the user with the email address "user@example.com" in the tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Send-CIPPPush { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserEmail ) Write-Verbose "Sending Push Notification to $UserEmail" $endpoint = '/api/execsendpush' $params = @{ tenantfilter = $CustomerTenantID Useremail = $UserEmail } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Send-CIPPPush.ps1' 37 #Region './public/Identity/Administration/Users/Set-BECRemediate.ps1' -1 <# .SYNOPSIS Runs BEC Remediation for a specified user. .DESCRIPTION The Set-BECRemediate function is used to initiate BEC (Business Email Compromise) remediation for a specified user. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER Username Specifies the username of the user to remediate. .PARAMETER Userid Specifies the ID of the user to remediate. .EXAMPLE Set-BECRemediate -CustomerTenantID "contoso.onmicrosoft.com" -Username "john.doe@contoso.onmicrosoft.com" -Userid "a75d9c41-4cff-4017-8ddd-d413591c8c1e" This example runs BEC remediation for the user with the username "john.doe@contoso.onmicrosoft.com" and the ID "a75d9c41-4cff-4017-8ddd-d413591c8c1e" in the customer's tenant with the ID "contoso.onmicrosoft.com". #> function Set-BECRemediate { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $true)] [string]$Userid ) Write-Verbose "Running BEC Remediation for $Username" $endpoint = '/api/execbecremediate' $body = @{ tenantfilter = $CustomerTenantID username = $Username userid = $Userid } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Identity/Administration/Users/Set-BECRemediate.ps1' 44 #Region './public/Identity/Administration/Users/Set-CIPPClrImmID.ps1' -1 <# .SYNOPSIS Clears the Immutable ID for a user. .DESCRIPTION The Set-CIPPClrImmID function clears the Immutable ID for a user by invoking a REST API endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Set-CIPPClrImmID -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" This example clears the Immutable ID for the user with the specified CustomerTenantID and UserID. #> function Set-CIPPClrImmID { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$UserID ) Write-Verbose "Clearing Immutable ID for User: $userID" $endpoint = '/api/execclrimmid' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPClrImmID.ps1' 39 #Region './public/Identity/Administration/Users/Set-CIPPCreateTap.ps1' -1 <# .SYNOPSIS Creates a TAP (Temporary Access Passcode) for a user. .DESCRIPTION The Set-CIPPCreateTap function is used to create a TAP (Temporary Access Passcode) for a user in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the TAP is being created. This parameter is mandatory. .PARAMETER UserID Specifies the ID of the user for whom the TAP is being created. This parameter is mandatory. .EXAMPLE Set-CIPPCreateTap -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user@domain.com" Creates a TAP for the user with the ID "user@domain.com" in the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPCreateTap { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Creating TAP for User: $userID" $endpoint = '/api/execcreatetap' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPCreateTap.ps1' 37 #Region './public/Identity/Administration/Users/Set-CIPPResetPassword.ps1' -1 <# .SYNOPSIS Resets the password for a user in the CIPP system. .DESCRIPTION The Set-CIPPResetPassword function is used to reset the password for a user in the CIPP system. It sends a request to the CIPP API to reset the password for the specified user. .PARAMETER CustomerTenantID The ID of the customer tenant in the CIPP system. .PARAMETER UserID The ID of the user whose password needs to be reset. .PARAMETER MustChange Specifies whether the user must change their password upon next login. The default value is "true". .EXAMPLE Set-CIPPResetPassword -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user@domain.com" -MustChange "false" Resets the password for the user with ID "user@domain.com" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". The user will not be required to change their password upon next login. #> function Set-CIPPResetPassword { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$MustChange = 'true' ) Write-Verbose "Resetting password for $UserID" $endpoint = '/api/execresetpass' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID MustChange = $MustChange } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPResetPassword.ps1' 47 #Region './public/Identity/Administration/Users/Set-CIPPRestoreDeletedUser.ps1' -1 <# .SYNOPSIS Restores a deleted user in the CIPP system. .DESCRIPTION The Set-CIPPRestoreDeletedUser function restores a deleted user in the CIPP (Customer Identity and Privacy Platform) system. It sends a request to the CIPP API to restore the user with the specified ID. .PARAMETER CustomerTenantID The ID of the customer tenant in which the user is being restored. .PARAMETER ID The ID of the user to be restored. .EXAMPLE Set-CIPPRestoreDeletedUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -ID "32a411a8-65ad-4358-ac14-5027d9abea9a" Restores the user with the ID "32a411a8-65ad-4358-ac14-5027d9abea9a" in the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPRestoreDeletedUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ID ) Write-Verbose "Restoring user: $ID" $endpoint = '/api/execrestoredeleted' $params = @{ tenantfilter = $CustomerTenantID Id = $ID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPRestoreDeletedUser.ps1' 38 #Region './public/Identity/Administration/Users/Set-CIPPRevokeSessions.ps1' -1 <# .SYNOPSIS Revokes sessions for a specified user in the CIPP system. .DESCRIPTION The Set-CIPPRevokeSessions function revokes sessions for a specified user in the CIPP system. It sends a request to the CIPP API to revoke all active sessions for the specified user. .PARAMETER CustomerTenantID The ID of the customer tenant for which the sessions need to be revoked. .PARAMETER UserID The ID of the user for whom the sessions need to be revoked. .EXAMPLE Set-CIPPRevokeSessions -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" Revokes all sessions for the user with ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPRevokeSessions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [string]$UserName ) Write-Verbose "Revoking Sessions for user: $UserID" $endpoint = '/api/execrevokesessions' $params = @{ TenantFilter = $CustomerTenantID ID = $UserID UserName = $UserName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPRevokeSessions.ps1' 42 #Region './public/Identity/Administration/Users/Set-CIPPSignInStatus.ps1' -1 <# .SYNOPSIS Sets the sign-in status for a user in the CIPP system. .DESCRIPTION The Set-CIPPSignInStatus function is used to enable or disable the sign-in status for a user in the CIPP system. When the $Enable parameter is set to "true", the function enables sign-in for the specified user. When the $Enable parameter is set to "false", the function disables sign-in for the specified user. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .PARAMETER UserID Specifies the ID of the user. .PARAMETER Enable Specifies whether to enable or disable sign-in for the user. Valid values are "true" (to enable sign-in) or "false" (to disable sign-in). .EXAMPLE Set-CIPPSignInStatus -CustomerTenantID "47b02ab5-376d-4c85-b82d-13996c023c93" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -Enable "true" Enables sign-in for the user with the ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Set-CIPPSignInStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -Enable "false" Disables sign-in for the user with the ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPSignInStatus { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [ValidateSet( 'true', 'false' )] [string]$Enable ) if ($Enable -eq 'true') { Write-Verbose "Enabling signin for $UserID" } else { Write-Verbose "Disabling signin for $UserID" } $endpoint = '/api/execdisableuser' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID Enable = $Enable } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPSignInStatus.ps1' 56 #Region './public/Identity/Administration/Users/Set-CIPPUser.ps1' -1 <# .SYNOPSIS Sets the properties of a CIPP user. .DESCRIPTION The Set-CIPPUser function is used to set the properties of a CIPP user. It allows you to modify various user attributes such as display name, username, first name, last name, domain, aliases, usage location, department, city, country, job title, mobile phone, street address, postal code, company name, and more. You can also add or remove the user from groups. .PARAMETER CustomerTenantID The ID of the customer tenant to which the user belongs. This parameter is mandatory. .PARAMETER UserID The ID of the user to be modified. This parameter is mandatory. .PARAMETER DisplayName The display name of the user. .PARAMETER UserName The username of the user. .PARAMETER FirstName The first name of the user. .PARAMETER LastName The last name of the user. .PARAMETER Domain The domain of the user. .PARAMETER AddedAliases Additional aliases for the user. .PARAMETER CopyFrom The ID of another user from which to copy the properties. .PARAMETER UsageLocation The usage location of the user. .PARAMETER Department The department of the user. .PARAMETER City The city of the user. .PARAMETER Country The country of the user. .PARAMETER Jobtitle The job title of the user. .PARAMETER MobilePhone The mobile phone number of the user. .PARAMETER StreetAddress The street address of the user. .PARAMETER PostalCode The postal code of the user. .PARAMETER CompanyName The company name of the user. .PARAMETER MustChangePass Specifies whether the user must change their password. Default value is $false. .PARAMETER AddToGroups An array of group IDs to which the user should be added. .PARAMETER RemoveFromGroups An array of group IDs from which the user should be removed. .PARAMETER BusinessPhone An array of business phone numbers for the user. .EXAMPLE Set-CIPPUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user1" -DisplayName "John Doe" -UserName "johndoe" -FirstName "John" -LastName "Doe" -Domain "example.com" -UsageLocation "US" -Department "IT" -City "New York" -Country "USA" -Jobtitle "Developer" -MobilePhone "1234567890" -StreetAddress "123 Main St" -PostalCode "12345" -CompanyName "Example Inc" -MustChangePass $true -AddToGroups "group1", "group2" -RemoveFromGroups "group3" -BusinessPhone "9876543210" #> function Set-CIPPUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$UserName, [Parameter(Mandatory = $false)] [string]$FirstName, [Parameter(Mandatory = $false)] [string]$LastName, [Parameter(Mandatory = $false)] [string]$Domain, [Parameter(Mandatory = $false)] [string]$AddedAliases, [Parameter(Mandatory = $false)] [string]$CopyFrom, [Parameter(Mandatory = $false)] [string]$UsageLocation, [Parameter(Mandatory = $false)] [string]$Department, [Parameter(Mandatory = $false)] [string]$City, [Parameter(Mandatory = $false)] [string]$Country, [Parameter(Mandatory = $false)] [string]$Jobtitle, [Parameter(Mandatory = $false)] [string]$MobilePhone, [Parameter(Mandatory = $false)] [string]$StreetAddress, [Parameter(Mandatory = $false)] [string]$PostalCode, [Parameter(Mandatory = $false)] [string]$CompanyName, [Parameter(Mandatory = $false)] [bool]$MustChangePass = $false, [Parameter(Mandatory = $false)] [array]$AddToGroups = @(), [Parameter(Mandatory = $false)] [array]$RemoveFromGroups = @(), [Parameter(Mandatory = $false)] [array]$BusinessPhone = @() ) Write-Verbose "Editing user data for $UserID in $CustomerTenantID" $existingUser = Get-CIPPUsers -CustomerTenantID $CustomerTenantID -UserID $UserID if ($AddToGroups.Count -gt 0) { $GroupsToAdd = foreach ($group in $AddToGroups) { $CIPPAddGroup = Get-CIPPGroups -CustomerTenantID $CustomerTenantID -GroupID $group [PSCustomObject]@{ value = [PSCustomObject]@{ groupid = $cippAddGroup.ID groupName = $cippAddGroup.DisplayName groupType = $CIPPAddGroup.calculatedGroupType } label = "$($CIPPAddGroup.DisplayName) - $($CIPPAddGroup.calculatedGroupType)" } } } if ($RemoveFromGroups.Count -gt 0) { $GroupsToRemove = foreach ($oldgroup in $RemoveFromGroups) { $CIPPRemoveGroup = Get-CIPPGroups -CustomerTenantID $CustomerTenantID -GroupID $oldgroup [PSCustomObject]@{ value = [PSCustomObject]@{ groupid = $CIPPRemoveGroup.ID groupName = $CIPPRemoveGroup.DisplayName groupType = $CIPPRemoveGroup.calculatedGroupType } label = "$($CIPPRemoveGroup.DisplayName) - $($CIPPRemoveGroup.calculatedGroupType)" } } } $body = @{ tenantID = $CustomerTenantID UserID = $UserID userPrincipalName = $UserName ? ($UserName + '@' + $Domain) : $existingUser.UserPrincipalName Username = $UserName ? $UserName : $existingUser.UserName DisplayName = $DisplayName ? $DisplayName : $existingUser.DisplayName Domain = $Domain ? $Domain : $existingUser.primDomain firstName = $FirstName ? $FirstName : $existingUser.GivenName LastName = $LastName ? $LastName : $existingUser.surname Jobtitle = $Jobtitle ? $Jobtitle : $existingUser.Jobtitle usageLocation = $UsageLocation ? $UsageLocation : $existingUser.UsageLocation BusinessPhone = if ($BusinessPhone.Count -eq 0) { $existingUser.BusinessPhones } else { $BusinessPhone } AddToGroups = $GroupsToAdd RemoveFromGroups = $GroupsToRemove CopyFrom = $CopyFrom Country = $Country ? $Country : $existingUser.Country PostalCode = $PostalCode ? $PostalCode : $existingUser.PostalCode CompanyName = $CompanyName ? $CompanyName : $existingUser.CompanyName StreetAddress = $StreetAddress ? $StreetAddress : $existingUser.StreetAddress MobilePhone = $MobilePhone ? $MobilePhone : $existingUser.MobilePhone Department = $Department ? $Department : $existingUser.Department City = $City ? $City : $existingUser.City MustChangePass = $MustChangePass } Invoke-CIPPRestMethod -Endpoint '/api/edituser' -Body $body -Method 'POST' } #EndRegion './public/Identity/Administration/Users/Set-CIPPUser.ps1' 191 #Region './public/Identity/Reports/Get-CIPPBasicAuth.ps1' -1 <# .SYNOPSIS Retrieves Basic Authentication information for a specific customer. .DESCRIPTION The Get-CIPPBasicAuth function retrieves Basic Authentication information for a specific customer by making a REST API call to the "/api/listbasicauth" endpoint. .PARAMETER CustomerTenantID The unique identifier of the customer's tenant. .EXAMPLE Get-CIPPBasicAuth -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves Basic Authentication information for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPBasicAuth { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Basic Auth for customer: $CustomerTenantID" $Endpoint = '/api/listbasicauth' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Identity/Reports/Get-CIPPBasicAuth.ps1' 30 #Region './public/Identity/Reports/Get-CIPPInactiveAccounts.ps1' -1 <# .SYNOPSIS Retrieves a list of inactive accounts for a specific customer. .DESCRIPTION The Get-CIPPInactiveAccounts function retrieves a list of inactive accounts for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant for which to retrieve the inactive accounts. .EXAMPLE Get-CIPPInactiveAccounts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the list of inactive accounts for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPInactiveAccounts { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting inactive accounts for customer: $CustomerTenantID" $endpoint = '/api/listinactiveaccounts' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Reports/Get-CIPPInactiveAccounts.ps1' 31 #Region './public/Identity/Reports/Get-CIPPMFAUsers.ps1' -1 <# .SYNOPSIS Retrieves the MFA users for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMFAUsers function retrieves the MFA users for a specified customer tenant ID by making a REST API call to the "/api/listmfausers" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the MFA users. .EXAMPLE Get-CIPPMFAUsers -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the MFA users for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPMFAUsers { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting MFA users for $CustomerTenantID" $endpoint = '/api/listmfausers' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Reports/Get-CIPPMFAUsers.ps1' 30 #Region './public/Identity/Reports/Get-CIPPSignIns.ps1' -1 <# .SYNOPSIS Retrieves sign-in information for a specific customer tenant. .DESCRIPTION The Get-CIPPSignIns function retrieves sign-in information for a specific customer tenant. It can filter the results based on various criteria such as failed logons. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve sign-in information. This parameter is mandatory. .PARAMETER failedlogononly Indicates whether to retrieve only failed logon sign-ins. This parameter is optional. .PARAMETER filter Specifies an additional filter to apply to the sign-in results. This parameter is optional. .EXAMPLE Get-CIPPSignIns -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -failedlogononly This example retrieves all failed logon sign-ins for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPSignIns { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$failedlogononly, [Parameter(Mandatory = $false)] [string]$filter ) Write-Verbose "Getting Signins for $CustomerTenantID" $endpoint = '/api/listsignins' $params = @{ tenantfilter = $CustomerTenantID filter = $filter } if ($failedlogononly) { $params.failedlogononly = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Reports/Get-CIPPSignIns.ps1' 48 #Region './public/Intune/Device/Get-CIPPGetBitLockerKey.ps1' -1 <# .SYNOPSIS Gets the BitLocker recovery key for a specified computer. .DESCRIPTION The Get-CIPPGetBitLockerKey function retrieves the BitLocker recovery key for a specified computer in the CIPP project. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .PARAMETER guid Specifies the GUID of the computer for which to retrieve the BitLocker recovery key. .EXAMPLE Get-CIPPGetBitLockerKey -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -guid "01234567-89AB-CDEF-0123-456789ABCDEF" Retrieves the BitLocker recovery key for the computer with the specified GUID in the CIPP project. #> Function Get-CIPPGetBitLockerKey { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$guid ) Write-Verbose "Getting bitlocker key for computer: $guid" # Define the endpoint and parameters $endpoint = '/api/execgetrecoverykey' $params = @{ tenantfilter = $CustomerTenantID guid = $guid } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Intune/Device/Get-CIPPGetBitLockerKey.ps1' 40 #Region './public/Intune/Device/Get-CIPPIntuneIntents.ps1' -1 <# .SYNOPSIS Retrieves Intune Intents for a specific customer. .DESCRIPTION The Get-CIPPIntuneIntents function retrieves Intune Intents for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .EXAMPLE Get-CIPPIntuneIntents -CustomerTenantID "contoso.onmicrosoft.com" This example retrieves Intune Intents for the customer with the tenant ID "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPIntuneIntents -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves Intune Intents for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> Function Get-CIPPIntuneIntents { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Intune Intents for customer: $CustomerTenantID" # Define the endpoint and parameters $endpoint = '/api/listintuneintents' $params = @{ tenantfilter = $CustomerTenantID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Intune/Device/Get-CIPPIntuneIntents.ps1' 38 #Region './public/Intune/Device/Get-CIPPIntunePolicy.ps1' -1 <# .SYNOPSIS Retrieves Intune policies for a specific customer. .DESCRIPTION The Get-CIPPIntunePolicy function retrieves Intune policies for a specific customer based on the provided parameters. It uses the Invoke-CIPPRestMethod function to make the request to the API. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER PolicyID The ID of the policy. This parameter is optional. .PARAMETER Urlname The URL name. This parameter is optional. .EXAMPLE Get-CIPPIntunePolicy -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -PolicyID "policy123" -Urlname "example" This example retrieves the Intune policies for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778", using the policy ID "policy123" and the URL name "example". .EXAMPLE Get-CIPPIntunePolicy -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves all Intune policies for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> Function Get-CIPPIntunePolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$PolicyID, [Parameter(Mandatory = $false)] [string]$Urlname ) Write-Verbose "Getting Intune policies for customer: $CustomerTenantID" # Validation to ensure both $PolicyID and $urlname are supplied together if (($PolicyID -and -not $urlname) -or (-not $PolicyID -and $urlname)) { throw 'You must supply both -PolicyID and -Urlname parameters together or not at all.' } # Define the endpoint and parameters $endpoint = '/api/listintunepolicy' $params = @{ tenantfilter = $CustomerTenantID URLName = $urlname id = $PolicyID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Intune/Device/Get-CIPPIntunePolicy.ps1' 55 #Region './public/Intune/Device/Get-CIPPIntuneTemplates.ps1' -1 <# .SYNOPSIS Retrieves Intune templates. .DESCRIPTION The Get-CIPPIntuneTemplates function retrieves Intune templates using the CIPPRestMethod cmdlet. .PARAMETER TemplateID Specifies the ID of the template to retrieve. This parameter is optional. .EXAMPLE Get-CIPPIntuneTemplates -TemplateID "12345" Retrieves the Intune template with the ID "12345". #> function Get-CIPPIntuneTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$TemplateID ) Write-Verbose 'Getting Intune Templates' $endpoint = '/api/listintunetemplates' $params = @{ tenantfilter = $CustomerTenantID id = $TemplateID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Intune/Device/Get-CIPPIntuneTemplates.ps1' 31 #Region './public/Intune/Device/Get-CIPPLocalAdminPassword.ps1' -1 <# .SYNOPSIS Retrieves the local admin password for a specified computer. .DESCRIPTION The Get-CIPPLocalAdminPassword function retrieves the local admin password for a specified computer in the CIPP project. It makes a REST API request to the CIPP API endpoint to fetch the password. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER guid The GUID of the computer for which to retrieve the local admin password. .EXAMPLE Get-CIPPLocalAdminPassword -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -guid "abcdefg" This example retrieves the local admin password for the computer with the specified GUID in the CIPP project. .INPUTS None. .OUTPUTS None. .NOTES Author: Your Name Date: Current Date .LINK https://cipp-project.com/documentation/get-cipplocaladminpassword #> Function Get-CIPPLocalAdminPassword { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$guid ) Write-Verbose "Getting local admin password for computer: $guid" # Define the endpoint and parameters $endpoint = '/api/execgetlocaladminpassword' $params = @{ tenantfilter = $CustomerTenantID guid = $guid } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Intune/Device/Get-CIPPLocalAdminPassword.ps1' 53 #Region './public/Intune/Device/Set-CIPPAutoPilotSync.ps1' -1 <# .SYNOPSIS Syncs AutoPilot devices for a specified customer tenant ID. .DESCRIPTION The Get-CIPPAutoPilotSync function is used to sync AutoPilot devices for a specific customer tenant ID. It makes a request to the specified endpoint with the provided parameters. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the AutoPilot devices need to be synced. .EXAMPLE Get-CIPPAutoPilotSync -CustomerTenantID "contoso.onmicrosoft.com" Syncs AutoPilot devices for the customer tenant ID "contoso.onmicrosoft.com". #> Function Set-CIPPAutoPilotSync { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Syncing AutoPilot Devices for $CustomerTenantID" # Define the endpoint and parameters $endpoint = '/api/execsyncapdevices' $params = @{ tenantfilter = $CustomerTenantID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Intune/Device/Set-CIPPAutoPilotSync.ps1' 34 #Region './public/Intune/Device/Set-CIPPDeviceAction.ps1' -1 <# .SYNOPSIS Executes a device action in the CIPP API. .DESCRIPTION The Set-CIPPDeviceAction function is used to execute various actions on a device in the CIPP API. The function supports actions such as syncing the device, rebooting the device, locating the device, rotating the local admin password, performing Windows Defender scans, updating Windows Defender signatures, generating logs and shipping them to MEM, renaming the device, performing a fresh start with or without removing user data, wiping the device with or without removing enrollment data, performing an Autopilot reset, and retiring the device. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER DeviceID The ID of the device. .PARAMETER Action The action to be performed on the device. Valid values are: - syncDevice - rebootNow - locateDevice - RotateLocalAdminPassword - WindowsDefenderFullScan - WindowsDefenderQuickScan - UpdateWindowsDefender - GenerateLogsAndShipToMEM - RenameDevice - FreshStartRemoveUserData - FreshStartDoNotRemoveUserData - WipeDeviceKeepEnrollmentData - WipeDeviceRemoveEnrollmentData - WipeDeviceKeepEnrollmentDataContinueAtPowerloss - WipeDeviceRemoveEnrollmentDataContinueAtPowerloss - AutopilotReset - RetireDevice .PARAMETER NewDeviceName The new name to assign to the device when the action is "RenameDevice". .EXAMPLE Set-CIPPDeviceAction -CustomerTenantID "contoso.onmicrosoft.com" -DeviceID "98765432-4321-4321-4321-0987654321BA" -Action "syncDevice" This example executes the "syncDevice" action on the specified device. #> Function Set-CIPPDeviceAction { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$DeviceID, [Parameter(Mandatory = $true)] [ValidateSet( 'syncDevice', 'rebootNow', 'locateDevice', 'RotateLocalAdminPassword', 'WindowsDefenderFullScan', 'WindowsDefenderQuickScan', 'UpdateWindowsDefender', 'GenerateLogsAndShipToMEM', 'RenameDevice', 'FreshStartRemoveUserData', 'FreshStartDoNotRemoveUserData', 'WipeDeviceKeepEnrollmentData', 'WipeDeviceRemoveEnrollmentData', 'WipeDeviceKeepEnrollmentDataContinueAtPowerloss', 'WipeDeviceRemoveEnrollmentDataContinueAtPowerloss', 'AutopilotReset', 'RetireDevice')] [string]$Action, [Parameter(Mandatory = $false)] [string]$NewDeviceName ) Write-Verbose "Executing $Action on Device $DeviceID" # Determine the HTTP method and construct the body if needed $method = 'GET' $body = @{} $actionQuery = $Action switch ($Action) { 'WindowsDefenderFullScan' { $method = 'POST' $actionQuery = 'WindowsDefenderScan' $body.quickScan = $false } 'WindowsDefenderQuickScan' { $method = 'POST' $actionQuery = 'WindowsDefenderScan' $body.quickScan = $true } 'UpdateWindowsDefender' { $method = 'POST' $actionQuery = 'windowsDefenderUpdateSignatures' } 'RenameDevice' { $method = 'POST' $body.newDeviceName = $NewDeviceName } 'FreshStartRemoveUserData' { $method = 'POST' $body.keepUserData = $false $actionQuery = 'cleanWindowsDevice' } 'FreshStartDoNotRemoveUserData' { $method = 'POST' $body.keepUserData = $true $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceKeepEnrollmentData' { $method = 'POST' $body.keepUserData = $true $body.keepEnrollmentData = $true $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceRemoveEnrollmentData' { $method = 'POST' $body.keepUserData = $false $body.keepEnrollmentData = $false $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceKeepEnrollmentDataContinueAtPowerloss' { $method = 'POST' $body.keepUserData = $false $body.keepEnrollmentData = $true $body.useProtectedWipe = $true $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceRemoveEnrollmentDataContinueAtPowerloss' { $method = 'POST' $body.keepUserData = $false $body.keepEnrollmentData = $false $body.useProtectedWipe = $true $actionQuery = 'cleanWindowsDevice' } default { if ($Action -in @('RotateLocalAdminPassword', 'AutopilotReset')) { $method = 'POST' } } } # Define the endpoint and parameters $endpoint = '/api/ExecDeviceAction' $params = @{ TenantFilter = $CustomerTenantID GUID = $DeviceID Action = $actionQuery } if ($method -eq 'GET') { Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method $method } else { Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method $method -Body $body } } #EndRegion './public/Intune/Device/Set-CIPPDeviceAction.ps1' 158 #Region './public/Invoke-CIPPRestMethod.ps1' -1 <# .SYNOPSIS Invokes a REST method using the CIPP API. .DESCRIPTION The Invoke-CIPPRestMethod function is used to send HTTP requests to the CIPP API. It supports various HTTP methods such as GET, POST, PUT, DELETE, etc. The function assembles the request parameters, including the endpoint, query parameters, request body, headers, and authorization token. It then sends the request using the Invoke-RestMethod cmdlet and returns the response. .PARAMETER Endpoint The endpoint of the API to send the request to. .PARAMETER Params Optional. A hashtable of query parameters to include in the request URL. .PARAMETER Method Optional. The HTTP method to use for the request. The default value is 'GET'. .PARAMETER Body Optional. A hashtable representing the request body. It will be converted to JSON before sending the request. .PARAMETER ContentType Optional. The content type of the request body. The default value is 'application/json'. .PARAMETER Authorization Optional. The authorization token to include in the request headers. .EXAMPLE Invoke-CIPPRestMethod -Endpoint '/api/Listusers' -Method 'GET' -Params @{ 'tenantfilter' = '11c11ab1-527a-1d29-l92e-76413h012s76' } This example sends a GET request to the '/api/Listusers' endpoint with a query parameter 'tenantfilter' set to '11c11ab1-527a-1d29-l92e-76413h012s76'. .EXAMPLE Invoke-CIPPRestMethod -Endpoint '/api/ListMailboxPermissions' -Params @{ 'tenantfilter' = 'M365x72601982.onmicrosoft.com', 'userid' = '11c11ab1-527a-1d29-l92e-76413h012s76'} This example sends a GET request to the '/api/ListMailboxPermissions' endpoint with a query parameter 'tenantfilter' set to 'M365x72601982.onmicrosoft.com' and 'userid' set to '11c11ab1-527a-1d29-l92e-76413h012s76' .EXAMPLE Invoke-CIPPRestMethod -Endpoint '/api/adduser' -method 'POST' -Body @{ 'tenantID' = '11c11ab1-527a-1d29-l92e-76413h012s76';'DisplayName' = 'Test User';'UserName' = 'testuser';'AutoPassword' = $true;'FirstName' = 'Test';'LastName' = 'User';'Domain' = 'M365x72601982.onmicrosoft.com';'CopyFrom' = "" } This example sends a POST request to the '/api/adduser' endpoint with a Body 'tenantID' set to '11c11ab1-527a-1d29-l92e-76413h012s76' and 'DisplayName' set to 'Test User', 'UserName' set to 'testuser', 'AutoPassword' set to $true, 'FirstName' set to 'Test', 'LastName' set to 'User', 'Domain' set to 'M365x72601982.onmicrosoft.com' #> function Invoke-CIPPRestMethod { param ( [string]$Endpoint, [hashtable]$Params = @{}, [string]$Method = 'GET', [hashtable]$Body = @{}, [string]$ContentType = 'application/json', [string]$Authorization = $null ) try { Invoke-CIPPPreFlightCheck } catch { Write-Error "$($_.Exception.Message)" break } $Headers = $script:AuthHeader # Assemble parameters $ParamCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty) $Params.GetEnumerator() | ForEach-Object { $ParamCollection.Add($_.Key, $_.Value) } $Request = $ParamCollection.ToString() $UriBuilder = [System.UriBuilder]('{0}{1}' -f $script:CIPPAPIUrl, $Endpoint) $UriBuilder.Query = $Request $BodyJson = $Body | ConvertTo-Json -Depth 10 $Request = @{ Uri = $UriBuilder.ToString() Method = $Method Headers = $Headers ContentType = $ContentType Body = $BodyJson } Write-Verbose "$Method [ $($UriBuilder.ToString()) ]" $response = Invoke-RestMethod @Request return $response } #EndRegion './public/Invoke-CIPPRestMethod.ps1' 83 #Region './public/Security/Defender/Get-CIPPDefenderState.ps1' -1 <# .SYNOPSIS Retrieves the Defender state for a specific customer. .DESCRIPTION The Get-CIPPDefenderState function retrieves the Defender state for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID Specifies the tenant ID of the customer for whom the Defender state needs to be retrieved. .EXAMPLE Get-CIPPDefenderState -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Defender state for the customer with the specified tenant ID. #> function Get-CIPPDefenderState { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [Guid]$CustomerTenantID ) Write-Verbose "Getting Defender State for customer: $CustomerTenantID" $endpoint = '/api/listdefenderstate' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Defender/Get-CIPPDefenderState.ps1' 31 #Region './public/Security/Defender/Get-CIPPDefenderTVM.ps1' -1 <# .SYNOPSIS Retrieves Defender TVM for a specific customer. .DESCRIPTION The Get-CIPPDefenderTVM function retrieves the Defender TVM (Threat and Vulnerability Management) for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the unique identifier of the customer's tenant. .EXAMPLE Get-CIPPDefenderTVM -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Defender TVM for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDefenderTVM { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Defender TVM for customer: $CustomerTenantID" $endpoint = '/api/listdefendertvm' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Defender/Get-CIPPDefenderTVM.ps1' 30 #Region './public/Security/Incidents/Get-CIPPAlertsList.ps1' -1 <# .SYNOPSIS Retrieves a list of alerts for a specific customer. .DESCRIPTION The Get-CIPPAlertsList function retrieves a list of alerts for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the alerts. .EXAMPLE Get-CIPPAlertsList -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the alerts for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAlertsList { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Alerts for customer: $CustomerTenantID" $endpoint = '/api/execalertslist' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Incidents/Get-CIPPAlertsList.ps1' 30 #Region './public/Security/Incidents/Get-CIPPIncidentList.ps1' -1 <# .SYNOPSIS Retrieves a list of incidents for a specific customer. .DESCRIPTION The Get-CIPPIncidentList function retrieves a list of incidents for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the incidents. .EXAMPLE Get-CIPPIncidentList -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the incidents for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPIncidentList { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Incidents for customer: $CustomerTenantID" $endpoint = '/api/execincidentslist' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Incidents/Get-CIPPIncidentList.ps1' 30 #Region './public/Security/Reports/Get-CIPPDeviceCompliance.ps1' -1 <# .SYNOPSIS Retrieves device compliance information for a specific customer tenant. .DESCRIPTION The Get-CIPPDeviceCompliance function retrieves device compliance information for a specified customer tenant. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API and retrieve the device compliance data. .PARAMETER CustomerTenantID The unique identifier of the customer tenant for which to retrieve device compliance information. .EXAMPLE Get-CIPPDeviceCompliance -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves device compliance information for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDeviceCompliance { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Device Compliance for $CustomerTenantID" $endpoint = '/api/listalltenantdevicecompliance' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Reports/Get-CIPPDeviceCompliance.ps1' 30 #Region './public/Set-CIPPAPIDetails.ps1' -1 <# .SYNOPSIS Sets the CIPP API details. .DESCRIPTION The Set-CIPPAPIDetails function is used to set the CIPP API details, including the client ID, client secret, API URL, and tenant ID. .PARAMETER CIPPClientID Specifies the client ID for the CIPP API. .PARAMETER CIPPClientSecret Specifies the client secret for the CIPP API. .PARAMETER CIPPAPIUrl Specifies the URL for the CIPP API. .PARAMETER TenantID Specifies the tenant ID for the CIPP API. .EXAMPLE Set-CIPPAPIDetails -CIPPClientID "d8d41058-97df-4b80-8e1b-7083d756409f" -CIPPClientSecret "YourSecurePassword" -CIPPAPIUrl "https://api.cipp.com" -TenantID "7c2f78c0-554e-4f42-a663-c4df3ce7f51f" This example sets the CIPP API details with the specified values. #> function Set-CIPPAPIDetails { [CmdletBinding()] Param( [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [string]$CIPPClientID, [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [String]$CIPPClientSecret, [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [String]$CIPPAPIUrl, [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [String]$TenantID ) Write-Verbose 'Setting CIPP API Keys' $script:CIPPClientID = $CIPPClientID $script:CIPPClientSecret = $CIPPClientSecret $script:CIPPAPIUrl = $CIPPAPIUrl $script:TenantID = $TenantID } #EndRegion './public/Set-CIPPAPIDetails.ps1' 44 #Region './public/Teams-Sharepoint/OneDrive/Get-CIPPOneDriveList.ps1' -1 <# .SYNOPSIS Retrieves a list of OneDrive sites for a specified customer tenant. .DESCRIPTION The Get-CIPPOneDriveList function retrieves a list of OneDrive sites for a specified customer tenant. It uses the Invoke-CIPPRestMethod function to make a REST API call to retrieve the sites. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the OneDrive sites. .PARAMETER urlonly Specifies whether to return only the URLs of the OneDrive sites. If this switch is used, only the URLs will be returned. .PARAMETER UserUPN The user's UPN (User Principal Name) for which to retrieve the OneDrive sites. This parameter is optional. .EXAMPLE PS> Get-CIPPOneDriveList -CustomerTenantID "example.com" Retrieves a list of OneDrive sites for the customer tenant with the ID "example.com". .EXAMPLE PS> Get-CIPPOneDriveList -CustomerTenantID "example.com" -urlonly Retrieves a list of OneDrive site URLs for the customer tenant with the ID "example.com". .EXAMPLE PS> Get-CIPPOneDriveList -CustomerTenantID "example.com" -UserUPN "user@example.com" Retrieves a list of OneDrive sites for the customer tenant with the ID "example.com" and the specified user's UPN "user@example.com". #> function Get-CIPPOneDriveList { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$urlonly, [Parameter(Mandatory = $false)] [string]$UserUPN ) Write-Verbose "Getting sites for $CustomerTenantID" $endpoint = '/api/listsites' $params = @{ tenantfilter = $CustomerTenantID type = 'OneDriveUsageAccount' userupn = $UserUPN } if ($urlonly) { $params.URLOnly = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/OneDrive/Get-CIPPOneDriveList.ps1' 58 #Region './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDrivePerms.ps1' -1 <# .SYNOPSIS Sets permissions for a user on a OneDrive. .DESCRIPTION The Set-CIPPOneDrivePerms function is used to give or remove access permissions for a specified user on a OneDrive. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER OneDriveUserUPN The User Principal Name (UPN) of the OneDrive user. .PARAMETER RemovePermission Specifies whether to remove the access permission for the specified user. If set to $true, the permission will be removed. If set to $false, the permission will be granted. .PARAMETER GiveAccessToUPN The User Principal Name (UPN) of the user to whom access is being granted or removed. .EXAMPLE Set-CIPPOneDrivePerms -CustomerTenantID "contoso.onmicrosoft.com" -OneDriveUserUPN "john@contoso.com" -RemovePermission $false -GiveAccessToUPN "jane@contoso.com" Grants access to "jane@contoso.com" on the OneDrive of user "john@contoso.com" in the "contoso.onmicrosoft.com" tenant. .EXAMPLE Set-CIPPOneDrivePerms -CustomerTenantID "contoso.onmicrosoft.com" -OneDriveUserUPN "john@contoso.com" -RemovePermission $true -GiveAccessToUPN "jane@contoso.com" Removes access for "jane@contoso.com" from the OneDrive of user "john@contoso.com" in the "contoso.onmicrosoft.com" tenant. #> function Set-CIPPOneDrivePerms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$OneDriveUserUPN, [Parameter(Mandatory = $true)] [bool]$RemovePermission, [Parameter(Mandatory = $true)] [string]$GiveAccessToUPN ) Write-Verbose "Giving access to $GiveAccessToUPN on $OneDriveUserUPN's OneDrive." $endpoint = '/api/ExecSharePointPerms' $body = @{ TenantFilter = $CustomerTenantID UPN = $OneDriveUserUPN URL = $SiteUrl RemovePermission = $RemovePermission input = $GiveAccessToUPN } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDrivePerms.ps1' 53 #Region './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDriveShortCut.ps1' -1 <# .SYNOPSIS Creates a OneDrive shortcut for a user to a specified SharePoint URL. .DESCRIPTION The Set-CIPPOneDriveShortCut function creates a OneDrive shortcut for a specified user to a specified SharePoint URL. It uses the Invoke-CIPPRestMethod function to make a POST request to the "/api/execonedriveshortcut" endpoint. .PARAMETER CustomerTenantID The default domain of the customer's tenant. .PARAMETER Username The username of the user for whom the OneDrive shortcut is being created. .PARAMETER UserID The UserID of the user for whom the OneDrive shortcut is being created. .PARAMETER SharePointURL The URL of the SharePoint site to which the OneDrive shortcut will point. .EXAMPLE Set-CIPPOneDriveShortCut -CustomerTenantID "contoso.onmicrosoft.com" -Username "john.doe@contoso.onmicrosoft.com" -UserID "98765432-1234-5678-9012-34567890abcd" -SharePointURL "https://contoso.sharepoint.com/sites/finance" This example creates a OneDrive shortcut for the user "john.doe@contoso.onmicrosoft.com" to the SharePoint site located at "https://contoso.sharepoint.com/sites/finance" in the customer's tenant with the ID "contoso.onmicrosoft.com". #> function Set-CIPPOneDriveShortCut { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $true)] [guid]$UserID, [Parameter(Mandatory = $true)] [string]$SharePointURL ) Write-Verbose "Creating OneDrive Shortcut for $Username to $SharePointURL" $endpoint = '/api/execonedriveshortcut' $body = @{ TenantFilter = $CustomerTenantID username = $Username userid = $UserID input = $SharePointURL } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDriveShortCut.ps1' 51 #Region './public/Teams-Sharepoint/Sharepoint/Add-CIPPSharePointSite.ps1' -1 <# .SYNOPSIS Adds a new SharePoint site to the specified customer tenant. .DESCRIPTION The Add-CIPPSharePointSite function creates a new SharePoint site with the specified parameters. It supports different site designs and templates. .PARAMETER CustomerTenantID The ID of the customer tenant where the SharePoint site will be added. This parameter is mandatory. .PARAMETER DisplayName The display name of the SharePoint site. This parameter is mandatory. .PARAMETER Description The description of the SharePoint site. This parameter is mandatory. .PARAMETER Owner The owner of the SharePoint site. Should be a valid user principal name (UPN). This parameter is mandatory. .PARAMETER SiteDesign The design of the SharePoint site. Valid values are 'Topic', 'Showcase', 'Blank', and 'Custom'. The default value is 'Showcase'. This parameter is optional. .PARAMETER TemplateName The template of the SharePoint site. Valid values are 'Communication' and 'Team'. The default value is 'Communication'. This parameter is optional. .EXAMPLE Add-CIPPSharePointSite -CustomerTenantID "166cc908-10b2-405f-a00b-03006c430c9c" -DisplayName "Project Site" -Description "Site for project collaboration" -Owner "owner@domain.com" This example adds a new SharePoint site with the display name "Project Site" and the description "Site for project collaboration" to the customer tenant with ID "166cc908-10b2-405f-a00b-03006c430c9c". The owner of the site is "owner@domain.com". .EXAMPLE Add-CIPPSharePointSite -CustomerTenantID "domain.com" -DisplayName "Project Site" -Description "Site for project collaboration" -Owner "owner@domain.com" This example adds a new SharePoint site with the display name "Project Site" and the description "Site for project collaboration" to the customer tenant with ID "domain.com". The owner of the site is "owner@domain.com". .NOTES This function requires the Invoke-CIPPRestMethod cmdlet to send the request to the API endpoint. #> function Add-CIPPSharePointSite { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$Description, [Parameter(Mandatory = $true)] [string]$Owner, [Parameter(Mandatory = $false)] [ValidateSet('Topic', 'Showcase', 'Blank', 'Custom')] [string]$SiteDesign = 'Showcase', [Parameter(Mandatory = $false)] [ValidateSet('Communication', 'Team')] [string]$TemplateName = 'Communication' ) Write-Verbose "Adding SharePoint site $DisplayName for $CustomerTenantID" $endpoint = '/api/AddSite' $Body = @{ tenantFilter = $CustomerTenantID siteName = $DisplayName siteDescription = $Description siteOwner = @{ value = $Owner } siteDesign = @{ value = $SiteDesign } TemplateName = @{ value = $TemplateName } } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $Body -Method 'POST' } #EndRegion './public/Teams-Sharepoint/Sharepoint/Add-CIPPSharePointSite.ps1' 72 #Region './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointQuota.ps1' -1 <# .SYNOPSIS Retrieves the SharePoint quota for a specific customer tenant. .DESCRIPTION The Get-CIPPSharePointQuota function retrieves the SharePoint quota for a specific customer tenant by making a REST API call to the "/api/listsharepointquota" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which the SharePoint quota needs to be retrieved. .EXAMPLE Get-CIPPSharePointQuota -CustomerTenantID "contoso.onmicrosoft.com" This example retrieves the SharePoint quota for the customer tenant with the ID "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPSharePointQuota -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves the SharePoint quota for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPSharePointQuota { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting SharePoint quota for $CustomerTenantID" $endpoint = '/api/listsharepointquota' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointQuota.ps1' 34 #Region './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointSites.ps1' -1 <# .SYNOPSIS Retrieves SharePoint sites for a specified customer tenant. .DESCRIPTION The Get-CIPPSharePointSites function retrieves SharePoint sites for a specified customer tenant. It uses the Invoke-CIPPRestMethod function to make a REST API call to retrieve the sites. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve SharePoint sites. This parameter is mandatory. .PARAMETER urlonly Specifies whether to retrieve only the URLs of the SharePoint sites. By default, this parameter is not specified. .PARAMETER UserUPN The user's UPN (User Principal Name) for which to retrieve SharePoint sites. This parameter is optional. .EXAMPLE Get-CIPPSharePointSites -CustomerTenantID "contoso.onmicrosoft.com" Retrieves all SharePoint sites for the customer tenant "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPSharePointSites -CustomerTenantID "contoso.onmicrosoft.com" -urlonly Retrieves only the URLs of the SharePoint sites for the customer tenant "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPSharePointSites -CustomerTenantID "contoso.onmicrosoft.com" -UserUPN "user@contoso.com" Retrieves SharePoint sites for the user "user@contoso.com" in the customer tenant "contoso.onmicrosoft.com". #> function Get-CIPPSharePointSites { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$urlonly, [Parameter(Mandatory = $false)] [string]$UserUPN ) Write-Verbose "Getting sites for $CustomerTenantID" $endpoint = '/api/listsites' $params = @{ tenantfilter = $CustomerTenantID type = 'SharePointSiteUsage' userupn = $UserUPN } if ($urlonly) { $params.URLOnly = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointSites.ps1' 55 #Region './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteAdmin.ps1' -1 <# .SYNOPSIS Sets the SharePoint site admin for a given site. .DESCRIPTION The Set-CIPPSharePointSiteAdmin function sets the SharePoint site admin for a specified site by making a REST API call to the CIPP API. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER CurrentAdminUPN The UPN (User Principal Name) of the current site admin. .PARAMETER SiteUrl The URL of the SharePoint site. .PARAMETER RemovePermission Specifies whether to remove the admin permission for the current admin UPN. .PARAMETER AdditionalAdminUPN The UPN of the additional admin to be added. .EXAMPLE Set-CIPPSharePointSiteAdmin -CustomerTenantID "contoso.onmicrosoft.com" -CurrentAdminUPN "admin@contoso.com" -SiteUrl "https://contoso.sharepoint.com/sites/site1" -RemovePermission $true -AdditionalAdminUPN "admin2@contoso.com" Sets the SharePoint site admin for the site "https://contoso.sharepoint.com/sites/site1" by removing the admin permission for "admin@contoso.com" and adding "admin2@contoso.com" as an additional admin. #> function Set-CIPPSharePointSiteAdmin { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$CurrentAdminUPN, [Parameter(Mandatory = $true)] [string]$SiteUrl, [Parameter(Mandatory = $true)] [bool]$RemovePermission, [Parameter(Mandatory = $true)] [string]$AdditionalAdminUPN ) Write-Verbose "Setting SharePoint Owner on $Url" $endpoint = '/api/ExecSharePointPerms' $body = @{ TenantFilter = $CustomerTenantID UPN = $CurrentAdminUPN URL = $SiteUrl RemovePermission = $RemovePermission input = $AdditionalAdminUPN } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteAdmin.ps1' 55 #Region './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteMembers.ps1' -1 <# .SYNOPSIS Sets SharePoint site members with specified permissions. .DESCRIPTION The Set-CIPPSharePointSiteMembers function is used to set SharePoint site members with specified permissions. It sends a request to the CIPP API to execute the operation. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER SharePointType Specifies the type of SharePoint site. .PARAMETER SiteUrl Specifies the URL of the SharePoint site. .PARAMETER AddPermission Specifies whether to add or remove permissions for the user. .PARAMETER GroupUPN Specifies the UPN (User Principal Name) of the site group. .PARAMETER UserToGiveAccessUPN Specifies the UPN of the user to give access to. .EXAMPLE Set-CIPPSharePointSiteMembers -CustomerTenantID "contoso.onmicrosoft.com" -SharePointType "Group" -SiteUrl "https://contoso.sharepoint.com/sites/TeamSite" -AddPermission $true -GroupUPN "group@contoso.com" -UserToGiveAccessUPN "user@contoso.com" Sets the SharePoint site members by adding permissions for the specified user. . #> function Set-CIPPSharePointSiteMembers { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$SharePointType, [Parameter(Mandatory = $true)] [string]$SiteUrl, [Parameter(Mandatory = $true)] [bool]$AddPermission, [Parameter(Mandatory = $true)] [string]$GroupUPN, [Parameter(Mandatory = $true)] [string]$UserToGiveAccessUPN ) Write-Verbose "Setting SharePoint Member on $Url" $endpoint = '/api/ExecSetSharePointMember' $body = @{ TenantFilter = $CustomerTenantID SharePointType = $SharePointType URL = $SiteUrl add = $AddPermission GroupId = $GroupUPN input = $UserToGiveAccessUPN } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteMembers.ps1' 61 #Region './public/Teams-Sharepoint/Teams/Add-CIPPTeam.ps1' -1 <# .SYNOPSIS Adds a new team site to the specified customer tenant. .DESCRIPTION The Add-CIPPTeam function creates a new team site in the specified customer tenant using the provided display name, description, visibility, and owner. .PARAMETER CustomerTenantID The ID of the customer tenant where the team site will be added. Can be the tenant ID or default domain name. .PARAMETER DisplayName The display name of the new team site. .PARAMETER Description A description for the new team site. .PARAMETER Visibility The visibility setting for the new team site (e.g., Public or Private). .PARAMETER Owner The owner of the new team site. Should be a valid user principal name (UPN) with a teams license assigned. .EXAMPLE Add-CIPPTeam -CustomerTenantID "9d606831-a394-4d1a-b508-260f428807a4" -DisplayName "Engineering Team" -Description "Team for engineering department" -Visibility "Private" -Owner "john.doe@example.com" This example adds a new team site named "Engineering Team" with the description "Team for engineering department" to the customer tenant with the ID "12345". The team site is set to private visibility and owned by john.doe@example.com. .EXAMPLE Add-CIPPTeam -CustomerTenantID "exampleTenant.onmicrosoft.com" -DisplayName "Marketing Team" -Description "Team for marketing department" -Visibility "Public" -Owner "Jane.doe@example.com" This example adds a new team site named "Marketing Team" with the description "Team for marketing department" to the customer tenant with the ID "67890". The team site is set to public visibility and owned by Jane.doe@example.com .NOTES This function requires the Invoke-CIPPRestMethod cmdlet to send the request to the API endpoint. #> function Add-CIPPTeam { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$Description, [Parameter(Mandatory = $true)] [ValidateSet('private', 'public')] [string]$Visibility, [Parameter(Mandatory = $true)] [string]$Owner ) Write-Verbose "Adding team site $DisplayName for $CustomerTenantID" $endpoint = '/api/AddTeam' $Body = @{ tenantID = $CustomerTenantID displayName = $DisplayName description = $Description visibility = $Visibility owner = $Owner } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $Body -Method 'POST' } #EndRegion './public/Teams-Sharepoint/Teams/Add-CIPPTeam.ps1' 63 #Region './public/Teams-Sharepoint/Teams/Get-CIPPTeams.ps1' -1 <# .SYNOPSIS Retrieves teams sites for a specified customer tenant ID. .DESCRIPTION The Get-CIPPTeams function retrieves teams sites for a specified customer tenant ID. It uses the Invoke-CIPPRestMethod function to make a REST API call to retrieve the teams sites. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve teams sites. This parameter is mandatory. .PARAMETER ID The ID of the teams site to retrieve. This parameter is optional. .EXAMPLE Get-CIPPTeams -CustomerTenantID "contoso.onmicrosoft.com" Retrieves all teams sites for the "contoso.onmicrosoft.com" tenant. .EXAMPLE Get-CIPPTeams -CustomerTenantID "contoso.onmicrosoft.com" -ID "12345" Retrieves the teams site with the ID "12345" for the "contoso.onmicrosoft.com" tenant. #> function Get-CIPPTeams { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$ID ) Write-Verbose "Getting teams sites for $CustomerTenantID" $endpoint = '/api/listteams' $params = @{ tenantfilter = $CustomerTenantID type = if ($ID) { 'team' } else { 'list' } ID = $id } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Teams/Get-CIPPTeams.ps1' 43 #Region './public/Teams-Sharepoint/Teams/Get-CIPPTeamsActivity.ps1' -1 <# .SYNOPSIS Retrieves the activity of Teams users in a specified customer tenant. .DESCRIPTION The Get-CIPPTeamsActivity function retrieves the activity of Teams users in a specified customer tenant. It makes use of the Invoke-CIPPRestMethod function to send a request to the "/api/listteamsactivity" endpoint with the provided parameters. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the Teams activity. .EXAMPLE Get-CIPPTeamsActivity -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Teams activity for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPTeamsActivity { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting teams activity $CustomerTenantID" $endpoint = '/api/listteamsactivity' $params = @{ tenantfilter = $CustomerTenantID type = 'TeamsUserActivityUser' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Teams/Get-CIPPTeamsActivity.ps1' 32 #Region './public/Teams-Sharepoint/Teams/Get-CIPPTeamsVoice.ps1' -1 <# .SYNOPSIS Retrieves teams voice information for a specified customer tenant ID. .DESCRIPTION The Get-CIPPTeamsVoice function retrieves teams voice information for a specified customer tenant ID. It makes use of the Invoke-CIPPRestMethod function to send a request to the "/api/listteamsvoice" endpoint with the provided tenant filter. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve teams voice information. This parameter is mandatory. .EXAMPLE Get-CIPPTeamsVoice -CustomerTenantID "contoso.onmicrosoft.com" Retrieves teams voice information for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPTeamsVoice { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting teams voice $CustomerTenantID" $endpoint = '/api/listteamsvoice' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Teams/Get-CIPPTeamsVoice.ps1' 31 #Region './public/Tenant/Administration/Alerts/Get-CIPPAlerts.ps1' -1 <# .SYNOPSIS Retrieves CIPP alerts from the API. .DESCRIPTION The Get-CIPPAlerts function retrieves CIPP alerts from the API by invoking the "/api/getcippalerts" endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPAlerts Retrieves CIPP alerts from the API. #> function Get-CIPPAlerts { [CmdletBinding()] param () Write-Verbose 'Getting CIPP Alerts' # Define the endpoint and parameters $endpoint = '/api/getcippalerts' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Tenant/Administration/Alerts/Get-CIPPAlerts.ps1' 28 #Region './public/Tenant/Administration/Get-CIPPAppConsentReqs.ps1' -1 <# .SYNOPSIS Retrieves app consent requests for a specific customer tenant. .DESCRIPTION The Get-CIPPAppConsentReqs function retrieves app consent requests for a specific customer tenant by making a REST API call to the "/api/listappconsentrequests" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve app consent requests. This parameter is mandatory. .EXAMPLE Get-CIPPAppConsentReqs -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves app consent requests for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAppConsentReqs { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting app consent requests for customer: $CustomerTenantID" $Endpoint = '/api/listappconsentrequests' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Administration/Get-CIPPAppConsentReqs.ps1' 32 #Region './public/Tenant/Administration/Get-CIPPDomains.ps1' -1 <# .SYNOPSIS Retrieves the domains for a specific customer. .DESCRIPTION The Get-CIPPDomains function retrieves the domains associated with a specific customer in the CIPP system. .PARAMETER CustomerTenantID The unique identifier of the customer's tenant. .EXAMPLE Get-CIPPDomains -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves the domains for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> Function Get-CIPPDomains { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Domains for customer: $CustomerTenantID" # Define the endpoint and parameters $endpoint = '/api/ListDomains' $params = @{ tenantfilter = $CustomerTenantID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Get-CIPPDomains.ps1' 35 #Region './public/Tenant/Administration/Tenant/Get-CIPPADConnectStatus.ps1' -1 <# .SYNOPSIS Retrieves the AD Connect status, AD Connect settings, or AD objects in error for a specified customer tenant. .DESCRIPTION The Get-CIPPADConnectStatus function retrieves information about the AD Connect status, AD Connect settings, or AD objects in error for a specified customer tenant. It makes a REST API call to retrieve the data from the CIPP API. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the AD Connect information is to be retrieved. .PARAMETER dataToReturn Specifies the type of data to be returned. Valid values are "AzureADConnectSettings" to retrieve AD Connect settings, "AzureADObjectsInError" to retrieve AD objects in error, or leave empty to retrieve the AD Connect status. .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "contoso.onmicrosoft.com" -dataToReturn "AzureADConnectSettings" Retrieves the AD Connect settings for the customer tenant "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -dataToReturn "AzureADConnectSettings" Retrieves the AD Connect settings for the customer tenant "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "contoso.onmicrosoft.com" -dataToReturn "AzureADObjectsInError" Retrieves the AD objects in error for the customer tenant "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -dataToReturn "AzureADObjectsInError" Retrieves the AD objects in error for the customer tenant "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the AD Connect status for the customer tenant "contoso.onmicrosoft.com". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the AD Connect status for the customer tenant "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPADConnectStatus { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [ValidateSet('AzureADConnectSettings', 'AzureADObjectsInError')] [string]$dataToReturn ) if ($dataToReturn -eq 'AzureADConnectSettings') { Write-Verbose "Getting AD Connect Settings for: $CustomerTenantID" } elseif ($dataToReturn -eq 'AzureADObjectsInError') { Write-Verbose "Getting AD Objects in Error for: $CustomerTenantID" } else { Write-Verbose "Getting AD Connect Status for: $CustomerTenantID" } $Endpoint = '/api/listazureadconnectstatus' $Params = @{ tenantfilter = $CustomerTenantID datatoreturn = $dataToReturn } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPADConnectStatus.ps1' 63 #Region './public/Tenant/Administration/Tenant/Get-CIPPOrg.ps1' -1 <# .SYNOPSIS Retrieves information about a specific organization in the CIPP system. .DESCRIPTION The Get-CIPPOrg function retrieves information about a specific organization in the CIPP system based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the unique identifier of the customer tenant. .EXAMPLE Get-CIPPOrg -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves information about the organization with the CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPOrg -CustomerTenantID "contoso.onmicrosoft.com" This example retrieves information about the organization with the CustomerTenantID "contoso.onmicrosoft.com". #> function Get-CIPPOrg { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting org $CustomerTenantID" $endpoint = '/api/listorg' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPOrg.ps1' 34 #Region './public/Tenant/Administration/Tenant/Get-CIPPPartnerRelationships.ps1' -1 <# .SYNOPSIS Retrieves partner relationships for a specified customer tenant. .DESCRIPTION The Get-CIPPPartnerRelationships function retrieves partner relationships for a specified customer tenant by making a REST API call to the "/api/listpartnerrelationships" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve partner relationships. .EXAMPLE Get-CIPPPartnerRelationships -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves partner relationships for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPPartnerRelationships -CustomerTenantID "contoso.onmicrosoft.com" Retrieves partner relationships for the customer tenant with ID "contoso.onmicrosoft.com". #> function Get-CIPPPartnerRelationships { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting org $CustomerTenantID" $endpoint = '/api/listpartnerrelationships' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPPartnerRelationships.ps1' 34 #Region './public/Tenant/Administration/Tenant/Get-CIPPTenantDetails.ps1' -1 <# .SYNOPSIS Retrieves the details of a specific CIPP tenant. .DESCRIPTION The Get-CIPPTenantDetails function retrieves the details of a specific CIPP (Customer Information Protection Platform) tenant using the provided CustomerTenantID. .PARAMETER CustomerTenantID The unique identifier of the CIPP tenant. .EXAMPLE Get-CIPPTenantDetails -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the details of the CIPP tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPTenantDetails -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the details of the CIPP tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPTenantDetails { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Tenant Details for $CustomerTenantID" $endpoint = '/api/ListTenantDetails' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPTenantDetails.ps1' 34 #Region './public/Tenant/Administration/Tenant/Get-CIPPTenants.ps1' -1 <# .SYNOPSIS Retrieves a list of CIPP tenants. .DESCRIPTION The Get-CIPPTenants function retrieves a list of CIPP tenants based on the specified parameters. It makes a REST API call to the "/api/listtenants" endpoint and returns the result. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. This parameter is optional. .PARAMETER ClearCache Indicates whether to clear the cache before retrieving the tenants. This parameter is optional. .PARAMETER TriggerRefresh Indicates whether to trigger a refresh before retrieving the tenants. This parameter is optional. .EXAMPLE Get-CIPPTenants -CustomerTenantID "contoso.onmicrosoft.com" -ClearCache This example retrieves the list of CIPP tenants for the specified customer tenant and clears the cache before retrieving the tenants. #> function Get-CIPPTenants { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$ClearCache, [Parameter(Mandatory = $false)] [switch]$TriggerRefresh ) Write-Verbose 'Getting Tenants' $endpoint = '/api/listtenants' $params = @{ tenantfilter = $CustomerTenantID } if ($ClearCache) { $params.ClearCache = 'true' } if ($TriggerRefresh) { $params.TriggerRefresh = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPTenants.ps1' 49 #Region './public/Tenant/Conditional/Get-CIPPCAPolicies.ps1' -1 <# .SYNOPSIS Retrieves Conditional Access Policies for a specific customer tenant. .DESCRIPTION The Get-CIPPCAPolicies function retrieves the Conditional Access Policies for a specific customer tenant by making a REST API call to the "/api/listconditionalaccesspolicies" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the Conditional Access Policies. .EXAMPLE Get-CIPPCAPolicies -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Conditional Access Policies for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPCAPolicies -CustomerTenantID "contoso.onmicrosoft.com" Retrieves the Conditional Access Policies for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPCAPolicies { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Conditional Access Policies for customer: $CustomerTenantID" $Endpoint = '/api/listconditionalaccesspolicies' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Conditional/Get-CIPPCAPolicies.ps1' 36 #Region './public/Tenant/Conditional/Get-CIPPCATemplates.ps1' -1 <# .SYNOPSIS Retrieves Conditional Access Templates. .DESCRIPTION The Get-CIPPCATemplates function retrieves the list of Conditional Access Templates from the specified endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPCATemplates Retrieves the list of Conditional Access Templates. #> function Get-CIPPCATemplates { [CmdletBinding()] Param() Write-Verbose 'Getting Conditional Access Templates' $endpoint = '/api/listcatemplates' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Tenant/Conditional/Get-CIPPCATemplates.ps1' 26 #Region './public/Tenant/Conditional/Get-CIPPNamedLocations.ps1' -1 <# .SYNOPSIS Retrieves named locations for a specific customer tenant. .DESCRIPTION The Get-CIPPNamedLocations function retrieves named locations for a specific customer tenant by making a REST API call to the "/api/listnamedlocations" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve named locations. .EXAMPLE Get-CIPPNamedLocations -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves named locations for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPNamedLocations -CustomerTenantID "contoso.onmicrosoft.com" Retrieves named locations for the customer tenant with ID "contoso.onmicrosoft.com". #> function Get-CIPPNamedLocations { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting named locations for $CustomerTenantID" $endpoint = '/api/listnamedlocations' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Conditional/Get-CIPPNamedLocations.ps1' 34 #Region './public/Tenant/Conditional/Set-CIPPCAPolicy.ps1' -1 <# .SYNOPSIS Sets the Conditional Access (CA) Policy for a specific customer tenant. .DESCRIPTION The Set-CIPPCAPolicy function is used to set the Conditional Access (CA) Policy for a specific customer tenant. It allows you to enable or disable the CA Policy for the tenant. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the CA Policy needs to be set. .PARAMETER State Specifies the state of the CA Policy. Valid values are "Enabled" and "Disabled". .PARAMETER Guid Specifies the GUID of the CA Policy. .EXAMPLE Set-CIPPCAPolicy -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -State "Enabled" -Guid "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6" Sets the CA Policy for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" to "Enabled" using the GUID "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6". .EXAMPLE Set-CIPPCAPolicy -CustomerTenantID "contoso.onmicrosoft.com" -State "Enabled" -Guid "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6" Sets the CA Policy for the customer tenant with ID "contoso.onmicrosoft.com" to "Enabled" using the GUID "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6". #> function Set-CIPPCAPolicy { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [ValidateSet('Enabled', 'Disabled')] [string]$State, [Parameter(Mandatory = $true)] [guid]$Guid ) Write-Verbose "Editing CA Policy for tenant $CustomerTenantID" $endpoint = '/api/editcapolicy' $params = @{ tenantfilter = $CustomerTenantID state = $State guid = $Guid } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Conditional/Set-CIPPCAPolicy.ps1' 48 #Region './public/Tenant/GDAP/Get-CIPPGDAPRoles.ps1' -1 <# .SYNOPSIS Retrieves the list of GDAP roles. .DESCRIPTION The Get-CIPPGDAPRoles function retrieves the list of GDAP (Granular delegated Admin Privileges ) roles by making a REST API call to the "/api/ListGDAPRoles" endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPGDAPRoles Retrieves the list of GDAP roles. #> function Get-CIPPGDAPRoles { [CmdletBinding()] Param() Write-Verbose 'Getting GDAP Role List' $endpoint = '/api/ListGDAPRoles' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Tenant/GDAP/Get-CIPPGDAPRoles.ps1' 27 #Region './public/Tenant/GDAP/Remove-CIPPGDAPRelationship.ps1' -1 <# .SYNOPSIS Removes a GDAP (Global Data Access Point) relationship. .DESCRIPTION The Remove-CIPPGDAPRelationship function terminates a GDAP relationship by invoking a REST API endpoint. .PARAMETER GDAPID Specifies the ID of the GDAP relationship to be terminated. .EXAMPLE Remove-CIPPGDAPRelationship -GDAPID "59a6b837-2c8d-4f91-93e1-746cd82b1e37-a9d8b5e2-73cf-41a5-8de7-134f62b0c6e9" Terminates the GDAP relationship with the ID "59a6b837-2c8d-4f91-93e1-746cd82b1e37-a9d8b5e2-73cf-41a5-8de7-134f62b0c6e9". #> function Remove-CIPPGDAPRelationship { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$GDAPID ) Write-Verbose "Terminating GDAP Relationship: $GDAPID" $Endpoint = '/api/execdeletegdaprelationship' $Params = @{ gdapid = $GDAPID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/GDAP/Remove-CIPPGDAPRelationship.ps1' 32 #Region './public/Tenant/Reports/Get-CIPPLicenses.ps1' -1 <# .SYNOPSIS Retrieves licenses for a specific customer tenant. .DESCRIPTION The Get-CIPPLicenses function retrieves licenses for a specific customer tenant by making a REST API call to the "/api/ListLicenses" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which licenses need to be retrieved. .EXAMPLE Get-CIPPLicenses -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves licenses for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPLicenses -CustomerTenantID "contoso.onmicrosoft.com" Retrieves licenses for the customer tenant with the ID "contoso.onmicrosoft.com". #> function Get-CIPPLicenses { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Licenses for $CustomerTenantID" $endpoint = '/api/ListLicenses' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Reports/Get-CIPPLicenses.ps1' 34 #Region './public/Tenant/Reports/Get-CIPPOAuthApps.ps1' -1 <# .SYNOPSIS Retrieves OAuth apps for a specific customer tenant. .DESCRIPTION The Get-CIPPOAuthApps function retrieves OAuth apps for a specific customer tenant by making a REST API call to the "/api/listoauthapps" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve OAuth apps. .EXAMPLE Get-CIPPOAuthApps -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves OAuth apps for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPOAuthApps { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting OAuth apps for $CustomerTenantID" $endpoint = '/api/listoauthapps' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Reports/Get-CIPPOAuthApps.ps1' 30 #Region './public/Tenant/Standards/Get-CIPPBPA.ps1' -1 <# .SYNOPSIS Retrieves the BPA (Best Practices Analyzer) report for a specific customer tenant. .DESCRIPTION The Get-CIPPBPA function retrieves the BPA report for a customer tenant based on the provided CustomerTenantID. Optionally, you can specify a ReportName to filter the report. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the BPA report. This parameter is optional. .PARAMETER ReportName Specifies the name of the report to filter the BPA report. This parameter is optional. .EXAMPLE Get-CIPPBPA -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -ReportName "CIPP Best Practices V1.0 - Tenant View" This example retrieves the BPA report for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and filters it by the report name "CIPP Best Practices V1.0 - Tenant View". #> function Get-CIPPBPA { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$ReportName ) Write-Verbose "Getting BPA Report for customer: $CustomerTenantID" $Endpoint = '/api/listbpa' $Params = @{ tenantfilter = $CustomerTenantID Report = $ReportName } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Standards/Get-CIPPBPA.ps1' 39 #Region './public/Tenant/Standards/Get-CIPPBPATemplates.ps1' -1 <# .SYNOPSIS Retrieves the CIPP BPA Templates. .DESCRIPTION The Get-CIPPBPATemplates function retrieves the CIPP (Continuous Improvement and Performance Program) BPA (Best Practice Assessment) Templates from the specified API endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPBPATemplates Retrieves the CIPP BPA Templates. #> function Get-CIPPBPATemplates { [CmdletBinding()] Param() Write-Verbose 'Getting BPA Templates' $Endpoint = '/api/listbpatemplates' Invoke-CIPPRestMethod -Endpoint $Endpoint } #EndRegion './public/Tenant/Standards/Get-CIPPBPATemplates.ps1' 27 #Region './public/Tenant/Standards/Get-CIPPDomainAnalyser.ps1' -1 <# .SYNOPSIS Retrieves the list of domain analyzers for a specific customer tenant. .DESCRIPTION The Get-CIPPDomainAnalyser function retrieves the list of domain analyzers associated with a specific customer tenant. It makes a REST API call to retrieve the list of domain analyzers based on the provided customer tenant ID. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the domain analyzers. .EXAMPLE Get-CIPPDomainAnalyser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the list of domain analyzers for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDomainAnalyser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Domain Analyser List for customer: $CustomerTenantID" $endpoint = '/api/ListDomainAnalyser' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Get-CIPPDomainAnalyser.ps1' 30 #Region './public/Tenant/Standards/Get-CIPPDomainHealth.ps1' -1 <# .SYNOPSIS Gets the domain health information for a specified domain. .DESCRIPTION The Get-CIPPDomainHealth function retrieves domain health information for a specified domain using the CIPP API. It supports various actions such as reading WHOIS records, NS records, MX records, SPF records, DMARC policies, DKIM records, testing DNSSEC, and testing MTA-STS. .PARAMETER DomainName Specifies the name of the domain for which to retrieve the health information. .PARAMETER Action Specifies the action to perform for retrieving the domain health information. Valid values are: - ReadWhoisRecord: Retrieves the WHOIS record for the domain. - ReadNSRecord: Retrieves the NS record for the domain. - ReadMXRecord: Retrieves the MX record for the domain. - ReadSpfRecord: Retrieves the SPF record for the domain. - ReadDmarcPolicy: Retrieves the DMARC policy for the domain. - ReadDkimRecord: Retrieves the DKIM record for the domain. - TestDNSSEC: Tests DNSSEC for the domain. - TestMtaSts: Tests MTA-STS for the domain. .EXAMPLE PS> Get-CIPPDomainHealth -DomainName "contoso.onmicrosoft.com" -Action "ReadWhoisRecord" Retrieves the WHOIS record for the domain "contoso.onmicrosoft.com". .EXAMPLE PS> Get-CIPPDomainHealth -DomainName "contoso.onmicrosoft.com" -Action "TestDNSSEC" Tests DNSSEC for the domain "contoso.onmicrosoft.com". #> function Get-CIPPDomainHealth { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$DomainName, [Parameter(Mandatory = $true)] [ValidateSet('ReadWhoisRecord', 'ReadNSRecord', 'ReadMXRecord', 'ReadSpfRecord', 'ReadDmarcPolicy', 'ReadDkimRecord', 'TestDNSSEC', 'TestMtaSts')] [string]$Action ) Write-Verbose "Getting Domain Health for $DomainName with action $Action" $endpoint = '/api/listdomainhealth' $params = @{ Domain = $DomainName Action = $action } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Get-CIPPDomainHealth.ps1' 52 #Region './public/Tenant/Standards/Get-CIPPStandards.ps1' -1 <# .SYNOPSIS Retrieves the CIPP standards for a specific customer tenant. .DESCRIPTION The Get-CIPPStandards function retrieves the CIPP standards for a specific customer tenant by making a REST API call to the "/api/liststandards" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the standards. .EXAMPLE Get-CIPPStandards -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the CIPP standards for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPStandards -CustomerTenantID "test.onmicrosoft.com" Retrieves the CIPP standards for the customer tenant with ID "test.onmicrosoft.com". #> function Get-CIPPStandards { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID ) Write-Verbose "Getting standards for $CustomerTenantID" $endpoint = '/api/liststandards' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Get-CIPPStandards.ps1' 34 #Region './public/Tenant/Standards/Set-CIPPStandardsRun.ps1' -1 <# .SYNOPSIS Runs standards for a specific customer tenant. .DESCRIPTION The Set-CIPPStandardsRun function runs standards for a specific customer tenant by invoking a REST API endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which the standards should be run. .EXAMPLE Set-CIPPStandardsRun -CustomerTenantID "contoso.onmicrosoft.com" Runs standards for the customer tenant with ID "contoso.onmicrosoft.com". #> function Set-CIPPStandardsRun { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Running standards for $CustomerTenantID" $endpoint = '/api/execstandardsrun' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Set-CIPPStandardsRun.ps1' 30 #Region './public/Tenant/Tools/Get-CIPPAuditLogTest.ps1' -1 <# .SYNOPSIS Retrieves audit logs for a specified customer tenant. .DESCRIPTION The Get-CIPPAuditLogTest function retrieves audit logs for a specified customer tenant based on the log type. .PARAMETER CustomerTenantId Specifies the ID of the customer tenant for which to retrieve audit logs. .PARAMETER LogType Specifies the type of audit logs to retrieve. Valid values are 'Audit.Exchange' and 'Audit.AzureActiveDirectory'. .EXAMPLE Get-CIPPAuditLogTest -CustomerTenantId "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -LogType "Audit.Exchange" Retrieves Exchange audit logs for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAuditLogTest -CustomerTenantId "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -LogType "Audit.AzureActiveDirectory" Retrieves Azure Active Directory audit logs for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAuditLogTest -CustomerTenantId "test.onmicrosoft.com" -LogType "Audit.Exchange" Retrieves Azure Active Directory audit logs for the customer tenant "test.onmicrosoft.com". #> function Get-CIPPAuditLogTest { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantId, [Parameter(Mandatory = $true)] [validateset('Audit.Exchange', 'Audit.AzureActiveDirectory')] [string]$LogType ) Write-Verbose "Looking up $LogType logs for tenant $CustomerTenantId" $endpoint = '/api/ListAuditLogTest' $params = @{ TenantFilter = $CustomerTenantId LogType = $LogType } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPAuditLogTest.ps1' 46 #Region './public/Tenant/Tools/Get-CIPPExternalGEOIPLookup.ps1' -1 <# .SYNOPSIS Performs a Geo IP lookup for a given IP address. .DESCRIPTION The Get-CIPPExternalGEOIPLookup function performs a Geo IP lookup for a given IP address using a REST API. It retrieves information about the geographical location of the IP address. .PARAMETER IP Specifies the IP address for which the Geo IP lookup needs to be performed. The IP address can be in IPv4 or IPv6 format. .EXAMPLE Get-CIPPExternalGEOIPLookup -IP "8.8.8.8" Performs a Geo IP lookup for the IP address "8.8.8.8". .EXAMPLE Get-CIPPExternalGEOIPLookup -IP "2001:0db8:85a3:0000:0000:8a2e:0370:7334" Performs a Geo IP lookup for the IP address "2001:0db8:85a3:0000:0000:8a2e:0370:7334". .INPUTS None. You cannot pipe input to this function. .OUTPUTS System.Object. The function returns the result of the Geo IP lookup as an object. .NOTES This function requires the Invoke-CIPPRestMethod function to be available in the current session. .LINK Invoke-CIPPRestMethod #> function Get-CIPPExternalGEOIPLookup { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [ValidatePattern('^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){1,7}:)|(([0-9A-Fa-f]{1,4}:){1,6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2})|(([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3})|(([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4})|(([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5})|(([0-9A-Fa-f]{1,4}:):(:[0-9A-Fa-f]{1,4}){1,6})|(::([0-9A-Fa-f]{1,4}:){1,7}))$')] [string]$IP ) Write-Verbose "Looking up $ip in Geo DB" $endpoint = '/api/execgeoiplookup' $params = @{ ip = $IP } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPExternalGEOIPLookup.ps1' 47 #Region './public/Tenant/Tools/Get-CIPPExternalTenantInfo.ps1' -1 <# .SYNOPSIS Retrieves external tenant information for a specified tenant. .DESCRIPTION The Get-CIPPExternalTenantInfo function retrieves external tenant information for a specified tenant by making a REST API call to the "/api/ListExternalTenantInfo" endpoint. .PARAMETER Tenant Specifies the name of the tenant for which to retrieve the external tenant information. .EXAMPLE Get-CIPPExternalTenantInfo -Tenant "Contoso.com" Retrieves the external tenant information for the "Contoso" tenant. #> function Get-CIPPExternalTenantInfo { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$Tenant ) Write-Verbose "Getting Tenant info for $Tenant" $endpoint = '/api/ListExternalTenantInfo' $params = @{ tenant = $Tenant } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPExternalTenantInfo.ps1' 31 #Region './public/Tenant/Tools/Get-CIPPGraphRequest.ps1' -1 <# .SYNOPSIS Retrieves graph data from a specified endpoint for a given tenant. .DESCRIPTION The Get-CIPPGraphRequest function queries a specified Graph endpoint for a specific tenant and retrieves the graph data. It supports various optional parameters for customization. .PARAMETER CustomerTenantId Specifies the ID of the customer tenant for which the graph data is requested. This parameter is mandatory. .PARAMETER GraphEndPoint Specifies the endpoint URL of the Graph API. This parameter is mandatory. .PARAMETER count Specifies whether to include the count of items in the response. This parameter is optional. .PARAMETER Select Specifies the properties to include in the response. This parameter is optional. .PARAMETER DisablePagination Specifies whether to disable pagination in the response. This parameter is optional. .PARAMETER Top Specifies the maximum number of items to include in the response. This parameter is optional. .PARAMETER Format Specifies the format of the response. This parameter is optional. .PARAMETER Filter Specifies the filter to apply to the response. This parameter is optional. .PARAMETER Expand Specifies the properties to expand in the response. This parameter is optional. .PARAMETER Search Specifies the search query to apply to the response. This parameter is optional. .PARAMETER ReverseTenantLookupProperty Specifies the property to use for reverse tenant lookup. This parameter is optional. .EXAMPLE Get-CIPPGraphRequest -CustomerTenantId "contoso.onmicrosoft.com" -GraphEndPoint "users" -Select "displayName,mail" -DisablePagination $true -Top 10 Retrieves graph data from the specified endpoint for the tenant with ID "contoso.onmicrosoft.com". The response includes only the "displayName" and "mail" properties, disables pagination, and includes a maximum of 10 items in the response. #> function Get-CIPPGraphRequest { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantId, [Parameter(Mandatory = $true)] [string]$GraphEndPoint, [Parameter(Mandatory = $false)] [bool]$count, [Parameter(Mandatory = $false)] [string]$Select, [Parameter(Mandatory = $false)] [bool]$DisablePagination, [Parameter(Mandatory = $false)] [string]$Top, [Parameter(Mandatory = $false)] [string]$Format, [Parameter(Mandatory = $false)] [string]$Filter, [Parameter(Mandatory = $false)] [string]$Expand, [Parameter(Mandatory = $false)] [string]$Search, [Parameter(Mandatory = $false)] [string]$ReverseTenantLookupProperty ) Write-Verbose "Querying Graph Endpoint $EndPoint for tenant $CustomerTenantId" $endpoint = '/api/ListGraphRequest' $params = [ordered]@{ tenantFilter = $CustomerTenantId endpoint = $GraphEndPoint } $optionalParams = @{ '$count' = $count '$select' = $Select 'NoPagination' = if ($DisablePagination) { 'true' } else { 'false' } '$top' = $Top '$format' = $Format '$filter' = $Filter '$expand' = $Expand '$search' = $Search 'reverseTenantLookupProperty' = $ReverseTenantLookupProperty } foreach ($key in $optionalParams.Keys) { if ($null -ne $optionalParams[$key]) { $params[$key] = $optionalParams[$key] } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPGraphRequest.ps1' 100 |