#Region './private/Connect-CIPP.ps1' -1 <# .SYNOPSIS Connects to the CIPP API using the provided credentials. .DESCRIPTION The Connect-CIPP function establishes a connection to the CIPP API by obtaining an access token using the client credentials flow. It requires the CIPP API URL, client ID, client secret, and tenant ID as input parameters. .PARAMETER CIPPAPIUrl The URL of the CIPP API. .PARAMETER CIPPClientID The client ID used to authenticate with the CIPP API. .PARAMETER CIPPClientSecret The client secret used to authenticate with the CIPP API. .PARAMETER TenantID The ID of the tenant associated with the CIPP API. .EXAMPLE Connect-CIPP -CIPPAPIUrl "" -CIPPClientID "12345678-1234-1234-1234-1234567890ab" -CIPPClientSecret "MyClientSecret" -TenantID "98765432-4321-4321-4321-0987654321ba" Connects to the CIPP API using the specified credentials. #> function Connect-CIPP { [CmdletBinding()] Param( [string]$CIPPAPIUrl, [string]$CIPPClientID, [string]$CIPPClientSecret, [string]$TenantID ) $Script:AuthBody = @{ client_id = $script:CIPPClientID client_secret = $script:CIPPClientSecret scope = "api://$($script:CIPPClientID)/.default" grant_type = 'client_credentials' } $token = Invoke-RestMethod -Uri "$script:TenantId/oauth2/v2.0/token" -Method POST -Body $AuthBody $script:AuthHeader = @{ Authorization = "Bearer $($token.access_token)" } $script:TokenAcquiredTime = Get-Date $script:ExpiresIn = $token.expires_in } #EndRegion './private/Connect-CIPP.ps1' 47 #Region './private/Get-TokenExpiry.ps1' -1 <# .SYNOPSIS Calculates the expiry date and time for a token. .DESCRIPTION The Get-TokenExpiry function calculates the expiry date and time for a token based on the token's expiration time in seconds. .PARAMETER ExpiresIn Specifies the expiration time of the token in seconds. If not provided, the function uses the default expiration time stored in the $script:ExpiresIn variable. .OUTPUTS System.DateTime The calculated expiry date and time for the token. .EXAMPLE Get-TokenExpiry -ExpiresIn 3600 Calculates the expiry date and time for a token that expires in 3600 seconds (1 hour). #> function Get-TokenExpiry { [CmdletBinding()] [OutputType([DateTime])] param ( [Parameter(Mandatory = $false)] [int64]$ExpiresIn = $script:ExpiresIn ) if ($script:ExpiresIn -eq $null) { return } else { $Script:ExpiryDateTime = $script:TokenAcquiredTime.AddSeconds($script:ExpiresIn) Write-Verbose "Calculated token expiry as $Script:ExpiryDateTime" } } #EndRegion './private/Get-TokenExpiry.ps1' 35 #Region './private/Helpers/ConvertTo-FormattedArray.ps1' -1 <# .SYNOPSIS Converts an input array into a formatted array with labels. .DESCRIPTION The ConvertTo-FormattedArray function takes an input array and a label prefix as parameters. It iterates through each item in the input array and creates a formatted array with labels. Each item in the formatted array is a hashtable with two properties: 'value' and 'label'. The 'value' property contains the original item from the input array, and the 'label' property contains the concatenation of the label prefix and the item. .PARAMETER inputArray The input array to be converted into a formatted array. .PARAMETER labelPrefix The prefix to be added to each item in the formatted array as a label. .EXAMPLE $inputArray = 1, 2, 3 $labelPrefix = "Item" ConvertTo-FormattedArray -inputArray $inputArray -labelPrefix $labelPrefix This example will convert the input array [1, 2, 3] into a formatted array with labels. The resulting formatted array will be: [ @{ value = 1 label = "Item - 1" }, @{ value = 2 label = "Item - 2" }, @{ value = 3 label = "Item - 3" } ] #> function ConvertTo-FormattedArray { param ( [array]$inputArray, [string]$labelPrefix ) $formattedArray = @() foreach ($item in $inputArray) { $formattedArray += @{ value = $item label = "$labelPrefix - $item" } } return $formattedArray } #EndRegion './private/Helpers/ConvertTo-FormattedArray.ps1' 51 #Region './private/Helpers/ConvertTo-UnixTime.ps1' -1 function ConvertTo-UnixTime { [CmdletBinding()] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)] [datetime]$DateTime ) $unixEpoch = [DateTime]::new(1970, 1, 1, 0, 0, 0, [DateTimeKind]::Utc) $unixTime = ([int64]($DateTime.ToUniversalTime() - $unixEpoch).TotalSeconds) return $unixTime } #EndRegion './private/Helpers/ConvertTo-UnixTime.ps1' 12 #Region './private/Invoke-CIPPPreFlightCheck.ps1' -1 <# .SYNOPSIS Invokes the pre-flight check before connecting to the CIPP API. .DESCRIPTION This function performs a pre-flight check before connecting to the CIPP API. It checks if the required CIPP API information is available and if the token has expired. If the information is not found or the token has expired, it connects to the CIPP API using the provided credentials. .PARAMETER None This function does not accept any parameters. .EXAMPLE Invoke-CIPPPreFlightCheck #> function Invoke-CIPPPreFlightCheck { [CmdletBinding()] param () if ($null -eq $Script:CIPPClientID -or $null -eq $Script:CIPPClientSecret -or $null -eq $Script:CIPPAPIUrl -or $null -eq $Script:TenantID) { throw 'Cannot continue: CIPP API information not found. Please run Set-CIPPAPIDetails before connecting to the API.' break } Get-TokenExpiry if ((-not $Script:ExpiryDateTime) -or ($script:ExpiryDateTime -lt (Get-Date))) { Write-Verbose 'Token expired or not found. Connecting to CIPP' $request = @{ CIPPClientID = $script:CIPPClientID CIPPClientSecret = $script:CIPPClientSecret CIPPAPIUrl = $script:CIPPAPIUrl TenantID = $TenantID } Connect-CIPP @request } } #EndRegion './private/Invoke-CIPPPreFlightCheck.ps1' 38 #Region './public/CIPP/Core/Get-CIPPAccessCheck.ps1' -1 <# .SYNOPSIS Performs a tenant access check for the specified customer tenant ID. .DESCRIPTION The Get-CIPPAccessCheck function performs a tenant access check for the specified customer tenant ID. It sends a POST request to the "/api/execaccesschecks" endpoint with the provided tenant ID. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the access check needs to be performed. .EXAMPLE Get-CIPPAccessCheck -CustomerTenantID "87654321-4321-4321-4321-0987654321BA" Runs a tenant access check for the customer tenant ID "87654321-4321-4321-4321-0987654321BA". #> function Get-CIPPAccessCheck { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string[]]$CustomerTenantID ) Write-Verbose "Running tenant access check for $CustomerTenantID" $Endpoint = '/api/execaccesschecks' $params = @{ tenants = 'true' } $body = @{ tenantid = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Params $params -Method POST } #EndRegion './public/CIPP/Core/Get-CIPPAccessCheck.ps1' 34 #Region './public/CIPP/Core/Get-CIPPApplicationQueue.ps1' -1 <# .SYNOPSIS Retrieves a list of applications from the queue for a specific customer. .DESCRIPTION The Get-CIPPApplicationQueue function retrieves a list of applications from the queue for a specific customer identified by their tenant ID. .EXAMPLE Get-CIPPApplicationQueue Retrieves the applications from the queue for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .NOTES Requires appropriate permissions to access queue information. #> function Get-CIPPApplicationQueue { [CmdletBinding()] Param() Write-Verbose "Getting Application Queue for customer: $CustomerTenantID" $endpoint = '/api/ListApplicationQueue' $params = @{ } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPApplicationQueue.ps1' 26 #Region './public/CIPP/Core/Get-CIPPAuditLogSearches.ps1' -1 <# .SYNOPSIS Retrieves audit log searches for a specific customer. .DESCRIPTION The Get-CIPPAuditLogSearches function retrieves audit log searches for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the audit log searches. .PARAMETER SearchId The ID of the search to retrieve results for. .PARAMETER Days The number of days to retrieve audit log searches for. .PARAMETER Type The type of search to perform (e.g., 'Searches', 'SearchResults'). .EXAMPLE Get-CIPPAuditLogSearches -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Type "Searches" Retrieves the audit log searches for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAuditLogSearches -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -SearchId "12345" -Type "SearchResults" Retrieves the results of the audit log search with ID "12345" for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .NOTES Requires appropriate permissions to access audit log information. #> function Get-CIPPAuditLogSearches { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$SearchId, [Parameter(Mandatory = $false)] [int]$Days, [Parameter(Mandatory = $false)] [string]$Type ) Write-Verbose "Getting Audit Log Searches for customer: $CustomerTenantID" $endpoint = '/api/ListAuditLogSearches' $params = @{ tenantFilter = $CustomerTenantID SearchId = $SearchId Days = $Days Type = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPAuditLogSearches.ps1' 58 #Region './public/CIPP/Core/Get-CIPPBackup.ps1' -1 <# .SYNOPSIS Lists CIPP backups. .DESCRIPTION The Get-CIPPBackup function retrieves a list of CIPP backups, with optional filtering capabilities. .PARAMETER Type Optional. Filter backups by type. .PARAMETER TenantFilter Optional. Filter backups by tenant. .PARAMETER BackupName Optional. Filter backups by name. .PARAMETER NameOnly Optional. When specified, returns only backup names and timestamps. .EXAMPLE Get-CIPPBackup Returns all backups. .EXAMPLE Get-CIPPBackup -Type "Configuration" -TenantFilter "" Returns configuration backups for the specified tenant. .EXAMPLE Get-CIPPBackup -NameOnly Returns a list of backup names and timestamps. .NOTES Requires CIPP.Backup.Read permissions. #> function Get-CIPPBackup { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [string]$Type, [Parameter(Mandatory = $false)] [string]$TenantFilter, [Parameter(Mandatory = $false)] [string]$BackupName, [Parameter(Mandatory = $false)] [switch]$NameOnly ) Write-Verbose 'Getting backup information' $endpoint = '/api/ExecListBackup' $params = @{} if ($Type) { Write-Verbose "Filtering by type: $Type" $params['Type'] = $Type } if ($TenantFilter) { Write-Verbose "Filtering by tenant: $TenantFilter" $params['TenantFilter'] = $TenantFilter } if ($BackupName) { Write-Verbose "Filtering by name: $BackupName" $params['BackupName'] = $BackupName } if ($NameOnly) { Write-Verbose 'Returning names only' $params['NameOnly'] = $true } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/CIPP/Core/Get-CIPPBackup.ps1' 76 #Region './public/CIPP/Core/Get-CIPPCommunityRepos.ps1' -1 <# .SYNOPSIS Retrieves a list of community repositories and adds them to the database if they are missing. .DESCRIPTION The Get-CIPPCommunityRepos function retrieves a list of community repositories and adds them to the database if they are missing. .EXAMPLE Get-CIPPCommunityRepos Retrieves the community repositories .NOTES Requires appropriate permissions to access repository information. #> function Get-CIPPCommunityRepos { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose 'Getting Community Repositories' $endpoint = '/api/ListCommunityRepos' $params = @{ } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPCommunityRepos.ps1' 29 #Region './public/CIPP/Core/Get-CIPPConditionalAccessPolicyChanges.ps1' -1 <# .SYNOPSIS Retrieves conditional access policy changes for a specific customer. .DESCRIPTION The Get-CIPPConditionalAccessPolicyChanges function retrieves conditional access policy changes for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the conditional access policy changes. .PARAMETER PolicyId The ID of the policy for which to retrieve changes. .PARAMETER PolicyDisplayName The display name of the policy for which to retrieve changes. .EXAMPLE Get-CIPPConditionalAccessPolicyChanges -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -PolicyId "12345" -PolicyDisplayName "Example Policy" Retrieves the conditional access policy changes for the policy with ID "12345" and display name "Example Policy" for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .NOTES Requires appropriate permissions to access conditional access policy information. #> function Get-CIPPConditionalAccessPolicyChanges { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$PolicyId, [Parameter(Mandatory = $false)] [string]$PolicyDisplayName ) Write-Verbose "Getting Conditional Access Policy Changes for customer: $CustomerTenantID" $endpoint = '/api/ListConditionalAccessPolicyChanges' $params = @{ tenantFilter = $CustomerTenantID id = $PolicyId displayName = $PolicyDisplayName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPConditionalAccessPolicyChanges.ps1' 47 #Region './public/CIPP/Core/Get-CIPPConnectionFilterTemplates.ps1' -1 <# .SYNOPSIS Retrieves connection filter templates for a specific customer. .DESCRIPTION The Get-CIPPConnectionFilterTemplates function retrieves connection filter templates for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the connection filter templates. .EXAMPLE Get-CIPPConnectionFilterTemplates -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the connection filter templates for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .NOTES Requires appropriate permissions to access connection filter templates. #> function Get-CIPPConnectionFilterTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Connection Filter Templates for customer: $CustomerTenantID" $endpoint = '/api/ListConnectionFilterTemplates' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPConnectionFilterTemplates.ps1' 33 #Region './public/CIPP/Core/Get-CIPPCustomRole.ps1' -1 <# .SYNOPSIS Retrieves custom roles for a specific customer. .DESCRIPTION The Get-CIPPCustomRole function retrieves custom roles for a specific customer identified by their tenant ID. .EXAMPLE Get-CIPPCustomRole Retrieves the custom roles for the customer. .NOTES Requires appropriate permissions to access custom role information. #> function Get-CIPPCustomRole { [CmdletBinding()] Param() Write-Verbose 'Getting Custom Roles' $endpoint = '/api/ListCustomRole' $params = @{} Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPCustomRole.ps1' 25 #Region './public/CIPP/Core/Get-CIPPEmptyResult.ps1' -1 <# .SYNOPSIS Returns an empty result. .DESCRIPTION The Get-CIPPEmptyResult function is a utility function that purposely returns an empty array. This can be useful for testing, initialization scenarios, or as a placeholder when no data is expected. .EXAMPLE Get-CIPPEmptyResult Returns an empty array. .NOTES Requires CIPP.Core permissions. This is a utility function that always returns an empty array. #> function Get-CIPPEmptyResult { [CmdletBinding()] param() Write-Verbose 'Retrieving empty result' $endpoint = '/api/ListEmptyResults' Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET } #EndRegion './public/CIPP/Core/Get-CIPPEmptyResult.ps1' 27 #Region './public/CIPP/Core/Get-CIPPExecAPIPermissionsList.ps1' -1 <# .SYNOPSIS Retrieves the list of CIPP execution API permissions. .DESCRIPTION The Get-CIPPExecAPIPermissionsList function retrieves the list of CIPP execution API permissions by making a REST API call to the specified endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPExecAPIPermissionsList Retrieves the list of CIPP execution API permissions. #> function Get-CIPPExecAPIPermissionsList { [CmdletBinding()] Param() Write-Verbose 'Getting CIPP Logs' $endpoint = '/api/ExecAPIPermissionList' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/CIPP/Core/Get-CIPPExecAPIPermissionsList.ps1' 27 #Region './public/CIPP/Core/Get-CIPPExoRequest.ps1' -1 <# .SYNOPSIS Retrieves Exo requests for a specific customer. .DESCRIPTION The Get-CIPPExoRequest function retrieves Exo requests for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the Exo requests. .EXAMPLE Get-CIPPExoRequest -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Exo requests for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .NOTES Requires appropriate permissions to access Exo request information. #> function Get-CIPPExoRequest { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Exo Requests for customer: $CustomerTenantID" $endpoint = '/api/ListExoRequest' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPExoRequest.ps1' 33 #Region './public/CIPP/Core/Get-CIPPExtensionSync.ps1' -1 <# .SYNOPSIS Retrieves extension sync information for a specific customer. .DESCRIPTION The Get-CIPPExtensionSync function retrieves extension sync information for a specific customer identified by their tenant ID. .EXAMPLE Get-CIPPExtensionSync Retrieves the extension sync information for the customer. .NOTES Requires appropriate permissions to access extension sync information. #> function Get-CIPPExtensionSync { [CmdletBinding()] Param() Write-Verbose 'Getting Extension Sync' $endpoint = '/api/ListExtensionSync' $params = @{} Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPExtensionSync.ps1' 25 #Region './public/CIPP/Core/Get-CIPPFunctionParameters.ps1' -1 <# .SYNOPSIS Retrieves the parameters of a CIPP function. .DESCRIPTION The Get-CIPPFunctionParameters function is used to retrieve the parameters of a CIPP function. It sends a request to the "/api/ListFunctionParameters" endpoint and returns the response. .PARAMETER Module Specifies the name of the module containing the function. This parameter is optional. .PARAMETER Function Specifies the name of the function. This parameter is optional. .PARAMETER Compliance Specifies whether to retrieve compliance-related parameters. This parameter is optional and defaults to $false. .EXAMPLE Get-CIPPFunctionParameters -Module "CIPPCore" -Function "Set-CIPPUserLicense" Retrieves the compliance-related parameters of the specified function in the specified module. .EXAMPLE Get-CIPPFunctionParameters -Module "CIPPCore" Retrieves all parameters of all functions in the specified module. #> function Get-CIPPFunctionParameters { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$Module, [Parameter(Mandatory = $false)] [string]$Function, [parameter(Mandatory = $false)] [bool]$Compliance = $false ) Write-Verbose 'Getting Function Parameters' $Endpoint = '/api/ListFunctionParameters' $params = @{ Module = $Module Function = $Function Compliance = $Compliance } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPFunctionParameters.ps1' 48 #Region './public/CIPP/Core/Get-CIPPFunctionStats.ps1' -1 <# .SYNOPSIS Gets CIPP function statistics. .DESCRIPTION The Get-CIPPFunctionStats function retrieves statistical information about CIPP function usage and performance. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant to filter results for. Use 'AllTenants' to view all tenants. .PARAMETER FunctionType Specifies the type of functions to retrieve stats for. Defaults to 'Durable'. .PARAMETER LookbackPeriod A timespan object specifying how far back to retrieve stats from. Will be converted to appropriate interval (days, hours, or minutes). .EXAMPLE Get-CIPPFunctionStats -CustomerTenantID "AllTenants" -FunctionType "Durable" -LookbackPeriod ([TimeSpan]::FromDays(7)) Gets function statistics for all tenants from the past 7 days. .EXAMPLE Get-CIPPFunctionStats -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LookbackPeriod ([TimeSpan]::FromHours(24)) Gets function statistics for the specified tenant from the past 24 hours. .NOTES Requires CIPP.Core.Read permissions. #> function Get-CIPPFunctionStats { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$FunctionType = 'Durable', [Parameter(Mandatory = $false)] [timespan]$LookbackPeriod ) Write-Verbose "Getting function statistics for tenant filter '$CustomerTenantID'" $endpoint = '/api/ListFunctionStats' $params = @{ TenantFilter = $CustomerTenantID FunctionType = $FunctionType } if ($LookbackPeriod) { if ($LookbackPeriod.Days -gt 0) { $params['Interval'] = 'Days' $params['Time'] = $LookbackPeriod.Days } elseif ($LookbackPeriod.Hours -gt 0) { $params['Interval'] = 'Hours' $params['Time'] = $LookbackPeriod.Hours } else { $params['Interval'] = 'Minutes' $params['Time'] = $LookbackPeriod.Minutes } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/CIPP/Core/Get-CIPPFunctionStats.ps1' 66 #Region './public/CIPP/Core/Get-CIPPGDAPAccessAssignments.ps1' -1 <# .SYNOPSIS Retrieves GDAP access assignments for a specific customer. .DESCRIPTION The Get-CIPPGDAPAccessAssignments function retrieves GDAP access assignments for a specific customer identified by their tenant ID. .PARAMETER Id The ID of the access assignment to retrieve. .EXAMPLE Get-CIPPGDAPAccessAssignments -Id "12345" Retrieves the GDAP access assignments with the given assignment ID "12345". .NOTES Requires appropriate permissions to access GDAP access assignments. #> function Get-CIPPGDAPAccessAssignments { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$Id ) Write-Verbose "Getting GDAP Access Assignments for ID: $Id" $endpoint = '/api/ListGDAPAccessAssignments' $params = @{ Id = $Id } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPGDAPAccessAssignments.ps1' 33 #Region './public/CIPP/Core/Get-CIPPGenericTestFunction.ps1' -1 <# .SYNOPSIS Retrieves generic test function information for a specific customer. .DESCRIPTION The Test-CIPPGenericFunction function retrieves generic test function information for a specific customer identified by their tenant ID. .EXAMPLE Get-TestCIPPGenericFunction Retrieves the generic test function information for the customer. .NOTES Requires appropriate permissions to access generic test function information. #> function Test-CIPPGenericFunction { [CmdletBinding()] Param() Write-Verbose 'Testing Generic Test Function' $endpoint = '/api/ListGenericTestFunction' $params = @{} Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPGenericTestFunction.ps1' 25 #Region './public/CIPP/Core/Get-CIPPKnownIPDB.ps1' -1 <# .SYNOPSIS Retrieves the Known IP Database for a specific customer tenant. .DESCRIPTION The Get-CIPPKnownIPDB function retrieves the Known IP Database for a specific customer tenant by making a REST API call to the "/api/listknownipdb" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the Known IP Database. .EXAMPLE Get-CIPPKnownIPDB -CustomerTenantID "12345678" Retrieves the Known IP Database for the customer tenant with ID "12345678". .INPUTS None. .OUTPUTS System.Object .NOTES This function requires the Invoke-CIPPRestMethod function to be available. .LINK Invoke-CIPPRestMethod #> function Get-CIPPKnownIPDB { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID ) Write-Verbose "Getting Known IP Database for $CustomerTenantID" $endpoint = '/api/listknownipdb' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Get-CIPPKnownIPDB.ps1' 41 #Region './public/CIPP/Core/Get-CIPPLogs.ps1' -1 <# .SYNOPSIS Retrieves CIPP logs from the API. .DESCRIPTION The Get-CIPPLogs function retrieves logs from the CIPP API by invoking the "/api/ListLogs" endpoint. .PARAMETER Severity Accepts any of: debug,info,warn,error,critical,alert. If DateFilter is not specified alongside, it assumes current date in local time. .PARAMETER DateFilter Date in "yyyyMMdd" format. This should be in the time zone of your CIPP instance (default UTC). .EXAMPLE Get-CIPPLogs Retrieves CIPP logs from the API. .EXAMPLE Get-CIPPLogs -Severity "Alert" -DateFilter "20240711" Retrieves CIPP logs matching "alert" on 20240711 #> function Get-CIPPLogs { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [ValidateSet( 'error', 'alert', 'debug', 'info', 'warn', 'critical' )] [string]$Severity, [Parameter(Mandatory = $false)] [string]$DateFilter = (Get-Date -Format 'yyyyMMdd') ) $endpoint = '/api/ListLogs' $Params = @{ 'Filter' = $True 'DateFilter' = $DateFilter } if ($Severity) { $Params['Severity'] = $Severity } Write-Verbose 'Getting CIPP Logs' Invoke-CIPPRestMethod -Endpoint $endpoint -Param $Params } #EndRegion './public/CIPP/Core/Get-CIPPLogs.ps1' 56 #Region './public/CIPP/Core/Get-CIPPQueue.ps1' -1 <# .SYNOPSIS Gets items from the CIPP queue. .DESCRIPTION The Get-CIPPQueue function retrieves items from the CIPP queue system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER QueueType Specifies the type of queue items to retrieve. If not specified, returns all queue items. .EXAMPLE Get-CIPPQueue -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Retrieves all queue items for the specified tenant. .EXAMPLE Get-CIPPQueue -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -QueueType "Applications" Retrieves application-related queue items for the specified tenant. .NOTES Requires appropriate permissions to access queue information. #> function Get-CIPPQueue { [CmdletBinding()] param () Write-Verbose 'Getting queue items' $endpoint = '/api/ListCippQueue' $params = @{ } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/CIPP/Core/Get-CIPPQueue.ps1' 37 #Region './public/CIPP/Core/Remove-CIPPQueue.ps1' -1 <# .SYNOPSIS Removes an item from the CIPP queue. .DESCRIPTION The Remove-CIPPQueue function removes a specified item from the CIPP queue system. .PARAMETER QueueId Specifies the ID of the queue item to remove. .EXAMPLE Remove-CIPPQueue -QueueId "12345678-1234-1234-1234-1234567890AB" Removes the specified item from the CIPP queue. .NOTES Requires appropriate permissions to manage queue items. #> function Remove-CIPPQueue { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$QueueId ) Write-Verbose "Removing queue item $QueueId" $endpoint = '/api/RemoveCippQueue' $body = @{} Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/CIPP/Core/Remove-CIPPQueue.ps1' 33 #Region './public/CIPP/Core/Set-CIPPExecCPVPerms.ps1' -1 <# .SYNOPSIS Sets the CPV (Customer Provided Values) permissions for a specific customer tenant. .DESCRIPTION The Set-CIPPExecCPVPerms function is used to refresh the CPV permissions for a specified customer tenant. It calls the Invoke-CIPPRestMethod function internally to make the REST API call. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the CPV permissions need to be refreshed. This parameter is mandatory. .PARAMETER ResetSP Specifies whether to reset the Stored Procedure (SP) associated with the CPV permissions. The valid values are "true" and "false". This parameter is optional and defaults to "false". .EXAMPLE Set-CIPPExecCPVPerms -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -ResetSP "true" Refreshes the CPV permissions for the customer tenant with the ID "12345678-1234-1234-1234-1234567890AB" and resets the associated Stored Procedure. .EXAMPLE Set-CIPPExecCPVPerms -CustomerTenantID "87654321-4321-4321-4321-0987654321BA" Refreshes the CPV permissions for the customer tenant with the ID "87654321-4321-4321-4321-0987654321BA" without resetting the associated Stored Procedure. #> function Set-CIPPExecCPVPerms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [guid]$CustomerTenantID, [Parameter(Mandatory = $false)] [bool]$ResetSP = $false ) Write-Verbose "Refreshing CPV for $CustomerTenantID" $endpoint = '/api/ExecCPVPermissions' $params = @{ tenantFilter = $CustomerTenantID ResetSP = if ($ResetSP -eq $true) { 'true' } else { 'false' } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Core/Set-CIPPExecCPVPerms.ps1' 39 #Region './public/CIPP/Core/Test-CIPPApiConnection.ps1' -1 <# .SYNOPSIS Tests connectivity to the CIPP API. .DESCRIPTION The Test-CIPPApiConnection function sends a test request to the CIPP API and returns the response, which can be used to verify connectivity and examine request/response details. .EXAMPLE Test-CIPPApiConnection Returns the API response with request details. .NOTES Requires CIPP.Core.Read permissions. This is a diagnostic function that echoes back request details. #> function Test-CIPPApiConnection { [CmdletBinding()] param() Write-Verbose 'Testing API connectivity' $endpoint = '/api/ListApiTest' Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET } #EndRegion './public/CIPP/Core/Test-CIPPApiConnection.ps1' 27 #Region './public/CIPP/Scheduler/Get-CIPPScheduledTask.ps1' -1 <# .SYNOPSIS Gets scheduled tasks from CIPP. .DESCRIPTION The Get-CIPPScheduledTask function retrieves scheduled tasks from CIPP with optional filtering capabilities. .PARAMETER ShowHidden Optional. If specified, includes hidden tasks in the results. .PARAMETER Name Optional. Filter tasks by name. .PARAMETER Type Optional. Filter tasks by command type. .EXAMPLE Get-CIPPScheduledTask Returns all visible scheduled tasks. .EXAMPLE Get-CIPPScheduledTask -ShowHidden Returns all scheduled tasks, including hidden ones. .EXAMPLE Get-CIPPScheduledTask -Name "Daily Backup" -Type "Backup" Returns tasks matching the specified name and type. .NOTES Requires CIPP.Scheduler.Read permissions. Tasks are filtered based on the user's tenant access permissions. #> function Get-CIPPScheduledTask { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [switch]$ShowHidden, [Parameter(Mandatory = $false)] [string]$Name, [Parameter(Mandatory = $false)] [string]$Type ) Write-Verbose 'Getting scheduled tasks' $endpoint = '/api/ListScheduledItems' $params = @{} if ($ShowHidden) { Write-Verbose 'Including hidden tasks' $params['ShowHidden'] = $true } if ($Name) { Write-Verbose "Filtering by name: $Name" $params['Name'] = $Name } if ($Type) { Write-Verbose "Filtering by type: $Type" $params['Type'] = $Type } $tasks = Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET foreach ($task in $tasks) { # Ensure Parameters property exists if (-not $task.Parameters) { $task | Add-Member -NotePropertyName Parameters -NotePropertyValue @{} -Force } # Convert Parameters from string to object if needed elseif ($task.Parameters -is [string]) { try { $task.Parameters = $task.Parameters | ConvertFrom-Json -ErrorAction Stop } catch { Write-Verbose "Failed to parse Parameters JSON for task: $($task.Name)" $task.Parameters = @{} } } } $tasks } #EndRegion './public/CIPP/Scheduler/Get-CIPPScheduledTask.ps1' 85 #Region './public/CIPP/Security/Get-CIPPTrustedIP.ps1' -1 <# .SYNOPSIS Gets the list of trusted IPs. .DESCRIPTION The Get-CIPPTrustedIP function retrieves the list of trusted IP addresses from CIPP. .EXAMPLE Get-CIPPTrustedIP Returns all trusted IP addresses configured in CIPP. .NOTES Requires CIPP.Core.Read permissions. #> function Get-CIPPTrustedIP { [CmdletBinding()] param () Write-Verbose 'Getting trusted IP addresses' $endpoint = '/api/ListIPWhitelist' Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET } #EndRegion './public/CIPP/Security/Get-CIPPTrustedIP.ps1' 26 #Region './public/CIPP/Settings/Get-CIPPExcludedLicenses.ps1' -1 <# .SYNOPSIS Retrieves the list of excluded licenses from CIPP. .DESCRIPTION The Get-CIPPExcludedLicenses function is used to retrieve the list of excluded licenses from CIPP. It sends a request to the API endpoint "/api/execexcludelicenses" with the parameter "List" set to "true" to get the excluded license list. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPExcludedLicenses # Retrieves the list of excluded licenses from the CIPP API. .NOTES This function requires the Invoke-CIPPRestMethod function to be available in the current session. #> function Get-CIPPExcludedLicenses { [CmdletBinding()] Param() Write-Verbose 'Getting Excluded License List' $endpoint = '/api/execexcludelicenses' $params = @{ List = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Settings/Get-CIPPExcludedLicenses.ps1' 32 #Region './public/CIPP/Settings/Get-CIPPExcludedTenants.ps1' -1 <# .SYNOPSIS Retrieves a list of excluded tenants. .DESCRIPTION The Get-CIPPExcludedTenants function retrieves a list of excluded tenants from CIPP. It can retrieve all tenants or only the ones that are currently excluded. .PARAMETER ListAll Specifies whether to retrieve all tenants or only the ones that are currently excluded. By default, it retrieves only the excluded tenants. .EXAMPLE Get-CIPPExcludedTenants Retrieves the list of currently excluded tenants. .EXAMPLE Get-CIPPExcludedTenants -ListAll Retrieves the list of all tenants, including the ones that are not currently excluded. #> function Get-CIPPExcludedTenants { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [switch]$ListAll ) Write-Verbose 'Getting Excluded Tenants List' $endpoint = '/api/execexcludetenant' if (!$listAll) { $params = @{ List = 'true' } } else { $params = @{ ListAll = 'true' } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/CIPP/Settings/Get-CIPPExcludedTenants.ps1' 44 #Region './public/CIPP/Settings/Get-CIPPNotificationConfig.ps1' -1 <# .SYNOPSIS Gets the CIPP notification configuration. .DESCRIPTION The Get-CIPPNotificationConfig function retrieves the notification configuration settings from CIPP, including log inclusion settings and severity levels. .EXAMPLE Get-CIPPNotificationConfig Returns the current notification configuration. .NOTES Requires CIPP.AppSettings.Read permissions. The configuration includes which logs to include and severity levels for notifications. #> function Get-CIPPNotificationConfig { [CmdletBinding()] param () Write-Verbose 'Getting notification configuration' $endpoint = '/api/ListNotificationConfig' $result = Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET # Convert the result to a more friendly PowerShell object if ($result) { [PSCustomObject]@{ LogsToInclude = $result.logsToInclude Severity = $result.Severity Email = $ Webhook = $result.webhook SendToIntegration = $result.sendtoIntegration IncludeTenantId = $result.includeTenantId OneEmailPerTenant = $result.onePerTenant Schedule = $result.schedule Type = $result.type } } else { Write-Warning 'No notification configuration found' $null } } #EndRegion './public/CIPP/Settings/Get-CIPPNotificationConfig.ps1' 45 #Region './public/CIPP/Settings/Get-CIPPVersion.ps1' -1 <# .SYNOPSIS Retrieves the version of the CIPP application. .DESCRIPTION The Get-CIPPVersion function retrieves the version of the CIPP application by making a REST API call to the "/api/GetVersion" endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPVersion Retrieves the version of the CIPP application. #> function Get-CIPPVersion { [CmdletBinding()] Param() Write-Verbose 'Getting CIPP Version' $endpoint = '/api/GetVersion' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/CIPP/Settings/Get-CIPPVersion.ps1' 25 #Region './public/CIPP/Settings/Set-CIPPExcludeLicense.ps1' -1 <# .SYNOPSIS Sets the exclusion status of a license in CIPP. .DESCRIPTION The Set-CIPPExcludeLicense function is used to set the exclusion status of a license in CIPP. It allows you to add or remove a license from the exclusion list. .PARAMETER LicenseGUID Specifies the GUID of the license to be excluded or included. .PARAMETER SKUName Specifies the SKU name of the license. .PARAMETER RemoveExclusion Indicates whether to remove the license from the exclusion list. This switch cannot be used together with the -AddExclusion switch. .PARAMETER AddExclusion Indicates whether to add the license to the exclusion list. This switch cannot be used together with the -RemoveExclusion switch. .EXAMPLE Set-CIPPExcludeLicense -LicenseGUID "12345678-1234-1234-1234-1234567890AB" -SKUName "ExampleSKU" -RemoveExclusion Removes the license with the specified GUID from the exclusion list. .EXAMPLE Set-CIPPExcludeLicense -LicenseGUID "12345678-1234-1234-1234-1234567890AB" -SKUName "ExampleSKU" -AddExclusion Adds the license with the specified GUID to the exclusion list. #> function Set-CIPPExcludeLicense { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [guid]$LicenseGUID, [Parameter(Mandatory = $true)] [string]$SKUName, [Parameter()] [switch]$RemoveExclusion, [Parameter()] [switch]$AddExclusion ) # Ensure only one of the switches is used if ($AddExclusion -and $RemoveExclusion) { throw 'You cannot use both -AddExclusion and -RemoveExclusion switches at the same time.' } if (-not $AddExclusion -and -not $RemoveExclusion) { throw 'You must specify either -AddExclusion or -RemoveExclusion switch.' } $endpoint = '/api/execexcludelicenses' if ($RemoveExclusion) { $params = @{ GUID = $LicenseGUID RemoveExclusion = $true } Write-Verbose "Removing License $LicenseGUID from the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } else { $params = @{ AddExclusion = $true } $body = @{ GUID = $LicenseGUID SKUName = $SKUName } Write-Verbose "Adding License $LicenseGUID to the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Body $body -Method POST } } #EndRegion './public/CIPP/Settings/Set-CIPPExcludeLicense.ps1' 72 #Region './public/CIPP/Settings/Set-CIPPExcludeTenant.ps1' -1 <# .SYNOPSIS Sets the exclusion status for a customer tenant in the CIPP system. .DESCRIPTION The Set-CIPPExcludeTenant function is used to add or remove a customer tenant from the exclusion list in the CIPP system. Exclusion means that the tenant will be excluded from certain operations or processes in the system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. If you are adding a tenant, this needs to be their default domain (, if you are excluding a tenant this needs to be the tenant ID Guid (1fefeb73-0947-4803-a720-92be0e9a7d8e) .PARAMETER AddExclusion Indicates whether to add the customer tenant to the exclusion list. This switch cannot be used together with the RemoveExclusion switch. .PARAMETER RemoveExclusion Indicates whether to remove the customer tenant from the exclusion list. This switch cannot be used together with the AddExclusion switch. .EXAMPLE Set-CIPPExcludeTenant -CustomerTenantID "1fefeb73-0947-4803-a720-92be0e9a7d8e" -AddExclusion Adds the customer tenant with ID "1fefeb73-0947-4803-a720-92be0e9a7d8e" to the exclusion list. .EXAMPLE Set-CIPPExcludeTenant -CustomerTenantID "" -RemoveExclusion Removes the customer tenant with ID "" from the exclusion list. #> function Set-CIPPExcludeTenant { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter()] [switch]$AddExclusion, [Parameter()] [switch]$RemoveExclusion ) # Ensure only one of the switches is used if ($AddExclusion -and $RemoveExclusion) { throw 'You cannot use both -AddExclusion and -RemoveExclusion switches at the same time.' } if (-not $AddExclusion -and -not $RemoveExclusion) { throw 'You must specify either -AddExclusion or -RemoveExclusion switch.' } $endpoint = '/api/execexcludetenant' if ($RemoveExclusion) { $params = @{ TenantFilter = $CustomerTenantID RemoveExclusion = $true } Write-Verbose "Removing Tenant $CustomerTenantID from the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } else { $params = @{ AddExclusion = $true } $body = @{ value = $CustomerTenantID } Write-Verbose "Adding Tenant $CustomerTenantID to the exclusion list." Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Body $body -Method POST } } #EndRegion './public/CIPP/Settings/Set-CIPPExcludeTenant.ps1' 68 #Region './public/CIPP/Settings/Set-CIPPPasswordSettings.ps1' -1 <# .SYNOPSIS Sets or gets the CIPP password settings. .DESCRIPTION The Set-CIPPPasswordSettings function is used to view the password settings for CIPP or to set them. .PARAMETER Type Specifies the type of password settings to be set. Valid values are "Correct-Battery-Horse" and "Classic". .PARAMETER List Specifies whether to list the current password settings. If set to $true, the function will retrieve the current password settings. .EXAMPLE Set-CIPPPasswordSettings -Type "Correct-Battery-Horse" Sets the password settings to "Correct-Battery-Horse". .EXAMPLE Set-CIPPPasswordSettings -List $true Lists the current password settings. #> function Set-CIPPPasswordSettings { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [ValidateSet( 'Correct-Battery-Horse', 'Classic' )] [string]$Type, [Parameter(Mandatory = $false)] [switch]$List ) Write-Verbose 'Getting CIPP Password Settings' $endpoint = '/api/execpasswordconfig' if ($List.IsPresent -eq $true) { $params = @{ List = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } else { $body = @{ passwordType = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } } #EndRegion './public/CIPP/Settings/Set-CIPPPasswordSettings.ps1' 53 #Region './public/CIPP/Webhooks/Get-CIPPPendingWebhooks.ps1' -1 <# .SYNOPSIS Gets pending webhooks. .DESCRIPTION The Get-CIPPPendingWebhook function retrieves a list of pending webhooks from CIPP. Each webhook's content is automatically deserialized from JSON where applicable. .EXAMPLE Get-CIPPPendingWebhook Returns all pending webhooks in the system. .NOTES Requires CIPP.Alert.Read permissions. The function automatically deserializes any JSON content in the webhook data. #> function Get-CIPPPendingWebhooks { [CmdletBinding()] param () Write-Verbose 'Getting pending webhooks' $endpoint = '/api/ListPendingWebhooks' Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET } #EndRegion './public/CIPP/Webhooks/Get-CIPPPendingWebhooks.ps1' 28 #Region './public/Email/Administration/Add-CIPPContact.ps1' -1 <# .SYNOPSIS Adds a contact to a customer's tenant. .DESCRIPTION The Add-CIPPContact function adds a contact to a customer's tenant using the CIPP API. It requires the customer's tenant ID, display name, external email address, first name, and last name as mandatory parameters. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER DisplayName The display name of the contact. .PARAMETER ExternalEmailAddress The external email address of the contact. .PARAMETER FirstName The first name of the contact. .PARAMETER LastName The last name of the contact. .EXAMPLE Add-CIPPContact -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -DisplayName "John Doe" -ExternalEmailAddress "" -FirstName "John" -LastName "Doe" Adds a contact with the specified details to the customer's tenant. #> function Add-CIPPContact { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$ExternalEmailAddress, [Parameter(Mandatory = $true)] [string]$FirstName, [Parameter(Mandatory = $true)] [string]$LastName ) Write-Verbose "Adding Contact in tenant: $CustomerTenantID" $Endpoint = '/api/addcontact' $body = @{ tenantid = $CustomerTenantID displayName = $DisplayName email = $ExternalEmailAddress FirstName = $FirstName LastName = $LastName } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Add-CIPPContact.ps1' 55 #Region './public/Email/Administration/Add-CIPPExchConnector.ps1' -1 <# .SYNOPSIS Adds an Exchange Connector for a specified tenant using a template. .DESCRIPTION The Add-CIPPExchConnector function adds an Exchange Connector for a specified tenant using either a template GUID or template name. If neither the TemplateGuid nor TemplateName is provided, an error is thrown. The function retrieves the template, converts it to JSON, and sends a POST request to the '/api/AddExConnector' endpoint with the necessary parameters. .PARAMETER CustomerTenantDefaultDomain The default domain of the customer tenant for which the Exchange Connector is being added. This parameter is mandatory. .PARAMETER TemplateGuid The GUID of the template to be used for adding the Exchange Connector. This parameter is optional. .PARAMETER TemplateName The name of the template to be used for adding the Exchange Connector. This parameter is optional. .EXAMPLE Add-CIPPExchConnector -CustomerTenantDefaultDomain "" -TemplateGuid "12345678-1234-1234-1234-123456789012" .EXAMPLE Add-CIPPExchConnector -CustomerTenantDefaultDomain "" -TemplateName "DefaultTemplate" .NOTES Either TemplateGuid or TemplateName must be specified. If both are provided, TemplateGuid takes precedence. #> function Add-CIPPExchConnector { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantDefaultDomain, [Parameter(Mandatory = $false)] [guid]$TemplateGuid, [Parameter(Mandatory = $false)] [string]$TemplateName ) if ($TemplateGuid -eq $null -and $TemplateName -eq $null) { Write-Error "Either TemplateGuid or TemplateName must be specified." return } #Getting Template if ($TemplateGuid -eq $null) { $Template = Get-CIPPExchangeConnectorTemplates | Where-Object { $_.Name -eq $TemplateName } if ($null -eq $Template) { Write-Error "Template with name $TemplateName not found." return } } else { $Template = Get-CIPPExchangeConnectorTemplates | Where-Object { $_.Guid -eq $TemplateGuid } if ($null -eq $Template) { Write-Error "Template with GUID $TemplateGuid not found." return } } $TemplateJson = $Template | ConvertTo-Json -Depth 10 Write-Verbose "Adding Exchange Connector for tenant $CustomerTenantDefaultDomain" $endpoint = '/api/AddExConnector' $body = @{ PowerShellCommand = $TemplateJson "Select_$CustomerTenantID" = $CustomerTenantDefaultDomain TemplateList = $Template.guid } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Add-CIPPExchConnector.ps1' 72 #Region './public/Email/Administration/Add-CIPPExchTransportRule.ps1' -1 <# .SYNOPSIS Adds an Exchange Transport Rule for a specified tenant using a template. .DESCRIPTION The Add-CIPPExchTransportRule function adds an Exchange Transport Rule for a specified tenant using a template. The template can be specified either by its GUID or by its name. If neither is provided, an error is thrown. .PARAMETER CustomerTenantDefaultDomain The default domain of the customer tenant for which the transport rule is being added. This parameter is mandatory. .PARAMETER TemplateGuid The GUID of the template to be used for creating the transport rule. This parameter is optional but either TemplateGuid or TemplateName must be provided. .PARAMETER TemplateName The name of the template to be used for creating the transport rule. This parameter is optional but either TemplateGuid or TemplateName must be provided. .EXAMPLE Add-CIPPExchTransportRule -CustomerTenantDefaultDomain "" -TemplateGuid "12345678-1234-1234-1234-123456789012" .EXAMPLE Add-CIPPExchTransportRule -CustomerTenantDefaultDomain "" -TemplateName "DefaultTemplate" .NOTES If both TemplateGuid and TemplateName are provided, TemplateGuid will take precedence. The function retrieves the template details and converts them to JSON before making a REST API call to add the transport rule. #> function Add-CIPPExchTransportRule { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantDefaultDomain, [Parameter(Mandatory = $false)] [guid]$TemplateGuid, [Parameter(Mandatory = $false)] [string]$TemplateName ) if ($TemplateGuid -eq $null -and $TemplateName -eq $null) { Write-Error "Either TemplateGuid or TemplateName must be specified." return } #Getting Template if ($TemplateGuid -eq $null) { $Template = Get-CIPPExchangeTransportRuleTemplates | Where-Object { $_.Name -eq $TemplateName } if ($null -eq $Template) { Write-Error "Template with name $TemplateName not found." return } } else { $Template = Get-CIPPExchangeTransportRuleTemplates | Where-Object { $_.Guid -eq $TemplateGuid } if ($null -eq $Template) { Write-Error "Template with GUID $TemplateGuid not found." return } } $TemplateJson = $Template | ConvertTo-Json -Depth 10 Write-Verbose "Adding Exchange Transport Rule for tenant $CustomerTenantDefaultDomain" $endpoint = '/api/AddTransportRule' $body = @{ PowerShellCommand = $TemplateJson "Select_$CustomerTenantID" = $CustomerTenantDefaultDomain TemplateList = $Template.guid } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Add-CIPPExchTransportRule.ps1' 72 #Region './public/Email/Administration/Add-CIPPRoomMailbox.ps1' -1 <# .SYNOPSIS Adds a room mailbox to a specified tenant. .DESCRIPTION This function adds a room mailbox to a specified tenant by calling the CIPP API endpoint '/api/AddRoomMailbox'. It requires the tenant ID, display name, domain, and username as mandatory parameters. Optionally, the resource capacity can also be specified. .PARAMETER CustomerTenantID The ID of the customer tenant where the room mailbox will be added. Either TenantID or Default domain can be used to identify the tenant. .PARAMETER DisplayName The display name for the room mailbox. .PARAMETER Domain The domain for the room mailbox. .PARAMETER Username The username for the room mailbox. .PARAMETER ResourceCapacity The resource capacity for the room mailbox. This parameter is optional. .EXAMPLE Add-RoomMailbox -CustomerTenantID "7e3effb6-6efe-42f2-b071-48ce318eaf95" -DisplayName "Conference Room 1" -Domain "" -Username "confroom1" -ResourceCapacity 10 .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to make a POST request to the CIPP API. #> function Add-CIPPRoomMailbox { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$Domain, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $false)] [int]$ResourceCapacity ) Write-Verbose "Adding room mailbox in tenant: $CustomerTenantID" $Endpoint = '/api/AddRoomMailbox' $body = @{ tenantID = $CustomerTenantID displayName = $DisplayName username = $Username domain = $Domain userPrincipalName = "$Username@$Domain" resourceCapacity = $ResourceCapacity } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Add-CIPPRoomMailbox.ps1' 60 #Region './public/Email/Administration/Add-CIPPSharedMailbox.ps1' -1 <# .SYNOPSIS Adds a shared mailbox to a specified tenant. .DESCRIPTION This function adds a shared mailbox to a specified tenant using the provided tenant ID, display name, domain, and username. Optionally, additional aliases can be added. .PARAMETER CustomerTenantID The ID of the customer tenant where the shared mailbox will be added. This parameter is mandatory. Either TenantID or Default domain can be used to identify the tenant. .PARAMETER DisplayName The display name for the shared mailbox. This parameter is mandatory. .PARAMETER Domain The domain for the shared mailbox. This parameter is mandatory. .PARAMETER Username The username for the shared mailbox. This parameter is mandatory. .PARAMETER AddedAliases An array of additional aliases to be added to the shared mailbox. This parameter is optional. .EXAMPLE Add-CIPPSharedMailbox -CustomerTenantID "d6766bb9-44e0-4a4b-b8d0-3d9c4d1d15cc" -DisplayName "Support" -Domain "" -Username "support" This example adds a shared mailbox with the display name "Support" and the username "support" to the tenant "d6766bb9-44e0-4a4b-b8d0-3d9c4d1d15cc". .EXAMPLE Add-CIPPSharedMailbox -CustomerTenantID "" -DisplayName "Support" -Domain "" -Username "support" -AddedAliases "" This example adds a shared mailbox with the display name "Support" and the username "support" to the tenant "". One additional alias is also added to the mailbox. .EXAMPLE Add-CIPPSharedMailbox -CustomerTenantID "" -DisplayName "Support" -Domain "" -Username "support" -AddedAliases '','','' This example adds a shared mailbox with the display name "Support" and the username "support" to the tenant "". Three additional aliases is also added to the mailbox. The AddedAliases parameter accepts an array of strings. .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to send a POST request to the /api/AddSharedMailbox endpoint. #> function Add-CIPPSharedMailbox { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$Domain, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $false)] [array]$AddedAliases ) Write-Verbose "Adding Shared mailbox in tenant: $CustomerTenantID" $Endpoint = '/api/AddSharedMailbox' $body = @{ tenantID = $CustomerTenantID displayName = $DisplayName username = $Username domain = $Domain AddedAliases = $AddedAliases } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Add-CIPPSharedMailbox.ps1' 69 #Region './public/Email/Administration/Convert-CIPPMailbox.ps1' -1 <# .SYNOPSIS Converts a mailbox to a different type in the CIPP system. .DESCRIPTION The Convert-CIPPMailbox function converts a mailbox to one of the following types: - Shared mailbox - Regular user mailbox - Room mailbox - Equipment mailbox It sends a request to the CIPP API to perform the conversion. .PARAMETER CustomerTenantID The ID of the customer tenant where the mailbox belongs. .PARAMETER UserID The ID of the user whose mailbox needs to be converted. .PARAMETER Username Optional. The username associated with the mailbox. .PARAMETER MailboxType The type to convert the mailbox to. Valid values are: - Shared: Convert to shared mailbox - Regular: Convert to regular user mailbox - Room: Convert to room mailbox - Equipment: Convert to equipment mailbox .EXAMPLE Convert-CIPPMailbox -CustomerTenantID "" -UserID "" -MailboxType "Shared" Converts the specified mailbox to a shared mailbox. .EXAMPLE Convert-CIPPMailbox -CustomerTenantID "" -UserID "" -MailboxType "Regular" Converts the specified mailbox to a regular user mailbox. .EXAMPLE Convert-CIPPMailbox -CustomerTenantID "" -UserID "" -MailboxType "Room" Converts the specified mailbox to a room mailbox. #> function Convert-CIPPMailbox { [CmdletBinding()] [Alias('Set-CIPPConvertMailbox')] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [string]$Username, [Parameter(Mandatory = $true)] [ValidateSet('Shared', 'Regular', 'Room', 'Equipment')][string]$MailboxType ) Write-Verbose "Converting Mailbox $UserID to $MailboxType" $endpoint = '/api/ExecConvertMailbox' $params = @{ tenantFilter = $CustomerTenantID id = $UserID MailboxType = $MailboxType Username = $Username } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method 'POST' } #EndRegion './public/Email/Administration/Convert-CIPPMailbox.ps1' 67 #Region './public/Email/Administration/Get-CIPPCalendarPerms.ps1' -1 <# .SYNOPSIS Retrieves calendar permissions for a user in a specified customer tenant. .DESCRIPTION The Get-CIPPCalendarPerms function retrieves the calendar permissions for a user in a specified customer tenant using the CIPP API. It sends a request to the "/api/listcalendarpermissions" endpoint with the provided customer tenant ID and user ID. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPCalendarPerms -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" Retrieves the calendar permissions for the user "" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPCalendarPerms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user calendar permissions for user: $UserID" $Endpoint = '/api/listcalendarpermissions' $Params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Email/Administration/Get-CIPPCalendarPerms.ps1' 37 #Region './public/Email/Administration/Get-CIPPContacts.ps1' -1 <# .SYNOPSIS Retrieves contact details for a specific contact or all contacts for a given tenant. .DESCRIPTION The Get-CIPPContacts function retrieves contact details for a specific contact or all contacts for a given tenant in the CIPP system. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the contacts. This parameter is mandatory. .PARAMETER ContactID Specifies the ID of the contact to retrieve details for. If not provided, details for all contacts in the specified tenant will be retrieved. This parameter is optional. .EXAMPLE Get-CIPPContacts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -ContactID "65be49bb-85cb-4d92-9e34-9e855d0c830c" Retrieves contact details for the contact with ID "65be49bb-85cb-4d92-9e34-9e855d0c830c" in the tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPContacts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves contact details for all contacts in the tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPContacts { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [GUID]$ContactID ) if ($ContactID) { Write-Verbose "Getting Contact details for Contact: $ContactID" } else { Write-Verbose "Getting all Contacts for tenant $CustomerTenantID" } $endpoint = '/api/listcontacts' $params = @{ tenantfilter = $CustomerTenantID contactid = $ContactID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPContacts.ps1' 45 #Region './public/Email/Administration/Get-CIPPExchangeTransportRuleTemplates.ps1' -1 <# .SYNOPSIS Retrieves Exchange Transport Rule Templates. .DESCRIPTION The Get-CIPPExchangeTransportRuleTemplates function calls the CIPP API to retrieve a list of Exchange Transport Rule Templates. .PARAMETER None This function does not take any parameters. .EXAMPLE Get-CIPPExchangeTransportRuleTemplates This example retrieves the Exchange Transport Rule Templates using the CIPP API. #> function Get-CIPPExchangeTransportRuleTemplates { [CmdletBinding()] Param() Write-Verbose 'Getting Exchange Transport Rules Templates' $endpoint = '/api/ListTransportRulesTemplates' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Email/Administration/Get-CIPPExchangeTransportRuleTemplates.ps1' 24 #Region './public/Email/Administration/Get-CIPPMailboxes.ps1' -1 <# .SYNOPSIS Retrieves a list of mailboxes for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMailboxes function retrieves a list of mailboxes for a specified customer tenant ID. It can also include soft-deleted mailboxes if the -SoftDeletedMailboxes switch is used. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the mailbox list. .PARAMETER SoftDeletedMailboxes Indicates whether to include soft-deleted mailboxes in the result. By default, this parameter is set to $false. .EXAMPLE Get-CIPPMailboxes -CustomerTenantID "" Retrieves the list of mailboxes for the "" tenant. .EXAMPLE Get-CIPPMailboxes -CustomerTenantID "" -SoftDeletedMailboxes Retrieves the list of soft-deleted mailboxes for the "" tenant. #> function Get-CIPPMailboxes { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$SoftDeletedMailboxes ) Write-Verbose "Getting Mailbox List for $CustomerTenantID" $endpoint = '/api/ListMailboxes' $params = @{ tenantfilter = $CustomerTenantID } if ($SoftDeletedMailboxes) { $params.Add('SoftDeletedMailbox', 'true') } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPMailboxes.ps1' 42 #Region './public/Email/Administration/Get-CIPPMailboxMobileDevices.ps1' -1 <# .SYNOPSIS Retrieves the mobile devices associated with a mailbox. .DESCRIPTION The Get-CIPPMailboxMobileDevices function retrieves the mobile devices associated with a mailbox in the CIPP system. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API and retrieve the mobile devices. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .PARAMETER Mailbox Specifies the mailbox for which to retrieve the mobile devices. .EXAMPLE Get-CIPPMailboxMobileDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Mailbox "" Retrieves the mobile devices associated with the mailbox "" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPMailboxMobileDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Mailbox ) Write-Verbose "Getting mailbox mobile devices for $Mailbox" $endpoint = '/api/ListMailboxMobileDevices' $params = @{ tenantFilter = $CustomerTenantID mailbox = $Mailbox } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPMailboxMobileDevices.ps1' 36 #Region './public/Email/Administration/Get-CIPPMailboxPermissions.ps1' -1 <# .SYNOPSIS Retrieves mailbox permissions for a specified customer tenant and user ID. .DESCRIPTION The Get-CIPPMailboxPermissions function retrieves mailbox permissions for a specified customer tenant and user ID. It makes an API call to the "/api/listmailboxpermissions" endpoint with the provided parameters. .PARAMETER CustomerTenantID The ID of the customer tenant for which mailbox permissions are to be retrieved. This parameter is mandatory. .PARAMETER UserID The ID of the user for which mailbox permissions are to be retrieved. This parameter is mandatory. .EXAMPLE Get-CIPPMailboxPermissions -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" This example retrieves mailbox permissions for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and the user with ID "". #> function Get-CIPPMailboxPermissions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting mailbox permissions for $CustomerTenantID" $endpoint = '/api/listmailboxpermissions' $params = @{ tenantfilter = $CustomerTenantID userid = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPMailboxPermissions.ps1' 38 #Region './public/Email/Administration/Get-CIPPMailboxRules.ps1' -1 <# .SYNOPSIS Retrieves mailbox rules for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMailboxRules function retrieves mailbox rules for a specified customer tenant ID by making a REST API call to the "/api/listmailboxrules" endpoint. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve mailbox rules. .EXAMPLE Get-CIPPMailboxRules -CustomerTenantID "" This example retrieves mailbox rules for the customer tenant with the ID "". #> function Get-CIPPMailboxRules { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting mailbox rules for $CustomerTenantID" $endpoint = '/api/listmailboxrules' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPMailboxRules.ps1' 31 #Region './public/Email/Administration/Get-CIPPMailQuarantine.ps1' -1 <# .SYNOPSIS Retrieves the mail quarantine for a specific customer tenant. .DESCRIPTION The Get-CIPPMailQuarantine function retrieves the mail quarantine for a specific customer tenant by making a REST API call to the "/api/listmailquarantine" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the mail quarantine. .EXAMPLE Get-CIPPMailQuarantine -CustomerTenantID "" Retrieves the mail quarantine for the customer tenant with the ID "". #> function Get-CIPPMailQuarantine { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting mail quarantine for $CustomerTenantID" $endpoint = '/api/listmailquarantine' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPMailQuarantine.ps1' 30 #Region './public/Email/Administration/Get-CIPPOutOfOffice.ps1' -1 <# .SYNOPSIS Retrieves the out of office status for a specified user. .DESCRIPTION The Get-CIPPOutOfOffice function retrieves the out of office status for a specified user in a customer's tenant. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER UserID Specifies the ID of the user. .EXAMPLE Get-CIPPOutOfOffice -CustomerTenantID "" -UserID "" Retrieves the out of office status for the user with the ID "" in the customer's tenant with the ID "". #> function Get-CIPPOutOfOffice { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting out of office for $UserID" $endpoint = '/api/listooo' $params = @{ tenantfilter = $CustomerTenantID userid = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPOutOfOffice.ps1' 36 #Region './public/Email/Administration/Get-CIPPUserMailboxDetails.ps1' -1 <# .SYNOPSIS Retrieves the mailbox details for a specific user in the CIPP system. .DESCRIPTION The Get-CIPPUserMailboxDetails function retrieves the mailbox details for a specific user in the CIPP system. It makes an API call to the "/api/listusermailboxdetails" endpoint, passing the customer tenant ID and user ID as parameters. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the mailbox details. .PARAMETER UserID The ID of the user for which to retrieve the mailbox details. .EXAMPLE Get-CIPPUserMailboxDetails -CustomerTenantID "" -UserID "" Retrieves the mailbox details for the user with ID "" in the customer tenant with ID "". #> function Get-CIPPUserMailboxDetails { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user Mailbox Details for $userID" $endpoint = '/api/listusermailboxdetails' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPUserMailboxDetails.ps1' 38 #Region './public/Email/Administration/Get-CIPPUserMailboxRules.ps1' -1 <# .SYNOPSIS Retrieves the mailbox rules for a specific user in the CIPP system. .DESCRIPTION The Get-CIPPUserMailboxRules function retrieves the mailbox rules for a specific user in the CIPP system. It makes an API call to the "/api/listusermailboxrules" endpoint, passing the customer tenant ID and user ID as parameters. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPUserMailboxRules -CustomerTenantID "" -UserID "" Retrieves the mailbox rules for the user with the ID "" in the customer tenant with the ID "". #> function Get-CIPPUserMailboxRules { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user Mailbox Rules for $userID" $endpoint = '/api/listusermailboxrules' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Get-CIPPUserMailboxRules.ps1' 38 #Region './public/Email/Administration/Remove-CIPPContact.ps1' -1 <# .SYNOPSIS Removes a mail contact from Exchange. .DESCRIPTION The Remove-CIPPContact function removes a specified mail contact from Exchange in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER ContactGuid Specifies the GUID of the mail contact to remove. .EXAMPLE Remove-CIPPContact -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -ContactGuid "98765432-4321-4321-4321-BA0987654321" Removes the mail contact with the specified GUID from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange contacts. #> function Remove-CIPPContact { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$ContactGuid ) Write-Verbose "Removing mail contact $ContactGuid from tenant $CustomerTenantID" $endpoint = '/api/RemoveContact' $body = @{ tenantFilter = $CustomerTenantID GUID = $ContactGuid } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Email/Administration/Remove-CIPPContact.ps1' 42 #Region './public/Email/Administration/Set-CIPPCalendarPermissions.ps1' -1 <# .SYNOPSIS Sets calendar permissions for a user in a customer's tenant. .DESCRIPTION The Set-CIPPCalendarPermissions function is used to edit calendar permissions for a specified user in a customer's tenant. It allows you to set different levels of permissions for the user on the calendar folder. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER Permissions Specifies the level of permissions to be set for the user on the calendar folder. Valid values are: - Author - Contributor - Editor - Owner - Non Editing Author - Publishing Author - Publishing Editor - Reviewer - LimitedDetails - AvailabilityOnly .PARAMETER Userid Specifies the ID of the user for whom the calendar permissions are being set. .PARAMETER RemoveAccess Specifies whether to remove the user's access to the calendar folder. This parameter is optional. .PARAMETER usertogetpermissions Specifies the ID of the user for whom you are giving permission to. This parameter is optional. .PARAMETER FolderName Specifies the name of the calendar folder. The default value is "Calendar". .EXAMPLE Set-CIPPCalendarPermissions -CustomerTenantID "" -Permissions "Editor" -Userid "" This example sets the calendar permissions for the user with the ID "" in the customer's tenant with the ID "" to "Editor" level. #> function Set-CIPPCalendarPermissions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [ValidateSet( 'Author', 'Contributor', 'Editor', 'Owner', 'Non Editing Author', 'Publishing Author', 'Publishing Editor', 'Reviewer', 'LimitedDetails', 'AvailabilityOnly' )] [string]$Permissions, [Parameter(Mandatory = $true)] [string]$Userid, [Parameter(Mandatory = $false)] [string]$RemoveAccess, [Parameter(Mandatory = $false)] [string]$usertogetpermissions, [Parameter(Mandatory = $false)] [string]$FolderName = 'Calendar' ) Write-Verbose "Editing calendar permissions for $Userid" $endpoint = '/api/execeditcalendarpermissions' $params = @{ TenantFilter = $CustomerTenantID permissions = $Permissions userid = $Userid removeaccess = $RemoveAccess usertogetpermissions = $usertogetpermissions FolderName = $FolderName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Set-CIPPCalendarPermissions.ps1' 86 #Region './public/Email/Administration/Set-CIPPContact.ps1' -1 <# .SYNOPSIS Modifies a contact in the CIPP API. .DESCRIPTION The Set-CIPPContact function is used to edit a contact in the CIPP API. It allows you to modify various properties of the contact, such as display name, email address, first name, last name, job title, address, phone numbers, etc. .PARAMETER CustomerTenantID The ID of the customer tenant where the contact belongs. .PARAMETER ContactID The ID of the contact to be edited. .PARAMETER DisplayName The new display name for the contact. If not provided, the existing display name will be used. .PARAMETER ExternalEmailAddress The new external email address for the contact. If not provided, the existing email address will be used. .PARAMETER FirstName The new first name for the contact. If not provided, the existing first name will be used. .PARAMETER LastName The new last name for the contact. If not provided, the existing last name will be used. .PARAMETER JobTitle The new job title for the contact. If not provided, the existing job title will be used. .PARAMETER StreetAddress The new street address for the contact. If not provided, the existing street address will be used. .PARAMETER PostalCode The new postal code for the contact. If not provided, the existing postal code will be used. .PARAMETER City The new city for the contact. If not provided, the existing city will be used. .PARAMETER Country The new country for the contact. If not provided, the existing country will be used. This must be a valid ISO 3166-1 alpha-2 country code. .PARAMETER MobilePhone The new mobile phone number for the contact. If not provided, the existing mobile phone number will be used. .PARAMETER PhoneNumber The new business phone number for the contact. If not provided, the existing business phone number will be used. .EXAMPLE Set-CIPPContact -CustomerTenantID "" -ContactID "46200db7-45cd-447e-a7d9-1d2feb91bb10" -DisplayName "John Doe" -JobTitle "Manager" This example edits the contact with ID "46200db7-45cd-447e-a7d9-1d2feb91bb10" in the customer tenant "". It sets the display name to "John Doe" and the job title to "Manager". Other properties remain unchanged. #> function Set-CIPPContact { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ContactID, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$ExternalEmailAddress, [Parameter(Mandatory = $false)] [string]$FirstName, [Parameter(Mandatory = $false)] [string]$LastName, [Parameter(Mandatory = $false)] [string]$JobTitle, [Parameter(Mandatory = $false)] [string]$StreetAddress, [Parameter(Mandatory = $false)] [string]$PostalCode, [Parameter(Mandatory = $false)] [string]$City, [Parameter(Mandatory = $false)] [string]$Country, [Parameter(Mandatory = $false)] [string]$MobilePhone, [Parameter(Mandatory = $false)] [string]$PhoneNumber ) Write-Verbose "Editing Contact in tenant: $CustomerTenantID" $existingContact = Get-CIPPContacts -CustomerTenantID $CustomerTenantID -ContactID $ContactID # Filter to get the mobile and business phone numbers from the phones collection $existingMobilePhone = ($existingContact.phones | Where-Object { $_.type -eq 'mobile' }).number $existingBusinessPhone = ($existingContact.phones | Where-Object { $_.type -eq 'business' }).number $Endpoint = '/api/Editcontact' $body = @{ tenantID = $CustomerTenantID ContactID = $ContactID DisplayName = $DisplayName ? $DisplayName : $existingContact.DisplayName mail = $ExternalEmailAddress ? $ExternalEmailAddress : $existingContact.mail firstName = $FirstName ? $FirstName : $existingContact.givenName LastName = $LastName ? $LastName : $existingContact.surname jobTitle = $JobTitle ? $JobTitle : $existingContact.jobTitle Country = $Country ? $Country : $existingContact.addresses.CountryOrRegion PostalCode = $PostalCode ? $PostalCode : $existingContact.addresses.postalcode CompanyName = $CompanyName ? $CompanyName : $existingContact.companyName StreetAddress = $StreetAddress ? $StreetAddress : $existingContact.addresses.street MobilePhone = $MobilePhone ? $MobilePhone : $existingMobilePhone BusinessPhone = $PhoneNumber ? $PhoneNumber : $existingBusinessPhone City = $City ? $City : $ } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Set-CIPPContact.ps1' 114 #Region './public/Email/Administration/Set-CIPPCopyToSent.ps1' -1 <# .SYNOPSIS Sets the option to copy sent items to a shared mailbox for a specific user. .DESCRIPTION The Set-CIPPCopyToSent function sets the option to copy sent items to a shared mailbox for a specific user in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER UserID Specifies the ID of the user. .PARAMETER MessageCopyForSentAsEnabled Specifies whether to enable or disable the option to copy sent items for the user. Valid values are "true" or "false". The default value is "true". .EXAMPLE Set-CIPPCopyToSent -CustomerTenantID "" -UserID "" -MessageCopyForSentAsEnabled "true" This example sets the option to copy sent items to a shared mailbox for the user "" in the customer's tenant with ID "". #> function Set-CIPPCopyToSent { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$MessageCopyForSentAsEnabled = 'true' ) Write-Verbose "Copy Sent Items to Shared Mailbox for $userID $MessageCopyForSentAsEnabled" $endpoint = '/api/execcopyforsent' $body = @{ tenantFilter = $CustomerTenantID id = $UserID MessageCopyForSentAsEnabled = $MessageCopyForSentAsEnabled } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Set-CIPPCopyToSent.ps1' 50 #Region './public/Email/Administration/Set-CIPPEnableArchive.ps1' -1 <# .SYNOPSIS Enables email archiving for a specified user in the CIPP system. .DESCRIPTION The Set-CIPPEnableArchive function enables email archiving for a specified user in the CIPP system. It sends a request to the CIPP API to enable email archiving for the user identified by the provided CustomerTenantID and UserID. .PARAMETER CustomerTenantID The unique identifier of the customer tenant. .PARAMETER UserID The unique identifier of the user. .EXAMPLE Set-CIPPEnableArchive -CustomerTenantID "" -UserID "" Enables email archiving for the user with the CustomerTenantID "" and UserID "". #> function Set-CIPPEnableArchive { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Enabling Email Archive for $userID" $endpoint = '/api/execenablearchive' $params = @{ tenantfilter = $CustomerTenantID id = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Set-CIPPEnableArchive.ps1' 40 #Region './public/Email/Administration/Set-CIPPHideFromGAL.ps1' -1 <# .SYNOPSIS Sets the "hide from Global Address List (GAL)" property for a user in a customer's tenant. .DESCRIPTION The Set-CIPPHideFromGAL function is used to set the "hide from GAL" property for a specified user in a customer's tenant. This property determines whether the user's email address is visible in the Global Address List (GAL) or not. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER UserID Specifies the ID of the user for whom the "hide from GAL" property needs to be set. .PARAMETER hidefromgal Specifies whether the user's email address should be hidden from the GAL or not. Valid values are 'true' and 'false'. .EXAMPLE Set-CIPPHideFromGAL -CustomerTenantID "" -UserID "" -hidefromgal "true" Sets the "hide from GAL" property to true for the user with the email address "" in the customer's tenant with ID "". .EXAMPLE Set-CIPPHideFromGAL -CustomerTenantID "" -UserID "" -hidefromgal "false" Sets the "hide from GAL" property to false for the user with the email address "" in the customer's tenant with ID "". #> function Set-CIPPHideFromGAL { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [ValidateSet( 'true', 'false' )] [string]$HideFromGAL ) Write-Verbose "Setting hide from GAL to $HideFromGAL for $UserID" $endpoint = '/api/exechidefromgal' $body = @{ tenantFilter = $CustomerTenantID id = $UserID hidefromgal = $HideFromGAL } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Set-CIPPHideFromGAL.ps1' 51 #Region './public/Email/Administration/Set-CIPPMailboxForwarding.ps1' -1 <# .SYNOPSIS Sets mailbox forwarding for a user. .DESCRIPTION The Set-CIPPMailboxForwarding function sets mailbox forwarding for a user. It allows you to specify the customer tenant ID, user ID, and various forwarding options such as external and internal email addresses, disabling forwarding, and keeping a copy of forwarded emails. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user whose mailbox forwarding needs to be set. .PARAMETER DisableForwarding Specifies whether to disable mailbox forwarding. By default, it is set to $false. .PARAMETER ForwardExternalEmailAddress The external email address to forward emails to. .PARAMETER ForwardInternalEmailAddress The internal email address to forward emails to. This parameter accepts an array of email addresses. .PARAMETER KeepCopy Specifies whether to keep a copy of forwarded emails. By default, it is set to $false. .EXAMPLE Set-CIPPMailboxForwarding -CustomerTenantID "" -UserID "" -ForwardExternalEmailAddress "" -KeepCopy $true This example sets mailbox forwarding for the user "" in the customer tenant with ID "". Emails will be forwarded to the external email address "". A copy of forwarded emails will be kept. #> function Set-CIPPMailboxForwarding { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [bool]$DisableForwarding, [Parameter(Mandatory = $false)] [string]$ForwardExternalEmailAddress, [Parameter(Mandatory = $false)] [string]$ForwardInternalEmailAddress, [Parameter(Mandatory = $false)] [bool]$KeepCopy ) Write-Verbose "Forwarding Mailbox for $UserID to $ForwardExternalEmailAddress $ForwardInternalEmailAddress" $endpoint = '/api/execemailforward' $body = @{ tenantFilter = $CustomerTenantID ForwardExternal = $ForwardExternalEmailAddress ForwardInternal = (ConvertTo-FormattedArray -inputArray $ForwardInternalEmailAddress -labelPrefix $ForwardInternalEmailAddress) KeepCopy = $KeepCopy userid = $UserID disableForwarding = $DisableForwarding } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body } #EndRegion './public/Email/Administration/Set-CIPPMailboxForwarding.ps1' 62 #Region './public/Email/Administration/Set-CIPPMailboxMobileDevices.ps1' -1 <# .SYNOPSIS Edits the mobile device settings for a specified user in a customer's tenant. .DESCRIPTION The Set-CIPPMailboxMobileDevices function allows you to edit the mobile device settings for a specified user in a customer's tenant. You can set the device ID, user ID, quarantine status, delete status, and device GUID. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER DeviceID Specifies the ID of the mobile device. .PARAMETER UserID Specifies the ID of the user. .PARAMETER Quarantine Specifies whether the mobile device should be quarantined. Valid values are "true" or "False". .PARAMETER Delete Specifies whether the mobile device should be deleted. Valid values are "true" or "False". The default value is "False". .PARAMETER DeviceGUID Specifies the GUID of the mobile device. .EXAMPLE Set-CIPPMailboxMobileDevices -CustomerTenantID "" -DeviceID "ABCD1234" -UserID "" -Quarantine "true" This example sets the mobile device with the ID "ABCD1234" for the user "" in the customer's tenant with the ID "" to be quarantined. .EXAMPLE Set-CIPPMailboxMobileDevices -CustomerTenantID "" -UserID "" -Delete "true" -DeviceGUID "EFGH5678" This example deletes the mobile device with the GUID "EFGH5678" for the user "" in the customer's tenant with the ID "". #> function Set-CIPPMailboxMobileDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$DeviceID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [ValidateSet('true', 'False')] [string]$Quarantine, [Parameter(Mandatory = $false)] [ValidateSet('true', 'False')] [string]$Delete = 'False', [Parameter(Mandatory = $false)] [guid]$DeviceGUID ) Write-Verbose "Editing Mobile Device for $UserID" $endpoint = '/api/execmailboxmobiledevices' if ($Quarantine) { $params = @{ tenantfilter = $CustomerTenantID DeviceID = $DeviceID Userid = $UserID Quarantine = $Quarantine } } else { $params = @{ tenantfilter = $CustomerTenantID Userid = $UserID Delete = $Delete GUID = $DeviceGUID } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Set-CIPPMailboxMobileDevices.ps1' 77 #Region './public/Email/Administration/Set-CIPPMailboxPermissions.ps1' -1 <# .SYNOPSIS Sets mailbox permissions for a user in the CIPP system. .DESCRIPTION The Set-CIPPMailboxPermissions function is used to edit mailbox permissions for a specified user in the CIPP system. It allows you to add or remove full access, send as, and send on behalf permissions for the user's mailbox. .PARAMETER CustomerTenantID The ID of the customer's tenant in the CIPP system. .PARAMETER Userid The ID of the user whose mailbox permissions need to be edited. .PARAMETER RemoveFullAccess An optional array of mailboxes from which to remove full access permissions for the user. .PARAMETER AddFullAccessAutoMap An optional array of mailboxes to which to add full access permissions with automapping enabled for the user. .PARAMETER AddFullAccessNoAutoMap An optional array of mailboxes to which to add full access permissions with automapping disabled for the user. .PARAMETER AddSendAs An optional array of mailboxes to which to add send as permissions for the user. .PARAMETER RemoveSendAs An optional array of mailboxes from which to remove send as permissions for the user. .PARAMETER AddSendOnBehalf An optional array of mailboxes to which to add send on behalf permissions for the user. .PARAMETER RemoveSendOnBehalf An optional array of mailboxes from which to remove send on behalf permissions for the user. .EXAMPLE Set-CIPPMailboxPermissions -CustomerTenantID "" -Userid "" -AddFullAccessAutoMap "", "" -AddSendAs "" This example sets mailbox permissions for the user "" in the CIPP system. It adds full access permissions with automapping enabled to "" and "", and adds send as permissions to "". #> function Set-CIPPMailboxPermissions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Userid, [Parameter(Mandatory = $false)] [array]$RemoveFullAccess = @(), [Parameter(Mandatory = $false)] [array]$AddFullAccessAutoMap = @(), [Parameter(Mandatory = $false)] [array]$AddFullAccessNoAutoMap = @(), [Parameter(Mandatory = $false)] [array]$AddSendAs = @(), [Parameter(Mandatory = $false)] [array]$RemoveSendAs = @(), [Parameter(Mandatory = $false)] [array]$AddSendOnBehalf = @(), [Parameter(Mandatory = $false)] [array]$RemoveSendOnBehalf = @() ) Write-Verbose "Editing Mailbox permissions for $Userid" $endpoint = '/api/execeditmailboxpermissions' $body = @{ TenantFilter = $CustomerTenantID UserID = $Userid RemoveFullAccess = (ConvertTo-FormattedArray -inputArray $RemoveFullAccess -labelPrefix 'Remove Full Access') AddFullAccess = (ConvertTo-FormattedArray -inputArray $AddFullAccessAutoMap -labelPrefix 'Add Full Access AutoMap') AddFullAccessNoAutoMap = (ConvertTo-FormattedArray -inputArray $AddFullAccessNoAutoMap -labelPrefix 'Add Full Access No AutoMap') AddSendAs = (ConvertTo-FormattedArray -inputArray $AddSendAs -labelPrefix 'Add Send As') RemoveSendAs = (ConvertTo-FormattedArray -inputArray $RemoveSendAs -labelPrefix 'Remove Send As') AddSendOnBehalf = (ConvertTo-FormattedArray -inputArray $AddSendOnBehalf -labelPrefix 'Add Send On Behalf') RemoveSendOnBehalf = (ConvertTo-FormattedArray -inputArray $RemoveSendOnBehalf -labelPrefix 'Remove Send On Behalf') } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Email/Administration/Set-CIPPMailboxPermissions.ps1' 81 #Region './public/Email/Administration/Set-CIPPMailboxQuota.ps1' -1 <# .SYNOPSIS Sets the mailbox quota for a user .DESCRIPTION The Set-CIPPMailboxQuota function is used to set the mailbox quota for a user. It allows you to specify the customer tenant ID, user ID, and the mailbox quota limits such as ProhibitSendQuota, IssueWarningQuota, and ProhibitSendReceiveQuota. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .PARAMETER ProhibitSendQuota The maximum mailbox size (in MB, GB or TB) at which sending messages is prohibited. .PARAMETER IssueWarningQuota The mailbox size (in MB, GB or TB) at which a warning is issued to the user. .PARAMETER ProhibitSendReceiveQuota The maximum mailbox size (in MB, GB or TB) at which sending and receiving messages is prohibited. .EXAMPLE Set-CIPPMailboxQuota -CustomerTenantID "" -UserID "" -ProhibitSendQuota "1GB" Sets the mailbox quota for the user "john.doe" in the customer tenant with ID "". The ProhibitSendQuota is set to 1GB .EXAMPLE Set-CIPPMailboxQuota -CustomerTenantID "" -UserID "" -ProhibitSendReceiveQuota "5GB" Sets the mailbox quota for the user "john.doe" in the customer tenant with ID "". The ProhibitSendReceiveQuota is set to 5GB .NOTES This function requires the Invoke-CIPPRestMethod function to be available. You can only use one parameter at a time: ProhibitSendQuota, IssueWarningQuota, or ProhibitSendReceiveQuota. #> function Set-CIPPMailboxQuota { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [string]$ProhibitSendQuota, [Parameter(Mandatory = $false)] [string]$IssueWarningQuota, [Parameter(Mandatory = $false)] [string]$ProhibitSendReceiveQuota ) Write-Verbose "Setting Mailbox Quota for $userID" $endpoint = '/api/execsetmailboxquota' $body = @{ tenantfilter = $CustomerTenantID user = $UserID } if ($ProhibitSendQuota) { $body.Add('ProhibitSendQuota', 'true') $body.Input = $ProhibitSendQuota } elseif ($IssueWarningQuota) { $body.Add('IssueWarningQuota', 'true') $body.input = $IssueWarningQuota } elseif ($ProhibitSendReceiveQuota) { $body.Add('ProhibitSendReceiveQuota', 'true') $body.input = $ProhibitSendReceiveQuota } else { throw 'At least one of the following parameters must be provided: ProhibitSendQuota, IssueWarningQuota, ProhibitSendReceiveQuota' } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Email/Administration/Set-CIPPMailboxQuota.ps1' 74 #Region './public/Email/Administration/Set-CIPPOOO.ps1' -1 <# .SYNOPSIS Sets the out of office settings for a user. .DESCRIPTION The Set-CIPPOOO function is used to set the out of office settings for a user in a customer's Exchange environment. It allows you to specify the customer tenant ID, user, auto reply state, external message, internal message, start time, and end time for the out of office settings. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER User The user for whom the out of office settings should be set. .PARAMETER autoreplystate The auto reply state. Valid values are 'Scheduled', 'Disabled', or 'Enabled'. .PARAMETER externalmessage The external message to be sent as an auto reply. .PARAMETER internalmessage The internal message to be sent as an auto reply. .PARAMETER endtime The end time for the out of office settings. This parameter is mandatory when autoreplystate is 'Scheduled'. .PARAMETER starttime The start time for the out of office settings. This parameter is mandatory when autoreplystate is 'Scheduled'. .EXAMPLE Set-CIPPOOO -CustomerTenantID "" -User "" -autoreplystate "Disabled" Sets the out of office settings for the user "" in the customer's tenant with ID "". The auto reply state is set to "Disable" .EXAMPLE Set-CIPPOOO -CustomerTenantID "" -User "" -autoreplystate "Enabled" Sets the out of office settings for the user "" in the customer's tenant with ID "". The auto reply state is set to "Enabled" .EXAMPLE Set-CIPPOOO -CustomerTenantID "" -User "" -autoreplystate "Enabled" -externalmessage "I'm currently out of office." -internalmessage "I'm currently out of office." -starttime 2024-06-21 14:00" -endtime "2024-06-21 14:30"" Sets the out of office settings for the user "" in the customer's tenant with ID "". The auto reply state is set to "Enabled" and the external and internal messages are set to "I'm currently out of office.". The out of office settings are scheduled to start on "2024-06-21 14:00" and end on "2024-06-21 14:30". #> function Set-CIPPOOO { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$User, [Parameter(Mandatory = $true)] [ValidateSet( 'Scheduled', 'Disabled', 'Enabled' )] [string]$autoreplystate, [Parameter(Mandatory = $false)] [string]$externalmessage, [Parameter(Mandatory = $false)] [string]$internalmessage, [Parameter(Mandatory = $false)] [datetime]$endtime, [Parameter(Mandatory = $false)] [datetime]$starttime ) Write-Verbose "Setting out of office for $User to $autoreplystate" if ($autoreplystate -eq 'Scheduled') { if (-not $PSBoundParameters.ContainsKey('starttime')) { throw "Start time is mandatory when autoreplystate is 'Scheduled'." } if (-not $PSBoundParameters.ContainsKey('endtime')) { throw "End time is mandatory when autoreplystate is 'Scheduled'." } } $endpoint = '/api/execsetooo' $body = @{ TenantFilter = $CustomerTenantID User = $User AutoReplyState = $autoreplystate externalmessage = $externalmessage internalmessage = $internalmessage endtime = $endtime starttime = $starttime input = $Input } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Email/Administration/Set-CIPPOOO.ps1' 92 #Region './public/Email/Administration/Set-CIPPQuarantineManagement.ps1' -1 <# .SYNOPSIS Manages quarantine for a specific customer tenant ID. .DESCRIPTION The Set-CIPPQuarantineManagement function is used to manage quarantine for a specific customer tenant ID. It allows you to set various parameters such as the ID, AllowSender, and Type. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the quarantine management is performed. This parameter is mandatory. .PARAMETER ID Specifies the ID of the quarantine management. This parameter is mandatory. .PARAMETER AllowSender Specifies whether to allow the sender. Valid values are 'true' or 'false'. This parameter is optional. .PARAMETER Type Specifies the type of quarantine management. Valid values are 'Deny' or 'Release'. This parameter is mandatory. .EXAMPLE Set-CIPPQuarantineManagement -CustomerTenantID "" -ID "67890" -AllowSender "true" -Type "Deny" This example sets the quarantine management for the customer tenant ID "" with the ID "67890". It allows the sender and sets the type to "Deny". #> function Set-CIPPQuarantineManagement { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$AllowSender, [Parameter(Mandatory = $true)] [ValidateSet( 'Deny', 'Release' )] [string]$Type ) Write-Verbose "Managing Quarantine for $CustomerTenantID" $endpoint = '/api/execquarantinemanagement' $params = @{ tenantfilter = $CustomerTenantID id = $ID allowSender = $AllowSender type = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Administration/Set-CIPPQuarantineManagement.ps1' 58 #Region './public/Email/Administration/Start-CIPPManagedFolderAssistant.ps1' -1 <# .SYNOPSIS Starts the Managed Folder Assistant for a mailbox. .DESCRIPTION The Start-CIPPManagedFolderAssistant function starts a Managed Folder Assistant process for a specified mailbox in Exchange Online. This can be used to process retention policies and tags. .PARAMETER Identity The identity of the mailbox for which to start the Managed Folder Assistant. This can be the primary SMTP address or any other Exchange identity format. .PARAMETER CustomerTenantID The tenant ID where the mailbox resides. This is required to identify the correct Exchange Online environment. .EXAMPLE Start-CIPPManagedFolderAssistant -Identity "" -CustomerTenantID "tenant-id" Starts the Managed Folder Assistant for the specified mailbox in the specified tenant. .NOTES Requires Exchange.Mailbox.ReadWrite permissions. The Managed Folder Assistant processes retention policies and tags on mailboxes. #> function Start-CIPPManagedFolderAssistant { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$Identity, [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Starting Managed Folder Assistant for mailbox: $Identity" $endpoint = '/api/ExecStartManagedFolderAssistant' $body = @{ tenantFilter = $CustomerTenantID id = $Identity } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Administration/Start-CIPPManagedFolderAssistant.ps1' 45 #Region './public/Email/Reports/Get-CIPPEnabledSharedMailboxes.ps1' -1 <# .SYNOPSIS Retrieves shared mailboxes with account enabled for a specific customer tenant ID. .DESCRIPTION The Get-CIPPEnabledSharedMailboxes function retrieves shared mailboxes with account enabled for a specific customer tenant ID. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API and retrieve the shared mailboxes. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the shared mailboxes. .EXAMPLE Get-CIPPEnabledSharedMailboxes -CustomerTenantID "" Retrieves shared mailboxes with account enabled for the "" customer tenant ID. #> function Get-CIPPEnabledSharedMailboxes { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting shared mailboxes with account enabled for $CustomerTenantID" $endpoint = '/api/listsharedmailboxaccountenabled' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Reports/Get-CIPPEnabledSharedMailboxes.ps1' 30 #Region './public/Email/Reports/Get-CIPPGlobalAddressList.ps1' -1 <# .SYNOPSIS Gets Global Address List entries. .DESCRIPTION The Get-CIPPGlobalAddressList function retrieves all recipients from the Global Address List (GAL) in Exchange Online. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPGlobalAddressList -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all recipients in the Global Address List for the specified tenant. .NOTES Requires Exchange.Mailbox.Read permissions. Returns detailed recipient information including: - Identity - Display Name - Alias - Primary SMTP Address - External Directory Object ID - Hidden From Address Lists Status - Email Addresses - Directory Sync Status - SKU Assignment - Recipient Type Details - Address List Membership #> function Get-CIPPGlobalAddressList { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Global Address List for tenant $CustomerTenantID" $endpoint = '/api/ListGlobalAddressList' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Reports/Get-CIPPGlobalAddressList.ps1' 47 #Region './public/Email/Reports/Get-CIPPMailboxCAS.ps1' -1 <# .SYNOPSIS Retrieves the Mailbox Client Access Settings for a specific customer tenant. .DESCRIPTION The Get-CIPPMailboxCAS function retrieves the Mailbox Client Access Settings for a specified customer tenant ID. It makes use of the Invoke-CIPPRestMethod function to send a request to the '/api/listmailboxcas' endpoint and returns the results. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the Mailbox Client Access Settings. This parameter is mandatory. .EXAMPLE Get-CIPPMailboxCAS -CustomerTenantID "d25d58b0-7f7e-4b81-af6c-b5e6451dafcc" Retrieves the Mailbox Client Access Settings for the customer tenant with the ID "d25d58b0-7f7e-4b81-af6c-b5e6451dafcc". .INPUTS None. You cannot pipe input to this function. .OUTPUTS System.Object. The function returns an object representing the Mailbox Client Access Settings. .NOTES This function requires the Invoke-CIPPRestMethod function to be available. .LINK Invoke-CIPPRestMethod #> function Get-CIPPMailboxCAS { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Mailbox Client Access Settings for $CustomerTenantID" $endpoint = '/api/ListMailboxCAS' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Reports/Get-CIPPMailboxCAS.ps1' 42 #Region './public/Email/Reports/Get-CIPPMailboxStatistics.ps1' -1 <# .SYNOPSIS Retrieves mailbox statistics for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMailboxStatistics function retrieves mailbox statistics for a specified customer tenant ID by making a REST API call to the "/api/listmailboxstatistics" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which mailbox statistics need to be retrieved. .EXAMPLE Get-CIPPMailboxStatistics -CustomerTenantID "" Retrieves mailbox statistics for the customer tenant with the ID "". #> function Get-CIPPMailboxStatistics { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting mailbox statistics for $CustomerTenantID" $endpoint = '/api/listmailboxstatistics' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Reports/Get-CIPPMailboxStatistics.ps1' 30 #Region './public/Email/Resources/Get-CIPPRoomLists.ps1' -1 <# .SYNOPSIS Retrieves room lists for a specific customer tenant. .DESCRIPTION The Get-CIPPRoomLists function retrieves room lists for a specific customer tenant by making a REST API call to the "/api/listroomlists" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .EXAMPLE Get-CIPPRoomLists -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves room lists for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPRoomLists { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Retrieving room lists for tenant $CustomerTenantID" $Endpoint = '/api/ListRoomLists' $Params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Email/Resources/Get-CIPPRoomLists.ps1' 32 #Region './public/Email/Resources/Get-CIPPRooms.ps1' -1 <# .SYNOPSIS Retrieves rooms for a specific customer tenant. .DESCRIPTION The Get-CIPPRooms function retrieves rooms for a specific customer tenant by making a REST API call to the "/api/listrooms" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .EXAMPLE Get-CIPPRooms -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves rooms for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPRooms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$RoomID ) Write-Verbose "Retrieving rooms for tenant $CustomerTenantID" $Endpoint = '/api/ListRooms' $Params = @{ tenantFilter = $CustomerTenantID RoomID = $RoomID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Email/Resources/Get-CIPPRooms.ps1' 35 #Region './public/Email/Spamfilter/Get-CIPPAntiPhishingFilter.ps1' -1 <# .SYNOPSIS Gets anti-phishing filters. .DESCRIPTION The Get-CIPPAntiPhishingFilter function retrieves anti-phishing policies and rules configured in Exchange Online for a tenant. The output combines policy settings with their associated rules. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPAntiPhishingFilter -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all anti-phishing policies and their associated rules for the specified tenant. .NOTES Requires Exchange.SpamFilter.Read permissions. Each policy entry includes: - All policy settings - Associated rule name - Rule priority - Rule recipient domains - Rule state #> function Get-CIPPAntiPhishingFilter { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting anti-phishing filters for tenant $CustomerTenantID" $endpoint = '/api/ListAntiPhishingFilters' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Spamfilter/Get-CIPPAntiPhishingFilter.ps1' 42 #Region './public/Email/Spamfilter/Get-CIPPMalwareFilter.ps1' -1 <# .SYNOPSIS Gets malware filter settings. .DESCRIPTION The Get-CIPPMalwareFilter function retrieves malware filter policies and rules configured in Exchange Online for a tenant. The output combines policy settings with their associated rules. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPMalwareFilter -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all malware filter policies and their associated rules for the specified tenant. .NOTES Requires Exchange.SpamFilter.Read permissions. Each policy entry includes: - All policy settings - Associated rule name - Rule priority - Rule recipient domains - Rule state #> function Get-CIPPMalwareFilter { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting malware filter settings for tenant $CustomerTenantID" $endpoint = '/api/ListMalwareFilters' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Spamfilter/Get-CIPPMalwareFilter.ps1' 42 #Region './public/Email/Spamfilter/Get-CIPPPhishPolicies.ps1' -1 <# .SYNOPSIS Retrieves the phishing policies for a specific customer tenant. .DESCRIPTION The Get-CIPPPhishPolicies function retrieves the phishing policies for a specific customer tenant by making a REST API call to the "/api/listphishpolicies" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the phishing policies. .EXAMPLE Get-CIPPPhishPolicies -CustomerTenantID "" Retrieves the phishing policies for the customer tenant with the ID "". #> function Get-CIPPPhishPolicies { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Phish Policies for $CustomerTenantID" $endpoint = '/api/listphishpolicies' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Spamfilter/Get-CIPPPhishPolicies.ps1' 30 #Region './public/Email/Spamfilter/Get-CIPPSafeAttachmentFilter.ps1' -1 <# .SYNOPSIS Gets safe attachments filter settings. .DESCRIPTION The Get-CIPPSafeAttachmentFilter function retrieves safe attachments policies and rules configured in Exchange Online for a tenant. The output combines policy settings with their associated rules. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPSafeAttachmentFilter -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all safe attachments policies and their associated rules for the specified tenant. .NOTES Requires Exchange.SpamFilter.Read permissions. Each policy entry includes: - All policy settings - Associated rule name - Rule priority - Rule recipient domains - Rule state #> function Get-CIPPSafeAttachmentFilter { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting safe attachments filter settings for tenant $CustomerTenantID" $endpoint = '/api/ListSafeAttachmentsFilters' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Spamfilter/Get-CIPPSafeAttachmentFilter.ps1' 42 #Region './public/Email/Spamfilter/Get-CIPPSafeLinkFilter.ps1' -1 <# .SYNOPSIS Gets safe links filter settings. .DESCRIPTION The Get-CIPPSafeLinkFilter function retrieves safe links policies and rules configured in Exchange Online for a tenant. The output combines policy settings with their associated rules. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPSafeLinkFilter -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all safe links policies and their associated rules for the specified tenant. .NOTES Requires Exchange.SpamFilter.Read permissions. Each policy entry includes: - All policy settings - Associated rule name - Rule priority - Rule recipient domains - Rule state #> function Get-CIPPSafeLinkFilter { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting safe links filter settings for tenant $CustomerTenantID" $endpoint = '/api/ListSafeLinksFilters' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Spamfilter/Get-CIPPSafeLinkFilter.ps1' 42 #Region './public/Email/Spamfilter/Get-CIPPSpamFilter.ps1' -1 <# .SYNOPSIS Retrieves the spam filter settings for a specified customer tenant ID. .DESCRIPTION The Get-CIPPSpamFilter function retrieves the spam filter settings for a specified customer tenant ID using the CIPP API. It sends a request to the "/api/listspamfilter" endpoint with the provided tenant ID as a filter parameter. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve the spam filter settings. This parameter is mandatory. .EXAMPLE Get-CIPPSpamFilter -CustomerTenantID "" Retrieves the spam filter settings for the customer tenant with the ID "". #> function Get-CIPPSpamFilter { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting spam filter settings for $CustomerTenantID" $endpoint = '/api/listspamfilter' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Spamfilter/Get-CIPPSpamFilter.ps1' 30 #Region './public/Email/Spamfilter/Get-CIPPSpamFilterTemplates.ps1' -1 <# .SYNOPSIS Retrieves spam filter templates from the CIPP API. .DESCRIPTION The Get-CIPPSpamFilterTemplates function retrieves spam filter templates from the CIPP API. It makes a REST API call to the "/api/listspamfiltertemplates" endpoint and returns the templates. .PARAMETER TemplateID Specifies the ID of the template to retrieve. This parameter is optional. .EXAMPLE Get-CIPPSpamFilterTemplates -TemplateID "12345" Retrieves the spam filter template with the ID "12345" from the CIPP API. #> function Get-CIPPSpamFilterTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$TemplateID ) Write-Verbose 'Getting spam filter templates' $endpoint = '/api/listspamfiltertemplates' $params = @{ id = $TemplateID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Spamfilter/Get-CIPPSpamFilterTemplates.ps1' 30 #Region './public/Email/Spamfilter/Get-CIPPTenantAllowBlockList.ps1' -1 <# .SYNOPSIS Gets tenant allow/block list items. .DESCRIPTION The Get-CIPPTenantAllowBlockList function retrieves all allow/block list items for a tenant, including senders, URLs, and file hashes. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPTenantAllowBlockList -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all allow/block list entries (senders, URLs, and file hashes) for the specified tenant. .NOTES Requires Exchange.SpamFilter.Read permissions. Returns items for three list types: - Sender: Email addresses and domains - Url: Web addresses - FileHash: File hashes for malware detection #> function Get-CIPPTenantAllowBlockList { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting tenant allow/block list items for tenant $CustomerTenantID" $endpoint = '/api/ListTenantAllowBlockList' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Spamfilter/Get-CIPPTenantAllowBlockList.ps1' 39 #Region './public/Email/Spamfilter/Set-CIPPSpamFilter.ps1' -1 <# .SYNOPSIS Sets the state of a spam filter for a customer's tenant. .DESCRIPTION The Set-CIPPSpamFilter function is used to edit the state of a spam filter for a customer's tenant. It takes the customer's tenant ID, a unique identifier (optional), the name of the spam filter, and the desired state (Enable or Disable) as parameters. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER Guid A unique identifier for the spam filter. This parameter is optional. .PARAMETER Name The name of the spam filter. .PARAMETER State The desired state of the spam filter. Valid values are "Enable" or "Disable". .EXAMPLE Set-CIPPSpamFilter -CustomerTenantID "" -Name "SpamFilter1" -State "Enable" Sets the state of the spam filter named "SpamFilter1" to "Enable" for the customer's tenant with ID "". .EXAMPLE Set-CIPPSpamFilter -CustomerTenantID "" -Guid "abcdefg" -Name "SpamFilter2" -State "Disable" Sets the state of the spam filter named "SpamFilter2" to "Disable" for the customer's tenant with ID "" using the unique identifier "abcdefg". #> function Set-CIPPSpamFilter { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [guid]$Guid, [Parameter(Mandatory = $true)] [string]$Name, [Parameter(Mandatory = $true)] [ValidateSet('Enable', 'Disable')] [string]$State ) Write-Verbose 'Editing Spam Filter' $endpoint = '/api/editspamfilter' $params = @{ tenantfilter = $CustomerTenantID guid = $Guid name = $Name state = $State } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Spamfilter/Set-CIPPSpamFilter.ps1' 54 #Region './public/Email/Tools/Get-CIPPMailboxRestores.ps1' -1 <# .SYNOPSIS Retrieves mailbox restores for a specified customer tenant. .DESCRIPTION The Get-CIPPMailboxRestores function retrieves mailbox restores for a specified customer tenant in the CIPP project. It uses the Invoke-CIPPRestMethod function to make a REST API call to the "/api/listmailboxrestores" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which mailbox restores should be retrieved. This parameter is mandatory. .PARAMETER Identity Specifies the identity of the mailbox for which restores should be retrieved. This parameter is optional. .PARAMETER Includereport Indicates whether to include the restore report in the results. This parameter is optional. .PARAMETER Statistics Indicates whether to include statistics about the restores in the results. This parameter is optional. .EXAMPLE Get-CIPPMailboxRestores -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Identity "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -Includereport -Statistics Retrieves mailbox restores for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and includes the restore report and statistics in the results. #> function Get-CIPPMailboxRestores { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$Identity, [Parameter(Mandatory = $false)] [switch]$Includereport, [Parameter(Mandatory = $false)] [switch]$Statistics ) Write-Verbose "Getting mailbox restores for $CustomerTenantID" $endpoint = '/api/listmailboxrestores' $params = @{ tenantfilter = $CustomerTenantID identity = $Identity } if ($Includereport) { $params.IncludeReport = 'true' } if ($Statistics) { $params.Statistics = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Tools/Get-CIPPMailboxRestores.ps1' 55 #Region './public/Email/Tools/Get-CIPPMessageTrace.ps1' -1 <# .SYNOPSIS Retrieves the message trace for a specific customer tenant ID. .DESCRIPTION The Get-CIPPMessageTrace function retrieves the message trace for a specific customer tenant ID within a specified number of days. It can also filter the results based on the sender and recipient email addresses. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the message trace needs to be retrieved. This parameter is mandatory. .PARAMETER Days Specifies the number of days within which the message trace needs to be retrieved. This parameter is mandatory. .PARAMETER Sender Specifies the sender email address to filter the message trace results. This parameter is optional. .PARAMETER Recipient Specifies the recipient email address to filter the message trace results. This parameter is optional. .EXAMPLE Get-CIPPMessageTrace -CustomerTenantID "" -Days 7 Retrieves the message trace for the customer tenant ID "" within the last 7 days. .EXAMPLE Get-CIPPMessageTrace -CustomerTenantID "" -Days 30 -Sender "" Retrieves the message trace for the customer tenant ID "" within the last 30 days, filtering the results to include only messages sent by "". .EXAMPLE Get-CIPPMessageTrace -CustomerTenantID "" -Days 14 -Recipient "" Retrieves the message trace for the customer tenant ID "" within the last 14 days, filtering the results to include only messages received by "". #> function Get-CIPPMessageTrace { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Days, [Parameter(Mandatory = $false)] [string]$Sender, [Parameter(Mandatory = $false)] [string]$Recipient ) Write-Verbose "Getting message trace for $CustomerTenantID" $endpoint = '/api/listmessagetrace' $params = @{ tenantfilter = $CustomerTenantID days = $Days sender = $Sender recipient = $Recipient } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Tools/Get-CIPPMessageTrace.ps1' 58 #Region './public/Email/Transport/Get-CIPPExchangeConnectors.ps1' -1 <# .SYNOPSIS Retrieves Exchange Connectors for a specific customer. .DESCRIPTION The Get-CIPPExchangeConnectors function retrieves Exchange Connectors for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the unique identifier of the customer's tenant. .EXAMPLE Get-CIPPExchangeConnectors -CustomerTenantID "Get-CIPPEnabledSharedMailboxes" Retrieves the Exchange Connectors for the customer with the tenant ID "Get-CIPPEnabledSharedMailboxes". #> function Get-CIPPExchangeConnectors { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Exchange Connectors for customer: $CustomerTenantID" $endpoint = '/api/listexchangeconnectors' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Transport/Get-CIPPExchangeConnectors.ps1' 31 #Region './public/Email/Transport/Get-CIPPExchangeConnectorTemplates.ps1' -1 <# .SYNOPSIS Retrieves the Exchange Connector Templates. .DESCRIPTION The Get-CIPPExchangeConnectorTemplates function retrieves the Exchange Connector Templates by making a REST API call to the specified endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPExchangeConnectorTemplates This example demonstrates how to use the Get-CIPPExchangeConnectorTemplates function to retrieve the Exchange Connector Templates. #> function Get-CIPPExchangeConnectorTemplates { [CmdletBinding()] Param() Write-Verbose 'Getting Exchange Connectors Templates' $endpoint = '/api/listexconnectortemplates' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Email/Transport/Get-CIPPExchangeConnectorTemplates.ps1' 26 #Region './public/Email/Transport/Get-CIPPTransportRule.ps1' -1 <# .SYNOPSIS Gets Exchange transport rules. .DESCRIPTION The Get-CIPPTransportRule function retrieves all transport rules configured in Exchange Online for a tenant. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPTransportRule -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all transport rules configured for the specified tenant. .NOTES Requires Exchange.TransportRule.Read permissions. Transport rules define conditions and actions for email flow in the organization. #> function Get-CIPPTransportRule { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting transport rules for tenant $CustomerTenantID" $endpoint = '/api/ListTransportRules' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Email/Transport/Get-CIPPTransportRule.ps1' 36 #Region './public/Email/Transport/Get-CIPPTransportRulesTemplates.ps1' -1 <# .SYNOPSIS Retrieves transport rules for a specified customer tenant ID. .DESCRIPTION The Get-CIPPTransportRules function retrieves transport rules for a specified customer tenant ID using the CIPP API. .PARAMETER CustomerTenantID The unique identifier of the customer tenant for which to retrieve the transport rules. .EXAMPLE Get-CIPPTransportRules -CustomerTenantID "" Retrieves the transport rules for the customer tenant with the ID "". #> function Get-CIPPTransportRulesTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting transport rules for $CustomerTenantID" $endpoint = '/api/listtransportrules' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Transport/Get-CIPPTransportRulesTemplates.ps1' 30 #Region './public/Email/Transport/Remove-CIPPConnectionFilterTemplate.ps1' -1 <# .SYNOPSIS Removes a Connection Filter Template. .DESCRIPTION The Remove-CIPPConnectionFilterTemplate function removes a specified Connection Filter Template from CIPP. .PARAMETER TemplateId Specifies the ID of the Connection Filter Template to remove. .EXAMPLE Remove-CIPPConnectionFilterTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the Connection Filter Template with the specified ID from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange Connection Filter Templates. #> function Remove-CIPPConnectionFilterTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing Connection Filter Template $TemplateId" $endpoint = '/api/RemoveConnectionfilterTemplate' $body = @{ id = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Transport/Remove-CIPPConnectionFilterTemplate.ps1' 35 #Region './public/Email/Transport/Remove-CIPPExConnector.ps1' -1 <# .SYNOPSIS Removes an Exchange connector. .DESCRIPTION The Remove-CIPPExConnector function removes a specified Exchange connector from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER ConnectorGuid Specifies the GUID of the connector to remove. .PARAMETER ConnectorType Specifies the type of connector. Valid values are 'Receive' and 'Send'. .EXAMPLE Remove-CIPPExConnector -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -ConnectorGuid "98765432-4321-4321-4321-BA0987654321" -ConnectorType "Receive" Removes the specified Receive connector from the specified tenant. .EXAMPLE Remove-CIPPExConnector -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -ConnectorGuid "98765432-4321-4321-4321-BA0987654321" -ConnectorType "Send" Removes the specified Send connector from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange connectors. #> function Remove-CIPPExConnector { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$ConnectorGuid, [Parameter(Mandatory = $true)] [ValidateSet('Receive', 'Send')] [string]$ConnectorType ) Write-Verbose "Removing $ConnectorType connector $ConnectorGuid from tenant $CustomerTenantID" $endpoint = '/api/RemoveExConnector' $body = @{ tenantFilter = $CustomerTenantID GUID = $ConnectorGuid Type = $ConnectorType } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Email/Transport/Remove-CIPPExConnector.ps1' 54 #Region './public/Email/Transport/Remove-CIPPExConnectorTemplate.ps1' -1 <# .SYNOPSIS Removes an Exchange connector template. .DESCRIPTION The Remove-CIPPExConnectorTemplate function removes a specified Exchange connector template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the Exchange connector template to remove. .EXAMPLE Remove-CIPPExConnectorTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified Exchange connector template from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange connector templates. #> function Remove-CIPPExConnectorTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing Exchange connector template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveExConnectorTemplate' $body = @{ tenantFilter = $CustomerTenantID ID = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Email/Transport/Remove-CIPPExConnectorTemplate.ps1' 42 #Region './public/Email/Transport/Remove-CIPPSpamFilter.ps1' -1 <# .SYNOPSIS Removes a spam filter rule and policy. .DESCRIPTION The Remove-CIPPSpamFilter function removes a specified spam filter rule and its associated policy from Exchange in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER Name Specifies the name of the spam filter rule and policy to remove. .EXAMPLE Remove-CIPPSpamFilter -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -Name "Block Spam Policy" Removes the specified spam filter rule and policy from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange spam filter rules and policies. #> function Remove-CIPPSpamFilter { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Name ) Write-Verbose "Removing spam filter rule and policy '$Name' from tenant $CustomerTenantID" $endpoint = '/api/RemoveSpamfilter' $body = @{ tenantFilter = $CustomerTenantID name = $Name } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Email/Transport/Remove-CIPPSpamFilter.ps1' 42 #Region './public/Email/Transport/Remove-CIPPSpamFilterTemplate.ps1' -1 <# .SYNOPSIS Removes a spam filter template. .DESCRIPTION The Remove-CIPPSpamFilterTemplate function removes a specified spam filter template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the spam filter template to remove. .EXAMPLE Remove-CIPPSpamFilterTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified spam filter template from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange spam filter templates. #> function Remove-CIPPSpamFilterTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing spam filter template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveSpamfilterTemplate' $body = @{ tenantFilter = $CustomerTenantID ID = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Email/Transport/Remove-CIPPSpamFilterTemplate.ps1' 42 #Region './public/Email/Transport/Remove-CIPPTransportRule.ps1' -1 <# .SYNOPSIS Removes an Exchange transport rule. .DESCRIPTION The Remove-CIPPTransportRule function removes a specified transport rule from Exchange in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER RuleGuid Specifies the GUID of the transport rule to remove. .EXAMPLE Remove-CIPPTransportRule -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -RuleGuid "98765432-4321-4321-4321-BA0987654321" Removes the specified transport rule from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange transport rules. #> function Remove-CIPPTransportRule { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$RuleGuid ) Write-Verbose "Removing transport rule $RuleGuid from tenant $CustomerTenantID" $endpoint = '/api/RemoveTransportRule' $body = @{ tenantFilter = $CustomerTenantID guid = $RuleGuid } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Email/Transport/Remove-CIPPTransportRule.ps1' 42 #Region './public/Email/Transport/Remove-CIPPTransportRuleTemplate.ps1' -1 <# .SYNOPSIS Removes a transport rule template. .DESCRIPTION The Remove-CIPPTransportRuleTemplate function removes a specified transport rule template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the transport rule template to remove. .EXAMPLE Remove-CIPPTransportRuleTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified transport rule template from the specified tenant. .NOTES Requires appropriate permissions to manage Exchange transport rule templates. #> function Remove-CIPPTransportRuleTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing transport rule template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveTransportRuleTemplate' $body = @{ tenantFilter = $CustomerTenantID id = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Email/Transport/Remove-CIPPTransportRuleTemplate.ps1' 42 #Region './public/Email/Transport/Set-CIPPExchConnector.ps1' -1 <# .SYNOPSIS Sets the state and type of an Exchange Connector for a specific customer tenant. .DESCRIPTION The Set-CIPPExchConnector function is used to edit the state and type of an Exchange Connector for a specific customer tenant. It sends a REST API request to update the connector settings. .PARAMETER CustomerTenantID The ID of the customer tenant for which the Exchange Connector needs to be edited. .PARAMETER State The state of the Exchange Connector. Valid values are "Enable" and "Disabled". .PARAMETER Guid The GUID of the Exchange Connector. .PARAMETER Type The type of the Exchange Connector. .EXAMPLE Set-CIPPExchConnector -CustomerTenantID "" -State "Enable" -Guid "abcdefg" -Type "Inbound" This example sets the state of the Exchange Connector for the customer tenant with ID "" to "Enable", using the GUID "abcdefg" and the type "Inbound". #> function Set-CIPPExchConnector { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory)] [ValidateSet('Enable', 'Disabled')] [string]$State, [Parameter(Mandatory = $true)] [guid]$Guid, [Parameter(Mandatory = $true)] [string]$Type ) Write-Verbose "Editing Exchange Connector for tenant $CustomerTenantID" $endpoint = '/api/editexconnector' $params = @{ TenantFilter = $CustomerTenantID state = $State GUID = $Guid Type = $Type } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Transport/Set-CIPPExchConnector.ps1' 52 #Region './public/Email/Transport/Set-CIPPTransportRule.ps1' -1 <# .SYNOPSIS Sets the state of a transport rule for a specific customer tenant. .DESCRIPTION The Set-CIPPTransportRule function is used to set the state of a transport rule for a specific customer tenant in the CIPP API. .PARAMETER CustomerTenantID The ID of the customer tenant for which the transport rule needs to be edited. .PARAMETER State The state to set for the transport rule. Valid values are "Enable" and "Disable". .PARAMETER Guid The GUID of the transport rule to be edited. .EXAMPLE Set-CIPPTransportRule -CustomerTenantID "" -State "Enable" -Guid "abcdefg" Sets the state of the transport rule with the GUID "abcdefg" to "Enable" for the customer tenant with ID "". .EXAMPLE Set-CIPPTransportRule -CustomerTenantID "" -State "Disable" -Guid "hijklmn" Sets the state of the transport rule with the GUID "hijklmn" to "Disable" for the customer tenant with ID "". #> function Set-CIPPTransportRule { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory)] [ValidateSet('Enable', 'Disable')] [string]$State, [Parameter(Mandatory = $true)] [guid]$Guid ) Write-Verbose "Editing transport rule for tenant $CustomerTenantID" $endpoint = '/api/edittransportrule' $params = @{ TenantFilter = $CustomerTenantID state = $State GUID = $Guid } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Email/Transport/Set-CIPPTransportRule.ps1' 49 #Region './public/Endpoint/Applications/Get-CIPPApps.ps1' -1 <# .SYNOPSIS Retrieves a list of apps for a specific customer tenant ID. .DESCRIPTION The Get-CIPPApps function retrieves a list of apps for a specific customer tenant ID by making a REST API call to the "/api/listapps" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the apps. .EXAMPLE Get-CIPPApps -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves a list of apps for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPApps { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Apps for $CustomerTenantID" $Endpoint = '/api/listapps' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Endpoint/Applications/Get-CIPPApps.ps1' 32 #Region './public/Endpoint/Applications/Get-CIPPAppStatus.ps1' -1 <# .SYNOPSIS Gets application deployment status. .DESCRIPTION The Get-CIPPAppStatus function retrieves the status of application deployments in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPAppStatus -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Retrieves the status of application deployments for the specified tenant. .NOTES Requires appropriate permissions to view application status information. #> function Get-CIPPAppStatus { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$AppFilter ) Write-Verbose "Getting application status for tenant $CustomerTenantID" $endpoint = '/api/ListAppStatus' $params = @{ tenantFilter = $CustomerTenantID appFilter = $AppFilter } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Endpoint/Applications/Get-CIPPAppStatus.ps1' 39 #Region './public/Endpoint/Applications/Remove-CIPPIntuneApp.ps1' -1 <# .SYNOPSIS Removes an Intune application. .DESCRIPTION The Remove-CIPPIntuneApp function removes an application from Intune. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. This parameter is mandatory. .PARAMETER AppID Specifies the ID of the application to remove. This parameter is mandatory. .EXAMPLE Remove-CIPPIntuneApp -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -AppID "98765432-4321-4321-4321-0987654321BA" Removes the Intune application with ID "98765432-4321-4321-4321-0987654321BA" from the specified tenant. #> function Remove-CIPPIntuneApp { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$AppID ) Write-Verbose "Removing Intune application $($AppID)" $endpoint = '/api/RemoveApp' $params = @{ tenantFilter = $CustomerTenantID ID = $AppID # Parameter name from API definition } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method POST } #EndRegion './public/Endpoint/Applications/Remove-CIPPIntuneApp.ps1' 37 #Region './public/Endpoint/Applications/Remove-CIPPQueuedApp.ps1' -1 <# .SYNOPSIS Removes an application from the CIPP application queue. .DESCRIPTION The Remove-CIPPQueuedApp function removes a specified application from the CIPP application queue. This is typically used to remove pending application deployments or installations. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER ApplicationId Specifies the ID of the application to remove from the queue. .EXAMPLE Remove-CIPPQueuedApp -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -ApplicationId "98765432-4321-4321-4321-BA0987654321" Removes the specified application from the CIPP application queue for the specified tenant. .NOTES Requires appropriate permissions to manage application deployments. #> function Remove-CIPPQueuedApp { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ApplicationId ) Write-Verbose "Removing application $ApplicationId from the queue for tenant $CustomerTenantID" $endpoint = '/api/RemoveQueuedApp' $body = @{ tenantFilter = $CustomerTenantID id = $ApplicationId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Endpoint/Applications/Remove-CIPPQueuedApp.ps1' 42 #Region './public/Endpoint/Autopilot/Get-CIPPAPDevices.ps1' -1 <# .SYNOPSIS Retrieves AutoPilot devices for a specific customer tenant. .DESCRIPTION The Get-CIPPAPDevices function retrieves AutoPilot devices for a specific customer tenant by making a REST API call to the "/api/listapdevices" endpoint. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve AutoPilot devices. .EXAMPLE Get-CIPPAPDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves AutoPilot devices for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAPDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting AutoPilot Devices for $CustomerTenantID" $Endpoint = '/api/listapdevices' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Endpoint/Autopilot/Get-CIPPAPDevices.ps1' 32 #Region './public/Endpoint/Autopilot/Get-CIPPAutoPilotConfig.ps1' -1 <# .SYNOPSIS Retrieves AutoPilot configuration information for a specified customer tenant ID and type. .DESCRIPTION The Get-CIPPAutoPilotConfig function retrieves AutoPilot configuration information for a specified customer tenant ID and type. It makes a REST API call to retrieve the configuration data. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the AutoPilot configuration. .PARAMETER Type Specifies the type of AutoPilot configuration to retrieve. Valid values are "ESP" and "ApProfile". .EXAMPLE Get-CIPPAutoPilotConfig -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Type "ESP" Retrieves the AutoPilot Status Page for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAutoPilotConfig -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -Type "ApProfile" Retrieves the AutoPilot Profile for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAutoPilotConfig { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Type ) if ($Type -eq 'ESP') { Write-Verbose "Getting AutoPilot Status Page for $CustomerTenantID" } elseif ($Type -eq 'ApProfile') { Write-Verbose "Getting AutoPilot Profile for customer: $CustomerTenantID" } $Endpoint = '/api/listautopilotconfig' $Params = @{ tenantfilter = $CustomerTenantID type = $Type } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Endpoint/Autopilot/Get-CIPPAutoPilotConfig.ps1' 47 #Region './public/Endpoint/Autopilot/Remove-CIPPAPDevice.ps1' -1 <# .SYNOPSIS Removes an Autopilot device. .DESCRIPTION The Remove-CIPPAPDevice function removes an Autopilot device from Intune. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. This parameter is mandatory. .PARAMETER DeviceID Specifies the ID of the Autopilot device to remove. This parameter is mandatory. .EXAMPLE Remove-CIPPAPDevice -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -DeviceID "98765432-4321-4321-4321-0987654321BA" Removes the Autopilot device with ID "98765432-4321-4321-4321-0987654321BA" from the specified tenant. #> function Remove-CIPPAPDevice { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DeviceID ) Write-Verbose "Removing Autopilot device $($DeviceID)" $endpoint = '/api/RemoveAPDevice' $params = @{ tenantFilter = $CustomerTenantID deviceID = $DeviceID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method POST } #EndRegion './public/Endpoint/Autopilot/Remove-CIPPAPDevice.ps1' 37 #Region './public/Endpoint/Autopilot/Set-CIPPAutoPilotSync.ps1' -1 <# .SYNOPSIS Syncs AutoPilot devices for a specified customer tenant ID. .DESCRIPTION The Set-CIPPAutoPilotSync function is used to sync AutoPilot devices for a specific customer tenant ID. It makes a request to the specified endpoint with the provided parameters. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which the AutoPilot devices need to be synced. .EXAMPLE Set-CIPPAutoPilotSync -CustomerTenantID "" Syncs AutoPilot devices for the customer tenant ID "". #> Function Set-CIPPAutoPilotSync { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Syncing AutoPilot Devices for $CustomerTenantID" # Define the endpoint and parameters $Endpoint = '/api/ExecSyncAPDevices' $Params = @{ tenantFilter = $CustomerTenantID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params -Method POST } #EndRegion './public/Endpoint/Autopilot/Set-CIPPAutoPilotSync.ps1' 34 #Region './public/Endpoint/MEM/Get-CIPPDeviceDetails.ps1' -1 <# .SYNOPSIS Gets detailed device information. .DESCRIPTION The Get-CIPPDeviceDetails function retrieves detailed information about managed devices in Intune, including group membership, compliance policies, and installed applications. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER DeviceID Optional. Specifies the device ID to retrieve details for. .PARAMETER DeviceName Optional. Specifies the device name to search for. .PARAMETER DeviceSerial Optional. Specifies the device serial number to search for. .EXAMPLE Get-CIPPDeviceDetails -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -DeviceID "device123" Returns detailed information for the specified device ID. .EXAMPLE Get-CIPPDeviceDetails -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -DeviceName "LAPTOP-XYZ" -DeviceSerial "ABC123" Searches for a device by both name and serial number. .NOTES Requires Identity.Device.Read permissions. At least one search parameter (DeviceID, DeviceName, or DeviceSerial) must be provided. When both DeviceName and DeviceSerial are provided, the function attempts to find an exact match first. The results include: - Device properties - Group memberships - Compliance policies - Detected applications #> function Get-CIPPDeviceDetails { [CmdletBinding(DefaultParameterSetName = 'ById')] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true, ParameterSetName = 'ById')] [string]$DeviceID, [Parameter(Mandatory = $true, ParameterSetName = 'ByNameOrSerial', Position = 0)] [string]$DeviceName, [Parameter(Mandatory = $false, ParameterSetName = 'ByNameOrSerial')] [string]$DeviceSerial ) if ($PSCmdlet.ParameterSetName -eq 'ByNameOrSerial' -and -not $DeviceName -and -not $DeviceSerial) { throw 'At least one of DeviceName or DeviceSerial must be provided' } Write-Verbose "Getting device details from tenant $CustomerTenantID" $endpoint = '/api/ListDeviceDetails' $params = @{ tenantFilter = $CustomerTenantID } if ($DeviceID) { Write-Verbose "Searching by Device ID: $DeviceID" $params['DeviceID'] = $DeviceID } else { Write-Verbose "Searching by Name: $DeviceName and/or Serial: $DeviceSerial" if ($DeviceName) { $params['DeviceName'] = $DeviceName } if ($DeviceSerial) { $params['DeviceSerial'] = $DeviceSerial } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Endpoint/MEM/Get-CIPPDeviceDetails.ps1' 81 #Region './public/Endpoint/MEM/Get-CIPPGetBitLockerKey.ps1' -1 <# .SYNOPSIS Gets the BitLocker recovery key for a specified computer. .DESCRIPTION The Get-CIPPGetBitLockerKey function retrieves the BitLocker recovery key for a specified computer in the CIPP project. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .PARAMETER guid Specifies the GUID of the computer for which to retrieve the BitLocker recovery key. .EXAMPLE Get-CIPPGetBitLockerKey -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -guid "01234567-89AB-CDEF-0123-456789ABCDEF" Retrieves the BitLocker recovery key for the computer with the specified GUID in the CIPP project. #> Function Get-CIPPGetBitLockerKey { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$guid ) Write-Verbose "Getting bitlocker key for computer: $guid" # Define the endpoint and parameters $endpoint = '/api/execgetrecoverykey' $params = @{ tenantfilter = $CustomerTenantID guid = $guid } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/MEM/Get-CIPPGetBitLockerKey.ps1' 40 #Region './public/Endpoint/MEM/Get-CIPPIntuneIntents.ps1' -1 <# .SYNOPSIS Retrieves Intune Intents for a specific customer. .DESCRIPTION The Get-CIPPIntuneIntents function retrieves Intune Intents for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .EXAMPLE Get-CIPPIntuneIntents -CustomerTenantID "" This example retrieves Intune Intents for the customer with the tenant ID "". .EXAMPLE Get-CIPPIntuneIntents -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves Intune Intents for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> Function Get-CIPPIntuneIntents { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Intune Intents for customer: $CustomerTenantID" # Define the endpoint and parameters $endpoint = '/api/listintuneintents' $params = @{ tenantfilter = $CustomerTenantID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/MEM/Get-CIPPIntuneIntents.ps1' 38 #Region './public/Endpoint/MEM/Get-CIPPIntunePolicy.ps1' -1 <# .SYNOPSIS Retrieves Intune policies for a specific customer. .DESCRIPTION The Get-CIPPIntunePolicy function retrieves Intune policies for a specific customer based on the provided parameters. It uses the Invoke-CIPPRestMethod function to make the request to the API. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER PolicyID The ID of the policy. This parameter is optional. .PARAMETER Urlname The URL name. This parameter is optional. .EXAMPLE Get-CIPPIntunePolicy -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -PolicyID "policy123" -Urlname "example" This example retrieves the Intune policies for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778", using the policy ID "policy123" and the URL name "example". .EXAMPLE Get-CIPPIntunePolicy -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves all Intune policies for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> Function Get-CIPPIntunePolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$PolicyID, [Parameter(Mandatory = $false)] [string]$Urlname ) Write-Verbose "Getting Intune policies for customer: $CustomerTenantID" # Validation to ensure both $PolicyID and $urlname are supplied together if (($PolicyID -and -not $urlname) -or (-not $PolicyID -and $urlname)) { throw 'You must supply both -PolicyID and -Urlname parameters together or not at all.' } # Define the endpoint and parameters $endpoint = '/api/listintunepolicy' $params = @{ tenantfilter = $CustomerTenantID URLName = $urlname id = $PolicyID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/MEM/Get-CIPPIntunePolicy.ps1' 55 #Region './public/Endpoint/MEM/Get-CIPPIntuneTemplates.ps1' -1 <# .SYNOPSIS Retrieves Intune templates. .DESCRIPTION The Get-CIPPIntuneTemplates function retrieves Intune templates using the CIPPRestMethod cmdlet. .PARAMETER TemplateID Specifies the ID of the template to retrieve. This parameter is optional. .EXAMPLE Get-CIPPIntuneTemplates -TemplateID "12345" Retrieves the Intune template with the ID "12345". #> function Get-CIPPIntuneTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$TemplateID ) Write-Verbose 'Getting Intune Templates' $endpoint = '/api/listintunetemplates' $params = @{ tenantfilter = $CustomerTenantID id = $TemplateID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/MEM/Get-CIPPIntuneTemplates.ps1' 31 #Region './public/Endpoint/MEM/Get-CIPPLocalAdminPassword.ps1' -1 <# .SYNOPSIS Retrieves the local admin password for a specified computer. .DESCRIPTION The Get-CIPPLocalAdminPassword function retrieves the local admin password for a specified computer in the CIPP project. It makes a REST API request to the CIPP API endpoint to fetch the password. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER guid The GUID of the computer for which to retrieve the local admin password. .EXAMPLE Get-CIPPLocalAdminPassword -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -guid "abcdefg" This example retrieves the local admin password for the computer with the specified GUID in the CIPP project. .INPUTS None. .OUTPUTS None. .NOTES Author: Your Name Date: Current Date .LINK #> Function Get-CIPPLocalAdminPassword { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$guid ) Write-Verbose "Getting local admin password for computer: $guid" # Define the endpoint and parameters $endpoint = '/api/execgetlocaladminpassword' $params = @{ tenantfilter = $CustomerTenantID guid = $guid } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/MEM/Get-CIPPLocalAdminPassword.ps1' 53 #Region './public/Endpoint/MEM/Remove-CIPPIntuneScript.ps1' -1 <# .SYNOPSIS Removes an Intune script. .DESCRIPTION The Remove-CIPPIntuneScript function removes a specified script from Microsoft Intune. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER ScriptID Specifies the ID of the script to remove. .PARAMETER ScriptType Specifies the type of script to remove. Valid values are: - Windows (Device Management Scripts) - MacOS (Shell Scripts) - Remediation (Device Health Scripts) - Linux (Configuration Policies) .PARAMETER DisplayName Specifies the display name of the script being removed. Used for logging purposes. .EXAMPLE Remove-CIPPIntuneScript -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -ScriptID "87654321-4321-4321-4321-BA0987654321" -ScriptType "Windows" -DisplayName "Windows Cleanup Script" Removes the specified Windows script from Intune. .NOTES Requires Endpoint.MEM.ReadWrite permissions. Different script types are stored in different Graph API endpoints. #> function Remove-CIPPIntuneScript { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ScriptID, [Parameter(Mandatory = $true)] [ValidateSet('Windows', 'MacOS', 'Remediation', 'Linux')] [string]$ScriptType, [Parameter(Mandatory = $false)] [string]$DisplayName ) if ([string]::IsNullOrWhiteSpace($DisplayName)) { Write-Verbose 'DisplayName is not provided. Proceeding without a display name.' $DisplayName = $ScriptID } Write-Verbose "Removing $ScriptType script '$DisplayName' with ID $ScriptID from tenant $CustomerTenantID" $endpoint = '/api/RemoveIntuneScript' $body = @{ tenantFilter = $CustomerTenantID ID = $ScriptID ScriptType = $ScriptType DisplayName = $DisplayName } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Endpoint/MEM/Remove-CIPPIntuneScript.ps1' 67 #Region './public/Endpoint/MEM/Remove-CIPPIntuneTemplate.ps1' -1 <# .SYNOPSIS Removes an Intune template. .DESCRIPTION The Remove-CIPPIntuneTemplate function removes a specified Intune template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the Intune template to remove. .EXAMPLE Remove-CIPPIntuneTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified Intune template from the specified tenant. .NOTES Requires appropriate permissions to manage Intune templates. #> function Remove-CIPPIntuneTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing Intune template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveIntuneTemplate' $body = @{ tenantFilter = $CustomerTenantID ID = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Endpoint/MEM/Remove-CIPPIntuneTemplate.ps1' 42 #Region './public/Endpoint/MEM/Remove-CIPPMEMPolicy.ps1' -1 <# .SYNOPSIS Removes a Microsoft Endpoint Manager (MEM) policy. .DESCRIPTION The Remove-CIPPMEMPolicy function removes a specified Microsoft Endpoint Manager policy from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER PolicyId Specifies the ID of the policy to remove. .PARAMETER UrlName Specifies the URL name for the policy type in the Graph API (e.g., 'configurationPolicies', 'deviceConfigurations'). .EXAMPLE Remove-CIPPMEMPolicy -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -PolicyId "98765432-4321-4321-4321-BA0987654321" -UrlName "configurationPolicies" Removes the specified configuration policy from the specified tenant. .NOTES Requires appropriate permissions to manage Microsoft Endpoint Manager policies. #> function Remove-CIPPMEMPolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$PolicyId, [Parameter(Mandatory = $true)] [string]$UrlName ) Write-Verbose "Removing MEM policy $PolicyId from tenant $CustomerTenantID" $endpoint = '/api/RemovePolicy' $body = @{ tenantFilter = $CustomerTenantID ID = $PolicyId URLName = $UrlName } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Endpoint/MEM/Remove-CIPPMEMPolicy.ps1' 49 #Region './public/Endpoint/MEM/Set-CIPPDeviceAction.ps1' -1 <# .SYNOPSIS Executes a device action in the CIPP API. .DESCRIPTION The Set-CIPPDeviceAction function is used to execute various actions on a device in the CIPP API. The function supports actions such as syncing the device, rebooting the device, locating the device, rotating the local admin password, performing Windows Defender scans, updating Windows Defender signatures, generating logs and shipping them to MEM, renaming the device, performing a fresh start with or without removing user data, wiping the device with or without removing enrollment data, performing an Autopilot reset, and retiring the device. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER DeviceID The ID of the device. .PARAMETER Action The action to be performed on the device. Valid values are: - syncDevice - rebootNow - locateDevice - RotateLocalAdminPassword - WindowsDefenderFullScan - WindowsDefenderQuickScan - UpdateWindowsDefender - GenerateLogsAndShipToMEM - RenameDevice - FreshStartRemoveUserData - FreshStartDoNotRemoveUserData - WipeDeviceKeepEnrollmentData - WipeDeviceRemoveEnrollmentData - WipeDeviceKeepEnrollmentDataContinueAtPowerloss - WipeDeviceRemoveEnrollmentDataContinueAtPowerloss - AutopilotReset - RetireDevice .PARAMETER NewDeviceName The new name to assign to the device when the action is "RenameDevice". .EXAMPLE Set-CIPPDeviceAction -CustomerTenantID "" -DeviceID "98765432-4321-4321-4321-0987654321BA" -Action "syncDevice" This example executes the "syncDevice" action on the specified device. #> Function Set-CIPPDeviceAction { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$DeviceID, [Parameter(Mandatory = $true)] [ValidateSet( 'syncDevice', 'rebootNow', 'locateDevice', 'RotateLocalAdminPassword', 'WindowsDefenderFullScan', 'WindowsDefenderQuickScan', 'UpdateWindowsDefender', 'GenerateLogsAndShipToMEM', 'RenameDevice', 'FreshStartRemoveUserData', 'FreshStartDoNotRemoveUserData', 'WipeDeviceKeepEnrollmentData', 'WipeDeviceRemoveEnrollmentData', 'WipeDeviceKeepEnrollmentDataContinueAtPowerloss', 'WipeDeviceRemoveEnrollmentDataContinueAtPowerloss', 'AutopilotReset', 'RetireDevice')] [string]$Action, [Parameter(Mandatory = $false)] [string]$NewDeviceName ) Write-Verbose "Executing $Action on Device $DeviceID" # Determine the HTTP method and construct the body if needed $method = 'GET' $body = @{} $actionQuery = $Action switch ($Action) { 'WindowsDefenderFullScan' { $method = 'POST' $actionQuery = 'WindowsDefenderScan' $body.quickScan = $false } 'WindowsDefenderQuickScan' { $method = 'POST' $actionQuery = 'WindowsDefenderScan' $body.quickScan = $true } 'UpdateWindowsDefender' { $method = 'POST' $actionQuery = 'windowsDefenderUpdateSignatures' } 'RenameDevice' { $method = 'POST' $body.newDeviceName = $NewDeviceName } 'FreshStartRemoveUserData' { $method = 'POST' $body.keepUserData = $false $actionQuery = 'cleanWindowsDevice' } 'FreshStartDoNotRemoveUserData' { $method = 'POST' $body.keepUserData = $true $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceKeepEnrollmentData' { $method = 'POST' $body.keepUserData = $true $body.keepEnrollmentData = $true $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceRemoveEnrollmentData' { $method = 'POST' $body.keepUserData = $false $body.keepEnrollmentData = $false $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceKeepEnrollmentDataContinueAtPowerloss' { $method = 'POST' $body.keepUserData = $false $body.keepEnrollmentData = $true $body.useProtectedWipe = $true $actionQuery = 'cleanWindowsDevice' } 'WipeDeviceRemoveEnrollmentDataContinueAtPowerloss' { $method = 'POST' $body.keepUserData = $false $body.keepEnrollmentData = $false $body.useProtectedWipe = $true $actionQuery = 'cleanWindowsDevice' } default { if ($Action -in @('RotateLocalAdminPassword', 'AutopilotReset')) { $method = 'POST' } } } # Define the endpoint and parameters $endpoint = '/api/ExecDeviceAction' $params = @{ TenantFilter = $CustomerTenantID GUID = $DeviceID Action = $actionQuery } if ($method -eq 'GET') { Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method $method } else { Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method $method -Body $body } } #EndRegion './public/Endpoint/MEM/Set-CIPPDeviceAction.ps1' 158 #Region './public/Endpoint/MEM/Set-CIPPMEMPolicy.ps1' -1 <# .SYNOPSIS Sets the CIPP MEM policy for a customer. .DESCRIPTION The Set-CIPPMEMPolicy function is used to set the CIPP (Customer Identity and Protection Platform) MEM (Mobile Endpoint Management) policy for a customer. It allows you to specify the customer tenant ID, policy ID, display name, description, and assignment type. .PARAMETER CustomerTenantID The unique identifier of the customer tenant. .PARAMETER ID The unique identifier of the policy. .PARAMETER DisplayName The display name of the policy. .PARAMETER Description The description of the policy. .PARAMETER AssignTo The assignment type for the policy. Valid values are "allLicensedUsers", "AllDevices", and "AllDevicesAndUsers". .EXAMPLE Set-CIPPMEMPolicy -CustomerTenantID "12345678-1234-1234-1234-1234567890ab" -ID "Policy001" -DisplayName "Policy 1" -Description "This is policy 1" -AssignTo "AllDevices" This example sets the CIPP MEM policy for a customer with the specified parameters. #> function Set-CIPPMEMPolicy { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ID, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$Description, [ValidateSet('allLicensedUsers', 'AllDevices', 'AllDevicesAndUsers')] [string]$AssignTo ) Write-Verbose "Getting app consent requests for customer: $CustomerTenantID" $Endpoint = '/api/editpolicy' $body = @{ Tenant = $CustomerTenantID ID = $ID displayname = $DisplayName description = $Description } Invoke-CIPPRestMethod -Endpoint $Endpoint -Body $body -Method 'POST' } #EndRegion './public/Endpoint/MEM/Set-CIPPMEMPolicy.ps1' 57 #Region './public/Endpoint/Reports/Get-CIPPDevices.ps1' -1 <# .SYNOPSIS Retrieves a list of devices for a specific customer. .DESCRIPTION The Get-CIPPDevices function retrieves a list of devices associated with a specific customer in the CIPP system. .PARAMETER CustomerTenantID The unique identifier of the customer's tenant. .EXAMPLE Get-CIPPDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves a list of devices for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .INPUTS None. .OUTPUTS System.Object. .NOTES Author: [Your Name] Date: [Current Date] #> function Get-CIPPDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Devices for customer: $CustomerTenantID" $endpoint = '/api/listdevices' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Endpoint/Reports/Get-CIPPDevices.ps1' 40 #Region './public/Extensions/Get-CIPPExtensionMapping.ps1' -1 <# .SYNOPSIS Retrieves the extension mapping for a specified extension name. .DESCRIPTION The Get-CIPPExtensionMapping function calls an API endpoint to get the extension mapping for a given extension name. The function supports the following extension names: "HaloPSA", "NinjaOne", "NinjaOneFields", "Hudu", and "HuduFields". .PARAMETER ExtensionName The name of the extension for which to retrieve the mapping. This parameter is mandatory and accepts the following values: "HaloPSA", "NinjaOne", "NinjaOneFields", "Hudu", "HuduFields". .EXAMPLE PS C:\> Get-CIPPExtensionMapping -ExtensionName "HaloPSA" This example retrieves the extension mapping for the "HaloPSA" extension. .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to call the API endpoint. #> function Get-CIPPExtensionMapping { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [ValidateSet( "HaloPSA", "NinjaOne", "NinjaOneFields", "Hudu", "HuduFields")] [string]$ExtensionName ) Write-Verbose 'Getting Extension Mapping' $endpoint = '/api/ExecExtensionMapping' $params = @{ List = $ExtensionName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Extensions/Get-CIPPExtensionMapping.ps1' 42 #Region './public/Extensions/HaloPSA/Set-CIPPExtensionMappingHaloPSA.ps1' -1 <# .SYNOPSIS Sets the extension mapping for HaloPSA in the CIPP system. .DESCRIPTION The Set-CIPPExtensionMappingHaloPSA function sets the extension mapping for HaloPSA by adding or updating the mapping for a specified tenant. It retrieves the current extension mappings, updates them with the provided Halo client information, and sends the updated mappings to the CIPP system via a REST API call. .PARAMETER HaloClientID The ID of the Halo client. This parameter is mandatory. .PARAMETER HaloClientName The name of the Halo client. This parameter is mandatory. .PARAMETER TenantID The ID of the tenant for which the extension mapping is being set. This parameter is mandatory. .EXAMPLE Set-CIPPExtensionMappingHaloPSA -HaloClientID "12345" -HaloClientName "ExampleClient" -TenantID "7174f39b-33c6-4226-a67b-67fc1f127ef5" This example sets the extension mapping for the Halo client with ID "12345" and name "ExampleClient" for the tenant with ID "67890". #> function Set-CIPPExtensionMappingHaloPSA { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$HaloClientID, [Parameter(Mandatory = $true)] [string]$HaloClientName, [Parameter(Mandatory = $true)] [string]$TenantID ) Write-Verbose 'Setting Extension Mapping' $endpoint = '/api/ExecExtensionMapping' $params = @{ AddMapping = "HaloPSA" } $ExtensionMappings = Get-CIPPExtensionMapping -ExtensionName HaloPSA # Convert the JSON string to a PowerShell object $jsonObject = $ExtensionMappings.mappings # Convert the PSCustomObject to a hashtable for modification $jsonHashtable = @{} $jsonObject.PSObject.Properties | ForEach-Object { $jsonHashtable[$_.Name] = $_.Value } # Add the new key-value pair to the hashtable $jsonHashtable[$TenantID] = @{ value = $HaloClientID label = $HaloClientName } # Convert the updated hashtable back to JSON $json = $jsonHashtable | ConvertTo-Json -Depth 10 $output = $json | ConvertFrom-Json $Body = @{ mappings = $output } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Body $Body -Method Post } #EndRegion './public/Extensions/HaloPSA/Set-CIPPExtensionMappingHaloPSA.ps1' 68 #Region './public/Extensions/NinjaOne/Set-CIPPNinjaOneQueue.ps1' -1 <# .SYNOPSIS Manages the NinjaOne extension queue. .DESCRIPTION The Set-CIPPNinjaOneQueue function manages the queue of NinjaOne extension operations in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER Operation Specifies the operation to perform with NinjaOne integration. .EXAMPLE Set-CIPPNinjaOneQueue -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -Operation "Sync" Queues a sync operation for NinjaOne integration for the specified tenant. .NOTES Requires appropriate permissions to manage NinjaOne integration. #> function Set-CIPPNinjaOneQueue { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [ValidateSet('StartAutoMapping', 'AutoMapTenant', 'SyncTenant')] [string]$NinjaAction ) Write-Verbose "Managing NinjaOne queue operation '$NinjaAction'" $endpoint = '/api/ExecExtensionNinjaOneQueue' $body = @{ operation = $NinjaAction } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Extensions/NinjaOne/Set-CIPPNinjaOneQueue.ps1' 39 #Region './public/Extensions/Settings/Get-CIPPExtensionsConfig.ps1' -1 <# .SYNOPSIS Gets extensions configuration. .DESCRIPTION The Get-CIPPExtensionsConfig function retrieves the configuration settings for CIPP extensions, including special handling for HaloPSA ticket types. .EXAMPLE Get-CIPPExtensionsConfig Returns the current extensions configuration settings. .NOTES Requires CIPP.Extension.Read permissions. HaloPSA ticket types are automatically formatted for autocomplete compatibility. #> function Get-CIPPExtensionsConfig { [CmdletBinding()] param () Write-Verbose 'Getting extensions configuration' $endpoint = '/api/ListExtensionsConfig' Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET } #EndRegion './public/Extensions/Settings/Get-CIPPExtensionsConfig.ps1' 27 #Region './public/Identity/Administration/Get-CIPPRoles.ps1' -1 <# .SYNOPSIS Retrieves the roles for a specific customer tenant ID. .DESCRIPTION The Get-CIPPRoles function retrieves the roles associated with a specific customer tenant ID by making a REST API call to the "/api/listroles" endpoint. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve the roles. .EXAMPLE Get-CIPPRoles -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the roles for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPRoles { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting roles for $CustomerTenantID" $endpoint = '/api/listroles' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Get-CIPPRoles.ps1' 30 #Region './public/Identity/Administration/Groups/Get-CIPPGroups.ps1' -1 <# .SYNOPSIS Retrieves information about CIPP groups. .DESCRIPTION The Get-CIPPGroups function retrieves information about CIPP groups based on the provided parameters. It can retrieve all groups for a specific tenant, group details for a specific group, group members for a specific group, or group owners for a specific group. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the groups. .PARAMETER GroupID Specifies the ID of the group for which to retrieve the information. If not provided, all groups for the specified tenant will be retrieved. .PARAMETER Members Switch parameter. If specified, retrieves the members of the specified group. .PARAMETER Owners Switch parameter. If specified, retrieves the owners of the specified group. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves all groups for the specified customer tenant. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "abcdefg" Retrieves the details of the specified group. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "abcdefg" -Members Retrieves the members of the specified group. .EXAMPLE Get-CIPPGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "abcdefg" -Owners Retrieves the owners of the specified group. #> function Get-CIPPGroups { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [GUID]$GroupID, [Parameter(Mandatory = $false)] [switch]$Members, [Parameter(Mandatory = $false)] [switch]$Owners ) $switchCount = 0 if ($Members) { $switchCount++ } if ($Owners) { $switchCount++ } if ($switchCount -gt 1) { Write-Error 'Only one role switch can be specified at a time.' return } if (-not $GroupID) { Write-Verbose "Getting all Groups for tenant $CustomerTenantID" } elseif ($GroupID -and -not $Members -and -not $Owners) { Write-Verbose "Getting Group Details for Group $GroupID" } elseif ($GroupID -and $Members -and -not $Owners) { Write-Verbose "Getting Group Members for Group $GroupID" } elseif ($GroupID -and -not $Members -and $Owners) { Write-Verbose "Getting Group Owners for Group $GroupID" } $endpoint = '/api/listgroups' $params = @{ tenantfilter = $CustomerTenantID groupid = $GroupID } if ($Members) { $params.members = 'true' } if ($Owners) { $params.owners = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Get-CIPPGroups.ps1' 84 #Region './public/Identity/Administration/Groups/Get-CIPPGroupTemplates.ps1' -1 <# .SYNOPSIS Retrieves group templates from the CIPP API. .DESCRIPTION The Get-CIPPGroupTemplates function retrieves group templates from the CIPP API. It can retrieve all group templates or a specific template based on the provided TemplateID. .PARAMETER TemplateID Specifies the ID of the group template to retrieve. If not provided, all group templates will be retrieved. .EXAMPLE Get-CIPPGroupTemplates -TemplateID "12345" Retrieves the group template with the ID "12345" from the CIPP API. .EXAMPLE Get-CIPPGroupTemplates Retrieves all group templates from the CIPP API. #> function Get-CIPPGroupTemplates { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$TemplateID ) if ($TemplateID) { Write-Verbose "Getting Group Template $TemplateID" } else { Write-Verbose 'Getting all Group Templates' } $endpoint = '/api/ListGroupTemplates' $params = @{ id = $TemplateID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Get-CIPPGroupTemplates.ps1' 41 #Region './public/Identity/Administration/Groups/Remove-CIPPGroup.ps1' -1 <# .SYNOPSIS Removes a CIPP group. .DESCRIPTION The Remove-CIPPGroup function is used to remove a CIPP group from the specified customer tenant. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER GroupID The ID of the group to be removed. .PARAMETER Grouptype The type of the group. .PARAMETER DisplayName The display name of the group. .EXAMPLE Remove-CIPPGroup -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "98765432-1234-5678-9012-34567890ABCD" -Grouptype "Security" -DisplayName "Admins" This example removes a group with the specified ID, type, and display name from the customer tenant with the specified ID. #> function Remove-CIPPGroup { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$GroupID, [Parameter(Mandatory = $true)] [string]$Grouptype, [Parameter(Mandatory = $true)] [string]$DisplayName ) Write-Verbose "Removing group: $GroupID" $endpoint = '/api/execgroupsdelete' $params = @{ tenantfilter = $CustomerTenantID id = $GroupID grouptype = $Grouptype displayname = $DisplayName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Remove-CIPPGroup.ps1' 50 #Region './public/Identity/Administration/Groups/Remove-CIPPGroupTemplate.ps1' -1 <# .SYNOPSIS Removes a group template. .DESCRIPTION The Remove-CIPPGroupTemplate function removes a specified group template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the group template to remove. .EXAMPLE Remove-CIPPGroupTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified group template from the specified tenant. .NOTES Requires appropriate permissions to manage group templates. #> function Remove-CIPPGroupTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing group template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveGroupTemplate' $body = @{ tenantFilter = $CustomerTenantID ID = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Identity/Administration/Groups/Remove-CIPPGroupTemplate.ps1' 42 #Region './public/Identity/Administration/Groups/Set-CIPPGroupDeliveryManagement.ps1' -1 <# .SYNOPSIS Sets the delivery management settings for a group. .DESCRIPTION The Set-CIPPGroupDeliveryManagement function is used to set the delivery management settings for a group in the CIPP project. It allows you to specify the customer tenant ID, group ID, group type, and whether to only allow internal delivery. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER GroupID The ID of the group. .PARAMETER GroupType The type of the group. Valid values are 'Distribution List', 'Mail-Enabled Security', and 'Microsoft 365'. .PARAMETER OnlyAllowInternal Specifies whether to only allow internal delivery. Valid values are 'true' and 'false'. .EXAMPLE Set-CIPPGroupDeliveryManagement -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -GroupID "67890" -GroupType "Distribution List" -OnlyAllowInternal "true" Sets the delivery management settings for the group with the specified customer tenant ID, group ID, group type, and only allow internal delivery. #> function Set-CIPPGroupDeliveryManagement { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$GroupID, [Parameter(Mandatory = $true)] [validateset( 'Distribution List', 'Mail-Enabled Security', 'Microsoft 365' )] [string]$Grouptype, [Parameter(Mandatory = $true)] [validateset( 'true', 'false' )] [string]$onlyallowinternal ) Write-Verbose "Setting delivery management for group: $GroupID" $endpoint = '/api/execgroupsdeliverymanagement' $params = @{ tenantfilter = $CustomerTenantID id = $GroupID grouptype = $Grouptype onlyallowinternal = $onlyallowinternal } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Set-CIPPGroupDeliveryManagement.ps1' 60 #Region './public/Identity/Administration/Groups/Set-CIPPGroupHideFromGAL.ps1' -1 <# .SYNOPSIS Sets the "hide from GAL" property for a specified group. .DESCRIPTION The Set-CIPPGroupHideFromGAL function is used to set the "hide from GAL" property for a specified group in the CIPP (Cloud Identity and Privacy Protection) system. This function requires the customer tenant ID, group ID, group type, and the hide from GAL value as input parameters. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. This parameter is mandatory. .PARAMETER GroupID Specifies the ID of the group. This parameter is mandatory. .PARAMETER GroupType Specifies the type of the group. Valid values are 'Distribution List', 'Mail-Enabled Security', 'Microsoft 365', and 'Security'. This parameter is mandatory. .PARAMETER HideFromGAL Specifies whether the group should be hidden from the Global Address List (GAL). Valid values are 'true' and 'false'. This parameter is mandatory. .EXAMPLE Set-CIPPGroupHideFromGAL -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -GroupID "98765432-4321-4321-4321-0987654321BA" -GroupType "Distribution List" -HideFromGAL "true" Sets the "hide from GAL" property to true for the specified distribution list group. .EXAMPLE Set-CIPPGroupHideFromGAL -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -GroupID "98765432-4321-4321-4321-0987654321BA" -GroupType "Security" -HideFromGAL "false" Sets the "hide from GAL" property to false for the specified security group. #> function Set-CIPPGroupHideFromGAL { param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$GroupID, [Parameter(Mandatory = $true)] [validateset( 'Distribution List', 'Mail-Enabled Security', 'Microsoft 365', 'Security' )] [string]$Grouptype, [Parameter(Mandatory = $true)] [validateset( 'true', 'false' )] [string]$hidefromgal ) Write-Verbose "Setting hide from GAL to $hidefromgal for $GroupID" $endpoint = '/api/execgroupshidefromgal' $params = @{ tenantfilter = $CustomerTenantID id = $GroupID grouptype = $Grouptype hidefromgal = $hidefromgal } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Groups/Set-CIPPGroupHideFromGAL.ps1' 64 #Region './public/Identity/Administration/Users/Add-CIPPUser.ps1' -1 <# .SYNOPSIS Adds a user to the specified customer tenant. .DESCRIPTION The Add-CIPPUser function adds a user to the specified customer tenant in the CIPP system. It sends a request to the "/api/adduser" endpoint with the provided user details. .PARAMETER CustomerTenantID The ID of the customer tenant to which the user will be added. .PARAMETER DisplayName The display name of the user. .PARAMETER UserName The username of the user. .PARAMETER AutoPassword Specifies whether to automatically generate a password for the user. Default value is $true. .PARAMETER FirstName The first name of the user. .PARAMETER LastName The last name of the user. .PARAMETER Domain The domain of the user. .PARAMETER AddedAliases Additional aliases for the user. .PARAMETER CopyFrom Specifies the user to copy settings from. .PARAMETER UsageLocation The usage location of the user. .PARAMETER Department The department of the user. .PARAMETER City The city of the user. .PARAMETER Country The country of the user. .PARAMETER Jobtitle The job title of the user. .PARAMETER MobilePhone The mobile phone number of the user. .PARAMETER BusinessPhone The business phone number of the user. .PARAMETER StreetAddress The street address of the user. .PARAMETER PostalCode The postal code of the user. .PARAMETER CompanyName The company name of the user. .PARAMETER Manager The manager of the user. Either the UserPrincipalName(UPN) or the ID of the manager. .PARAMETER ScheduledFor Specifies the date and time when the user should be added. If not specified, the user will be added immediately. Input should be a valid datetime object. Will be converted to Unix time. .PARAMETER SendResultsToEmail Specifies whether to send the results of the scheduled task to the email address specified in the notification settings of your CIPP instance. .PARAMETER SendResultsToPSA Specifies whether to send the results of the scheduled task to the PSA system specified in the notification settings of your CIPP instance. .PARAMETER SendResultsToWebhook Specifies whether to send the results of the scheduled task to the webhook specified in the notification settings of your CIPP instance. .PARAMETER MustChangePass Specifies whether the user must change their password on first login. Default value is $true. .EXAMPLE Add-CIPPUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -DisplayName "John Doe" -UserName "johndoe" -FirstName "John" -LastName "Doe" -Domain "" -UsageLocation "US" Adds a user with the specified details to the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". The user's display name is "John Doe", username is "johndoe", first name is "John", last name is "Doe", domain is "", and usage location is "US". .EXAMPLE Add-CIPPUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -DisplayName "Jane Smith" -UserName "janesmith" -FirstName "Jane" -LastName "Smith" -Domain "" -UsageLocation "US" -Manager "" -ScheduledFor ((Get-Date).AddDays(1)) -SendResultsToEmail Adds a user with the specified details to the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". The user's display name is "Jane Smith", username is "janesmith", first name is "Jane", last name is "Smith", domain is "", and usage location is "US". The user's manager is "". The user will be added one day from the current date. The results of the scheduled task will be sent to the email address specified in the notification settings of your CIPP instance. #> function Add-CIPPUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$UserName, [Parameter(Mandatory = $false)] [bool]$AutoPassword = $true, [Parameter(Mandatory = $true)] [string]$FirstName, [Parameter(Mandatory = $true)] [string]$LastName, [Parameter(Mandatory = $true)] [string]$Domain, [Parameter(Mandatory = $false)] [string]$AddedAliases, [Parameter(Mandatory = $false)] [string]$CopyFrom, [Parameter(Mandatory = $true)] [string]$UsageLocation, [Parameter(Mandatory = $false)] [string]$Department, [Parameter(Mandatory = $false)] [string]$City, [Parameter(Mandatory = $false)] [string]$Country, [Parameter(Mandatory = $false)] [string]$Jobtitle, [Parameter(Mandatory = $false)] [string]$MobilePhone, [Parameter(Mandatory = $false)] [string]$BusinessPhone, [Parameter(Mandatory = $false)] [string]$StreetAddress, [Parameter(Mandatory = $false)] [string]$PostalCode, [Parameter(Mandatory = $false)] [string]$CompanyName, [Parameter(Mandatory = $false)] [string]$Manager, [Parameter(Mandatory = $false)] [bool]$MustChangePass = $true, [Parameter(Mandatory = $false)] [datetime]$ScheduledFor, [switch]$SendResultsToEmail, [switch]$SendResultsToPSA, [switch]$SendResultsToWebhook ) Write-Verbose "Adding User to $CustomerTenantID" $endpoint = '/api/adduser' $body = @{ tenantFilter = $CustomerTenantID displayName = $DisplayName mailNickname = $UserName Autopassword = $AutoPassword givenName = $FirstName surname = $LastName primDomain = @{ label = $Domain value = $Domain addedFields = @{} } AddedAliases = $AddedAliases CopyFrom = $CopyFrom Usagelocation = @{ value = $UsageLocation label = $UsageLocation } MustChangePass = $MustChangePass removeLicenses = $false } $optionalParams = @{ Country = $Country PostalCode = $PostalCode CompanyName = $CompanyName streetAddress = $StreetAddress MobilePhone = $MobilePhone BusinessPhone = $BusinessPhone Jobtitle = $Jobtitle Department = $Department City = $City setManager = if ($Manager) { @{ value = $Manager } } else { $null } Scheduled = @{ enabled = $ScheduledFor -ne $null date = if ($ScheduledFor) { ([System.DateTimeOffset]$ScheduledFor).ToUnixTimeSeconds() } else { $null } } PostExecution = @{ webhook = if ($SendResultsToWebhook.IsPresent) { $true } else { $null } psa = if ($SendResultsToPSA.IsPresent) { $true } else { $null } email = if ($SendResultsToEmail.IsPresent) { $true } else { $null } } } # Add optional parameters to the body if they are not null foreach ($key in $optionalParams.Keys) { if ($optionalParams[$key]) { $body[$key] = $optionalParams[$key] } } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Identity/Administration/Users/Add-CIPPUser.ps1' 207 #Region './public/Identity/Administration/Users/Get-CIPPBECCheck.ps1' -1 <# .SYNOPSIS Performs a BEC (Business Email Compromise) check for a user. .DESCRIPTION The Get-CIPPBECCheck function performs a BEC check for a user by making a REST API call to the specified endpoint. It waits for the check to complete and returns the response. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER UserID The ID of the user. .PARAMETER UserName The name of the user. .EXAMPLE Get-CIPPBECCheck -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -UserName "JohnDoe" This example performs a BEC check for the user with the specified CustomerTenantID, UserID, and UserName. #> function Get-CIPPBECCheck { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [string]$UserName ) Write-Verbose "Running BEC Check for $Username" $endpoint = '/api/execbeccheck' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID username = $UserName } $initialResponse = Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params $GUID = $initialResponse.guid Write-Verbose "Initial check complete. GUID returned: $GUID" $params.guid = $GUID do { Start-Sleep -Seconds 10 $response = Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params if ($response.waiting -eq 'True') { Write-Verbose 'BEC Check Still Running.' } else { Write-Verbose 'BEC Check complete' return $response } } while ($response.waiting -eq 'True') } #EndRegion './public/Identity/Administration/Users/Get-CIPPBECCheck.ps1' 62 #Region './public/Identity/Administration/Users/Get-CIPPDeletedItems.ps1' -1 <# .SYNOPSIS Retrieves the deleted items for a specific customer tenant. .DESCRIPTION The Get-CIPPDeletedItems function retrieves the deleted items for a specific customer tenant by making a REST API call to the "/api/listdeleteditems" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the deleted items. .EXAMPLE Get-CIPPDeletedItems -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the deleted items for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDeletedItems { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting deleted items for $CustomerTenantID" $endpoint = '/api/listdeleteditems' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPDeletedItems.ps1' 33 #Region './public/Identity/Administration/Users/Get-CIPPPerUserMFA.ps1' -1 <# .SYNOPSIS Retrieves the per-user Multi-Factor Authentication (MFA) status for a specified user or all users in a given customer tenant. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the per-user MFA status. This parameter is mandatory. .PARAMETER UserId The ID of the user for whom to retrieve the per-user MFA status. This parameter is optional and is ignored if the AllUsers switch is specified. Can be either the user's email address or the user's ID. .PARAMETER AllUsers A switch parameter that, when specified, retrieves the per-user MFA status for all users in the specified customer tenant. If this switch is specified, the UserId parameter is ignored. .EXAMPLE Get-CIPPPerUserMFA -CustomerTenantID "12345" -UserId "" Retrieves the per-user MFA status for the user with ID "" in the customer tenant with ID "12345". .EXAMPLE Get-CIPPPerUserMFA -CustomerTenantID "12345" -AllUsers Retrieves the per-user MFA status for all users in the customer tenant with ID "12345". .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to make a GET request to the '/api/ListPerUserMFA' endpoint with the specified parameters. #> function Get-CIPPPerUserMFA { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$UserId, [Parameter(Mandatory = $false)] [switch]$AllUsers ) if ($AllUsers.IsPresent -eq $true) { Write-Verbose "Getting Per user MFA for all users in $CustomerTenantID" } else { Write-Verbose "Getting Per user MFA for $UserId in $CustomerTenantID" } $endpoint = '/api/ListPerUserMFA' $params = @{ TenantFilter = $CustomerTenantID userId = $UserId allUsers = $AllUsers.IsPresent } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Identity/Administration/Users/Get-CIPPPerUserMFA.ps1' 51 #Region './public/Identity/Administration/Users/Get-CIPPUniversalSearch.ps1' -1 <# .SYNOPSIS Performs a universal search for a specified name. .DESCRIPTION The Get-CIPPUniversalSearch function performs a universal search for a specified name by making a REST API call to the /api/execuniversalsearch endpoint. .PARAMETER Name The name to search for. .EXAMPLE Get-CIPPUniversalSearch -Name "John Doe" Searches for the name "John Doe" using the universal search functionality. #> function Get-CIPPUniversalSearch { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$Name ) Write-Verbose "Searching for $Name" $endpoint = '/api/execuniversalsearch' $params = @{ name = $Name } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUniversalSearch.ps1' 32 #Region './public/Identity/Administration/Users/Get-CIPPUserCAPolicies.ps1' -1 <# .SYNOPSIS Retrieves the Conditional Access (CA) policies for a specific user in a customer's tenant. .DESCRIPTION The Get-CIPPUserCAPolicies function retrieves the Conditional Access (CA) policies for a specific user in a customer's tenant. It makes use of the Invoke-CIPPRestMethod function to send a request to the API endpoint "/api/listuserconditionalaccesspolicies" and returns the response. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER UserID The ID of the user for whom the CA policies are to be retrieved. .EXAMPLE Get-CIPPUserCAPolicies -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" This example retrieves the CA policies for the user with the ID "" in the customer's tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserCAPolicies { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user CA Policies $CustomerTenantID" $endpoint = '/api/listuserconditionalaccesspolicies' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserCAPolicies.ps1' 38 #Region './public/Identity/Administration/Users/Get-CIPPUserCounts.ps1' -1 <# .SYNOPSIS Retrieves user counts for a specific customer tenant ID. .DESCRIPTION The Get-CIPPUserCounts function retrieves user counts for a specific customer tenant ID by making a REST API call to the "/api/listusercounts" endpoint. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve user counts. .EXAMPLE Get-CIPPUserCounts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves user counts for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserCounts { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting User Counts for $CustomerTenantID" $endpoint = '/api/listusercounts' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserCounts.ps1' 31 #Region './public/Identity/Administration/Users/Get-CIPPUserDevices.ps1' -1 <# .SYNOPSIS Retrieves the devices associated with a specific user. .DESCRIPTION The Get-CIPPUserDevices function retrieves the devices associated with a specific user in the CIPP system. It makes a REST API call to the "/api/listuserdevices" endpoint, passing the customer tenant ID and user ID as parameters. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPUserDevices -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" Retrieves the devices associated with the user "" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserDevices { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user devices for $userID" $endpoint = '/api/listuserdevices' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserDevices.ps1' 38 #Region './public/Identity/Administration/Users/Get-CIPPUserGroups.ps1' -1 <# .SYNOPSIS Retrieves the groups that a user belongs to. .DESCRIPTION The Get-CIPPUserGroups function retrieves the groups that a user belongs to based on the provided CustomerTenantID and UserID. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Get-CIPPUserGroups -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" Retrieves the groups that the user with the ID "" belongs to in the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPUserGroups { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user groups for $userID" $endpoint = '/api/listusergroups' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserGroups.ps1' 38 #Region './public/Identity/Administration/Users/Get-CIPPUserPhoto.ps1' -1 <# .SYNOPSIS Retrieves the photo of a user from the CIPP API. .DESCRIPTION The Get-CIPPUserPhoto function is used to retrieve the photo of a user from the CIPP API. It sends a request to the API endpoint "/api/listuserphoto" with the specified customer tenant ID and user ID. .PARAMETER CustomerTenantID The customer tenant ID associated with the user. .PARAMETER UserID The ID of the user whose photo needs to be retrieved. .EXAMPLE Get-CIPPUserPhoto -CustomerTenantID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -UserID "" This example retrieves the photo of the user with the ID "" from the customer tenant with the ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". #> function Get-CIPPUserPhoto { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Getting user photo for $userID" $endpoint = '/api/listuserphoto' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserPhoto.ps1' 39 #Region './public/Identity/Administration/Users/Get-CIPPUsers.ps1' -1 <# .SYNOPSIS Retrieves user information from the CIPP API. .DESCRIPTION The Get-CIPPUsers function is used to retrieve user information from the CIPP API. It can retrieve all users for a specific tenant or retrieve details for a specific user. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve user information. This parameter is mandatory. .PARAMETER UserID Specifies the ID of the user for which to retrieve details. This parameter is optional. .EXAMPLE Get-CIPPUsers -CustomerTenantID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" Retrieves all users for the tenant with ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". .EXAMPLE Get-CIPPUsers -CustomerTenantID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -UserID "" Retrieves details for the user with ID "" in the tenant with ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". #> function Get-CIPPUsers { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$UserID ) if (-not $UserID) { Write-Verbose "Getting all users for tenant $CustomerTenantID" } else { Write-Verbose "Getting user details for user $UserID" } $endpoint = '/api/Listusers' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUsers.ps1' 43 #Region './public/Identity/Administration/Users/Get-CIPPUserSignIns.ps1' -1 <# .SYNOPSIS Retrieves sign-in logs for a specific user in the CIPP system. .DESCRIPTION The Get-CIPPUserSignIns function retrieves the sign-in logs for a specific user in the CIPP system. It requires the customer tenant ID and the user ID as mandatory parameters. .PARAMETER CustomerTenantID The customer tenant ID associated with the user. .PARAMETER UserID The unique identifier of the user. .EXAMPLE Get-CIPPUserSignIns -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" This example retrieves the sign-in logs for the user with the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and the user ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc". #> function Get-CIPPUserSignIns { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$UserID ) Write-Verbose "Getting sign-in logs for User $userID" $endpoint = '/api/listusersigninlogs' $params = @{ tenantfilter = $CustomerTenantID userId = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Get-CIPPUserSignIns.ps1' 38 #Region './public/Identity/Administration/Users/New-CIPPUserOffboarding.ps1' -1 <# .SYNOPSIS Offboards a user from a specified customer tenant. .DESCRIPTION The New-CIPPUserOffboarding function automates the offboarding process for a user in a specified customer tenant. It provides various options to customize the offboarding process, including forwarding emails, converting the mailbox to a shared mailbox, disabling sign-in, removing licenses, and more. It is also possible to schedule the offboarding for a later date. .PARAMETER CustomerTenantID The ID of the customer tenant from which the user is being offboarded. This parameter is mandatory. .PARAMETER User The username of the user being offboarded. UserPrincipalName(UPN) should be used. This parameter is mandatory. .PARAMETER OutOfOffice Sets an out-of-office message for the user. This parameter is optional. .PARAMETER ForwardTo Forwards the user's emails to another address. This parameter is optional. .PARAMETER ForwardKeepCopyInMailbox Keeps a copy of forwarded emails in the user's mailbox. This parameter is optional. .PARAMETER OnedriveAccessTo Grants access to the user's OneDrive to another user. UserPrincipalName(UPN) should be used. This parameter is optional. .PARAMETER MailboxAccessNoAutomap Grants access to the user's mailbox without automapping. UserPrincipalName(UPN) should be used. This parameter is optional. .PARAMETER MailboxAccessAutomap Grants access to the user's mailbox with automapping. UserPrincipalName(UPN) should be used. This parameter is optional. .PARAMETER ConvertToSharedMailbox Converts the user's mailbox to a shared mailbox. This parameter is optional. .PARAMETER HideFromGAL Hides the user from the Global Address List (GAL). This parameter is optional. .PARAMETER DisableSignIn Disables sign-in for the user. This parameter is optional. .PARAMETER DeleteUser Deletes the user account. This parameter is optional. .PARAMETER RemoveFromAllGroups Removes the user from all groups. This parameter is optional. .PARAMETER CancelAllCalendarInvites Cancels all calendar invites for the user. This parameter is optional. .PARAMETER RemoveAllLicenses Removes all licenses assigned to the user. This parameter is optional. .PARAMETER ResetPassword Resets the user's password. This parameter is optional. .PARAMETER RevokeAllSessions Revokes all active sessions for the user. This parameter is optional. .PARAMETER RemoveAllMailboxRules Removes all mailbox rules for the user. This parameter is optional. .PARAMETER RemoveAllMobileDevices Removes all mobile devices associated with the user. This parameter is optional. .PARAMETER RemoveAllMailboxPermissions Removes all mailbox permissions for the user. This parameter is optional. .PARAMETER ScheduledFor Specifies the date and time when the user should be added. If not specified, the user will be offboarded immediately. Input should be a valid datetime object. Will be converted to Unix time. This parameter is optional. .PARAMETER SendResultsToEmail Specifies whether to send the results of the scheduled task to the email address specified in the notification settings of your CIPP instance. This parameter is optional. .PARAMETER SendResultsToPSA Specifies whether to send the results of the scheduled task to the PSA system specified in the notification settings of your CIPP instance. This parameter is optional. .PARAMETER SendResultsToWebhook Specifies whether to send the results of the scheduled task to the webhook specified in the notification settings of your CIPP instance. This parameter is optional. .EXAMPLE New-CIPPUserOffboarding -CustomerTenantID "8ad00f9e-1953-47d1-897b-8fec4138cde7" -User "" -DisableSignIn -RemoveAllLicenses -ConvertToSharedMailbox This example immediately offboards the user "" from the customer tenant with ID "8ad00f9e-1953-47d1-897b-8fec4138cde7", disables sign-in, removes all licenses, and converts the user's mailbox to a shared mailbox. .EXAMPLE New-CIPPUserOffboarding -CustomerTenantID "8ad00f9e-1953-47d1-897b-8fec4138cde7" -User "" -DeleteUser -ScheduledFor ((Get-Date).AddDays(7)) -SendResultsToEmail This example schedules the offboarding of the user "" from the customer tenant with ID "8ad00f9e-1953-47d1-897b-8fec4138cde7" for 7 days from the current date. The results of the scheduled task will be sent to the email address specified in the notification settings of your CIPP instance. #> function New-CIPPUserOffboarding { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$User, [Parameter(Mandatory = $false)] [string]$OutOfOffice, [Parameter(Mandatory = $false)] [string]$ForwardTo, [switch]$ForwardKeepCopyInMailbox, [Parameter(Mandatory = $false)] [string]$OnedriveAccessTo, [Parameter(Mandatory = $false)] [string]$MailboxAccessNoAutomap, [Parameter(Mandatory = $false)] [string]$MailboxAccessAutomap, [switch]$ConvertToSharedMailbox, [switch]$HideFromGAL, [switch]$DisableSignIn, [switch]$DeleteUser, [switch]$RemoveFromAllGroups, [switch]$CancelAllCalendarInvites, [switch]$RemoveAllLicenses, [switch]$ResetPassword, [switch]$RevokeAllSessions, [switch]$RemoveAllMailboxRules, [switch]$RemoveAllMobileDevices, [switch]$RemoveAllMailboxPermissions, [datetime]$ScheduledFor, [switch]$SendResultsToEmail, [switch]$SendResultsToPSA, [switch]$SendResultsToWebhook ) Write-Verbose "Offboarding user $User from $CustomerTenantID" $endpoint = '/api/ExecOffboardUser' $body = @{ TenantFilter = $CustomerTenantID user = @{ value = $User } } $optionalParams = @{ OOO = $OutOfOffice forward = $ForwardTo keepCopy = $ForwardKeepCopyInMailbox.IsPresent ? $true : $null OnedriveAccess = @{ value = $OnedriveAccessTo } AccessNoAutomap = @{ value = $MailboxAccessNoAutomap } AccessAutomap = @{ value = $MailboxAccessAutomap } ConvertToShared = $ConvertToSharedMailbox.IsPresent ? $true : $null HideFromGAL = $HideFromGAL.IsPresent ? $true : $null DisableSignIn = $DisableSignIn.IsPresent ? $true : $null RemoveGroups = $RemoveFromAllGroups.IsPresent ? $true : $null removeCalendarInvites = $CancelAllCalendarInvites.IsPresent ? $true : $null RemoveLicenses = $RemoveAllLicenses.IsPresent ? $true : $null ResetPass = $ResetPassword.IsPresent ? $true : $null RevokeSessions = $RevokeAllSessions.IsPresent ? $true : $null deleteuser = $DeleteUser.IsPresent ? $true : $null removeRules = $RemoveAllMailboxRules.IsPresent ? $true : $null removeMobile = $RemoveAllMobileDevices.IsPresent ? $true : $null removePermissions = $RemoveAllMailboxPermissions.IsPresent ? $true : $null Scheduled = @{ enabled = $ScheduledFor -ne $null date = if ($ScheduledFor) { ([System.DateTimeOffset]$ScheduledFor).ToUnixTimeSeconds() } else { $null } } PostExecution = @{ webhook = $SendResultsToWebhook.IsPresent ? $true : $null psa = $SendResultsToPSA.IsPresent ? $true : $null email = $SendResultsToEmail.IsPresent ? $true : $null } } # Add optional parameters to the body if they are not null foreach ($key in $optionalParams.Keys) { if ($optionalParams[$key]) { $body[$key] = $optionalParams[$key] } } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method 'POST' } #EndRegion './public/Identity/Administration/Users/New-CIPPUserOffboarding.ps1' 185 #Region './public/Identity/Administration/Users/Remove-CIPPUser.ps1' -1 <# .SYNOPSIS Removes a user from a specified tenant. .DESCRIPTION The Remove-CIPPUser function deletes a user identified by their UserID from a specified tenant identified by the CustomerTenantID. It sends a request to the '/api/RemoveUser' endpoint to perform the deletion. .PARAMETER CustomerTenantID The ID of the tenant from which the user will be removed. This parameter is mandatory. .PARAMETER User The unique identifier (GUID) or UserPrincipalName(UPN) of the user to be removed. This parameter is mandatory. .EXAMPLE Remove-CIPPUser -CustomerTenantID "" -UserID "e7402930-efc9-4ba8-a959-ae7fc6c15021" This command removes the user with the specified UserID from the tenant with the specified CustomerTenantID. .EXAMPLE Remove-CIPPUser -CustomerTenantID "3939eb14-06b3-4287-aea7-defe129c6741" -UserID "" This command removes the user with the specified UserID from the tenant with the specified CustomerTenantID. .NOTES The function uses the Invoke-CIPPRestMethod cmdlet to send the request to the API endpoint. #> function Remove-CIPPUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$User ) Write-Verbose "Deleting user $userID for tenant $CustomerTenantID" $endpoint = '/api/RemoveUser' $body = @{ TenantFilter = $CustomerTenantID ID = $User } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Identity/Administration/Users/Remove-CIPPUser.ps1' 44 #Region './public/Identity/Administration/Users/Send-CIPPPush.ps1' -1 <# .SYNOPSIS Sends a push notification to a user. .DESCRIPTION The Send-CIPPPush function sends a push notification to a user specified by their email address. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER UserEmail The email address of the user to send the push notification to. .EXAMPLE Send-CIPPPush -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserEmail "" Sends a push notification to the user with the email address "" in the tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Send-CIPPPush { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserEmail ) Write-Verbose "Sending Push Notification to $UserEmail" $endpoint = '/api/execsendpush' $params = @{ tenantfilter = $CustomerTenantID Useremail = $UserEmail } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Send-CIPPPush.ps1' 37 #Region './public/Identity/Administration/Users/Set-BECRemediate.ps1' -1 <# .SYNOPSIS Runs BEC Remediation for a specified user. .DESCRIPTION The Set-BECRemediate function is used to initiate BEC (Business Email Compromise) remediation for a specified user. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER Username Specifies the username of the user to remediate. .PARAMETER Userid Specifies the ID of the user to remediate. .EXAMPLE Set-BECRemediate -CustomerTenantID "" -Username "" -Userid "a75d9c41-4cff-4017-8ddd-d413591c8c1e" This example runs BEC remediation for the user with the username "" and the ID "a75d9c41-4cff-4017-8ddd-d413591c8c1e" in the customer's tenant with the ID "". #> function Set-BECRemediate { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $true)] [string]$Userid ) Write-Verbose "Running BEC Remediation for $Username" $endpoint = '/api/execbecremediate' $body = @{ tenantfilter = $CustomerTenantID username = $Username userid = $Userid } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Identity/Administration/Users/Set-BECRemediate.ps1' 44 #Region './public/Identity/Administration/Users/Set-CIPPClrImmID.ps1' -1 <# .SYNOPSIS Clears the Immutable ID for a user. .DESCRIPTION The Set-CIPPClrImmID function clears the Immutable ID for a user by invoking a REST API endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant. .PARAMETER UserID The ID of the user. .EXAMPLE Set-CIPPClrImmID -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" This example clears the Immutable ID for the user with the specified CustomerTenantID and UserID. #> function Set-CIPPClrImmID { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$UserID ) Write-Verbose "Clearing Immutable ID for User: $userID" $endpoint = '/api/execclrimmid' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPClrImmID.ps1' 39 #Region './public/Identity/Administration/Users/Set-CIPPCreateTap.ps1' -1 <# .SYNOPSIS Creates a TAP (Temporary Access Passcode) for a user. .DESCRIPTION The Set-CIPPCreateTap function is used to create a TAP (Temporary Access Passcode) for a user in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the TAP is being created. This parameter is mandatory. .PARAMETER UserID Specifies the ID of the user for whom the TAP is being created. This parameter is mandatory. .EXAMPLE Set-CIPPCreateTap -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" Creates a TAP for the user with the ID "" in the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPCreateTap { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID ) Write-Verbose "Creating TAP for User: $userID" $endpoint = '/api/execcreatetap' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPCreateTap.ps1' 37 #Region './public/Identity/Administration/Users/Set-CIPPResetPassword.ps1' -1 <# .SYNOPSIS Resets the password for a user in the CIPP system. .DESCRIPTION The Set-CIPPResetPassword function is used to reset the password for a user in the CIPP system. It sends a request to the CIPP API to reset the password for the specified user. .PARAMETER CustomerTenantID The ID of the customer tenant in the CIPP system. .PARAMETER UserID The ID of the user whose password needs to be reset. .PARAMETER MustChange Specifies whether the user must change their password upon next login. The default value is "true". .EXAMPLE Set-CIPPResetPassword -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "" -MustChange "false" Resets the password for the user with ID "" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". The user will not be required to change their password upon next login. #> function Set-CIPPResetPassword { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [ValidateSet( 'true', 'false' )] [string]$MustChange = 'true' ) Write-Verbose "Resetting password for $UserID" $endpoint = '/api/execresetpass' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID MustChange = $MustChange } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPResetPassword.ps1' 47 #Region './public/Identity/Administration/Users/Set-CIPPRestoreDeletedUser.ps1' -1 <# .SYNOPSIS Restores a deleted user in the CIPP system. .DESCRIPTION The Set-CIPPRestoreDeletedUser function restores a deleted user in the CIPP (Customer Identity and Privacy Platform) system. It sends a request to the CIPP API to restore the user with the specified ID. .PARAMETER CustomerTenantID The ID of the customer tenant in which the user is being restored. .PARAMETER ID The ID of the user to be restored. .EXAMPLE Set-CIPPRestoreDeletedUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -ID "32a411a8-65ad-4358-ac14-5027d9abea9a" Restores the user with the ID "32a411a8-65ad-4358-ac14-5027d9abea9a" in the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPRestoreDeletedUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$ID ) Write-Verbose "Restoring user: $ID" $endpoint = '/api/execrestoredeleted' $params = @{ tenantfilter = $CustomerTenantID Id = $ID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPRestoreDeletedUser.ps1' 38 #Region './public/Identity/Administration/Users/Set-CIPPRevokeSessions.ps1' -1 <# .SYNOPSIS Revokes sessions for a specified user in the CIPP system. .DESCRIPTION The Set-CIPPRevokeSessions function revokes sessions for a specified user in the CIPP system. It sends a request to the CIPP API to revoke all active sessions for the specified user. .PARAMETER CustomerTenantID The ID of the customer tenant for which the sessions need to be revoked. .PARAMETER UserID The ID of the user for whom the sessions need to be revoked. .EXAMPLE Set-CIPPRevokeSessions -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" Revokes all sessions for the user with ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPRevokeSessions { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [string]$UserName ) Write-Verbose "Revoking Sessions for user: $UserID" $endpoint = '/api/execrevokesessions' $params = @{ TenantFilter = $CustomerTenantID ID = $UserID UserName = $UserName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPRevokeSessions.ps1' 42 #Region './public/Identity/Administration/Users/Set-CIPPSignInStatus.ps1' -1 <# .SYNOPSIS Sets the sign-in status for a user in the CIPP system. .DESCRIPTION The Set-CIPPSignInStatus function is used to enable or disable the sign-in status for a user in the CIPP system. When the $Enable parameter is set to "true", the function enables sign-in for the specified user. When the $Enable parameter is set to "false", the function disables sign-in for the specified user. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. .PARAMETER UserID Specifies the ID of the user. .PARAMETER Enable Specifies whether to enable or disable sign-in for the user. Valid values are "true" (to enable sign-in) or "false" (to disable sign-in). .EXAMPLE Set-CIPPSignInStatus -CustomerTenantID "47b02ab5-376d-4c85-b82d-13996c023c93" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -Enable "true" Enables sign-in for the user with the ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Set-CIPPSignInStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" -Enable "false" Disables sign-in for the user with the ID "281ceb6e-3d12-4a7f-b571-3c4f35ad85bc" in the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Set-CIPPSignInStatus { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $true)] [ValidateSet( 'true', 'false' )] [string]$Enable ) if ($Enable -eq 'true') { Write-Verbose "Enabling signin for $UserID" } else { Write-Verbose "Disabling signin for $UserID" } $endpoint = '/api/execdisableuser' $params = @{ tenantfilter = $CustomerTenantID Id = $UserID Enable = $Enable } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Set-CIPPSignInStatus.ps1' 56 #Region './public/Identity/Administration/Users/Set-CIPPUser.ps1' -1 <# .SYNOPSIS Sets the properties of a CIPP user. .DESCRIPTION The Set-CIPPUser function is used to set the properties of a CIPP user. It allows you to modify various user attributes such as display name, username, first name, last name, domain, aliases, usage location, department, city, country, job title, mobile phone, street address, postal code, company name, and more. You can also add or remove the user from groups. .PARAMETER CustomerTenantID The ID of the customer tenant to which the user belongs. This parameter is mandatory. .PARAMETER UserID The ID of the user to be modified. This parameter is mandatory. .PARAMETER DisplayName The display name of the user. .PARAMETER UserName The username of the user. .PARAMETER FirstName The first name of the user. .PARAMETER LastName The last name of the user. .PARAMETER Domain The domain of the user. .PARAMETER AddedAliases Additional aliases for the user. .PARAMETER CopyFrom The ID of another user from which to copy the properties. .PARAMETER UsageLocation The usage location of the user. .PARAMETER Department The department of the user. .PARAMETER City The city of the user. .PARAMETER Country The country of the user. .PARAMETER Jobtitle The job title of the user. .PARAMETER MobilePhone The mobile phone number of the user. .PARAMETER StreetAddress The street address of the user. .PARAMETER PostalCode The postal code of the user. .PARAMETER CompanyName The company name of the user. .PARAMETER MustChangePass Specifies whether the user must change their password. Default value is $false. .PARAMETER AddToGroups An array of group IDs to which the user should be added. .PARAMETER RemoveFromGroups An array of group IDs from which the user should be removed. .PARAMETER BusinessPhone An array of business phone numbers for the user. .EXAMPLE Set-CIPPUser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "user1" -DisplayName "John Doe" -UserName "johndoe" -FirstName "John" -LastName "Doe" -Domain "" -UsageLocation "US" -Department "IT" -City "New York" -Country "USA" -Jobtitle "Developer" -MobilePhone "1234567890" -StreetAddress "123 Main St" -PostalCode "12345" -CompanyName "Example Inc" -MustChangePass $true -AddToGroups "group1", "group2" -RemoveFromGroups "group3" -BusinessPhone "9876543210" #> function Set-CIPPUser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$UserID, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$UserName, [Parameter(Mandatory = $false)] [string]$FirstName, [Parameter(Mandatory = $false)] [string]$LastName, [Parameter(Mandatory = $false)] [string]$Domain, [Parameter(Mandatory = $false)] [string]$AddedAliases, [Parameter(Mandatory = $false)] [string]$CopyFrom, [Parameter(Mandatory = $false)] [string]$UsageLocation, [Parameter(Mandatory = $false)] [string]$Department, [Parameter(Mandatory = $false)] [string]$City, [Parameter(Mandatory = $false)] [string]$Country, [Parameter(Mandatory = $false)] [string]$Jobtitle, [Parameter(Mandatory = $false)] [string]$MobilePhone, [Parameter(Mandatory = $false)] [string]$StreetAddress, [Parameter(Mandatory = $false)] [string]$PostalCode, [Parameter(Mandatory = $false)] [string]$CompanyName, [Parameter(Mandatory = $false)] [bool]$MustChangePass = $false, [Parameter(Mandatory = $false)] [array]$AddToGroups = @(), [Parameter(Mandatory = $false)] [array]$RemoveFromGroups = @(), [Parameter(Mandatory = $false)] [array]$BusinessPhone = @() ) Write-Verbose "Editing user data for $UserID in $CustomerTenantID" $existingUser = Get-CIPPUsers -CustomerTenantID $CustomerTenantID -UserID $UserID if ($AddToGroups.Count -gt 0) { $GroupsToAdd = foreach ($group in $AddToGroups) { $CIPPAddGroup = Get-CIPPGroups -CustomerTenantID $CustomerTenantID -GroupID $group [PSCustomObject]@{ value = [PSCustomObject]@{ groupid = $cippAddGroup.ID groupName = $cippAddGroup.DisplayName groupType = $CIPPAddGroup.calculatedGroupType } label = "$($CIPPAddGroup.DisplayName) - $($CIPPAddGroup.calculatedGroupType)" } } } if ($RemoveFromGroups.Count -gt 0) { $GroupsToRemove = foreach ($oldgroup in $RemoveFromGroups) { $CIPPRemoveGroup = Get-CIPPGroups -CustomerTenantID $CustomerTenantID -GroupID $oldgroup [PSCustomObject]@{ value = [PSCustomObject]@{ groupid = $CIPPRemoveGroup.ID groupName = $CIPPRemoveGroup.DisplayName groupType = $CIPPRemoveGroup.calculatedGroupType } label = "$($CIPPRemoveGroup.DisplayName) - $($CIPPRemoveGroup.calculatedGroupType)" } } } $body = @{ tenantID = $CustomerTenantID UserID = $UserID userPrincipalName = $UserName ? ($UserName + '@' + $Domain) : $existingUser.UserPrincipalName Username = $UserName ? $UserName : $existingUser.UserName DisplayName = $DisplayName ? $DisplayName : $existingUser.DisplayName Domain = $Domain ? $Domain : $existingUser.primDomain firstName = $FirstName ? $FirstName : $existingUser.GivenName LastName = $LastName ? $LastName : $existingUser.surname Jobtitle = $Jobtitle ? $Jobtitle : $existingUser.Jobtitle usageLocation = $UsageLocation ? $UsageLocation : $existingUser.UsageLocation BusinessPhone = if ($BusinessPhone.Count -eq 0) { $existingUser.BusinessPhones } else { $BusinessPhone } AddToGroups = $GroupsToAdd RemoveFromGroups = $GroupsToRemove CopyFrom = $CopyFrom Country = $Country ? $Country : $existingUser.Country PostalCode = $PostalCode ? $PostalCode : $existingUser.PostalCode CompanyName = $CompanyName ? $CompanyName : $existingUser.CompanyName StreetAddress = $StreetAddress ? $StreetAddress : $existingUser.StreetAddress MobilePhone = $MobilePhone ? $MobilePhone : $existingUser.MobilePhone Department = $Department ? $Department : $existingUser.Department City = $City ? $City : $existingUser.City MustChangePass = $MustChangePass } Invoke-CIPPRestMethod -Endpoint '/api/edituser' -Body $body -Method 'POST' } #EndRegion './public/Identity/Administration/Users/Set-CIPPUser.ps1' 191 #Region './public/Identity/Administration/Users/Start-CIPPUserOffboarding.ps1' -1 <# .SYNOPSIS Starts an offboarding job for a user in the specified tenant. .DESCRIPTION The Start-CIPPOffboardingJob function initiates the offboarding process for a user, handling various cleanup tasks like removing licenses and revoking sessions. .PARAMETER CustomerTenantID The ID of the customer tenant. If not provided, the default tenant is used. .PARAMETER UserID The ID of the user to be offboarded. .PARAMETER ConvertToShared Convert the mailbox to a shared mailbox. .PARAMETER RevokeSessions Revoke all active sessions for the user. .PARAMETER ResetPass Reset the user's password. .PARAMETER RemoveGroups Remove the user from all groups. .PARAMETER HideFromGAL Hide the user from the Global Address List. .PARAMETER DisableSignIn Disable the user's sign-in capability. .PARAMETER OnedriveAccess Grant OneDrive access to specified users. .PARAMETER AccessNoAutomap Grant mailbox access without automapping. .PARAMETER AccessAutomap Grant mailbox access with automapping. .PARAMETER OOO Set out-of-office message. .PARAMETER Forward Set email forwarding. .PARAMETER RemoveLicenses Remove all licenses assigned to the user. .PARAMETER DeleteUser Delete the user account. .PARAMETER RemoveRules Remove all mailbox rules. .PARAMETER RemoveMobile Remove all mobile devices associated with the user. .PARAMETER RemoveCalendarInvites Remove all calendar invites for the user. .PARAMETER RemovePermissions Remove all mailbox permissions. .PARAMETER RemoveMFADevices Remove all MFA devices associated with the user. .PARAMETER ClearImmutableId Clear the immutable ID for the user. .EXAMPLE Start-CIPPOffboardingJob -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -UserID "98765432-1234-5678-9012-34567890ABCD" -RevokeSessions -RemoveGroups -DeleteUser This example starts an offboarding job for the user with the specified ID in the customer tenant with the specified ID, revoking sessions, removing groups, and deleting the user account. #> function Start-CIPPUserOffboarding { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$UserID, [switch]$ConvertToSharedMailbox, [switch]$HideFromGAL, [switch]$RemoveCalendarInvites, [switch]$RemovePermissions, [switch]$RemoveRules, [switch]$RemoveMobileDevices, [switch]$RemoveGroups, [switch]$RemoveLicenses, [switch]$RevokeSessions, [switch]$DisableSignIn, [switch]$ClearImmutableId, [switch]$ResetPass, [switch]$RemoveMFADevices, [switch]$DeleteUser, [string[]]$OnedriveAccess, [string[]]$FullAccessNoAutomap, [string[]]$FullAccessAutomap, [string]$OutOfOffice, [string]$ForwardTo, [switch]$KeepCopy ) Write-Verbose "Starting offboarding job for user: $UserID" $OnedriveAccess = $OnedriveAccess | ForEach-Object { [pscustomobject]@{ value = $_ } } $FullAccessNoAutomap = $FullAccessNoAutomap | ForEach-Object { [pscustomobject]@{ value = $_ } } $FullAccessAutomap = $FullAccessAutomap | ForEach-Object { [pscustomobject]@{ value = $_ } } $endpoint = '/api/CIPPOffboardingJob' $params = @{ tenantFilter = $CustomerTenantID id = $UserID options = @{ ConvertToSharedMailbox = $ConvertToSharedMailbox.IsPresent RevokeSessions = $RevokeSessions.IsPresent ResetPass = $ResetPass.IsPresent RemoveGroups = $RemoveGroups.IsPresent HideFromGAL = $HideFromGAL.IsPresent DisableSignIn = $DisableSignIn.IsPresent OnedriveAccess = $OnedriveAccess AccessNoAutomap = $FullAccessNoAutomap AccessAutomap = $FullAccessAutomap OOO = $OutOfOffice forward = $ForwardTo keepCopy = $KeepCopy.IsPresent RemoveLicenses = $RemoveLicenses.IsPresent deleteuser = $DeleteUser.IsPresent removeRules = $RemoveRules.IsPresent removeMobile = $RemoveMobileDevices.IsPresent removeCalendarInvites = $RemoveCalendarInvites.IsPresent removePermissions = $RemovePermissions.IsPresent RemoveMFADevices = $RemoveMFADevices.IsPresent ClearImmutableId = $ClearImmutableId.IsPresent } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Administration/Users/Start-CIPPUserOffboarding.ps1' 155 #Region './public/Identity/Reports/Get-CIPPBasicAuth.ps1' -1 <# .SYNOPSIS Retrieves Basic Authentication information for a specific customer. .DESCRIPTION The Get-CIPPBasicAuth function retrieves Basic Authentication information for a specific customer by making a REST API call to the "/api/listbasicauth" endpoint. .PARAMETER CustomerTenantID The unique identifier of the customer's tenant. .EXAMPLE Get-CIPPBasicAuth -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves Basic Authentication information for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPBasicAuth { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Basic Auth for customer: $CustomerTenantID" $Endpoint = '/api/listbasicauth' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Identity/Reports/Get-CIPPBasicAuth.ps1' 30 #Region './public/Identity/Reports/Get-CIPPInactiveAccounts.ps1' -1 <# .SYNOPSIS Retrieves a list of inactive accounts for a specific customer. .DESCRIPTION The Get-CIPPInactiveAccounts function retrieves a list of inactive accounts for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant for which to retrieve the inactive accounts. .EXAMPLE Get-CIPPInactiveAccounts -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the list of inactive accounts for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPInactiveAccounts { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting inactive accounts for customer: $CustomerTenantID" $endpoint = '/api/listinactiveaccounts' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Reports/Get-CIPPInactiveAccounts.ps1' 31 #Region './public/Identity/Reports/Get-CIPPMFAUsers.ps1' -1 <# .SYNOPSIS Retrieves the MFA users for a specified customer tenant ID. .DESCRIPTION The Get-CIPPMFAUsers function retrieves the MFA users for a specified customer tenant ID by making a REST API call to the "/api/listmfausers" endpoint. .PARAMETER CustomerTenantID Specifies the customer tenant ID for which to retrieve the MFA users. .EXAMPLE Get-CIPPMFAUsers -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the MFA users for the customer tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPMFAUsers { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting MFA users for $CustomerTenantID" $endpoint = '/api/listmfausers' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Reports/Get-CIPPMFAUsers.ps1' 30 #Region './public/Identity/Reports/Get-CIPPSignIns.ps1' -1 <# .SYNOPSIS Retrieves sign-in information for a specific customer tenant. .DESCRIPTION The Get-CIPPSignIns function retrieves sign-in information for a specific customer tenant. It can filter the results based on various criteria such as failed logons. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve sign-in information. This parameter is mandatory. .PARAMETER failedlogononly Indicates whether to retrieve only failed logon sign-ins. This parameter is optional. .PARAMETER filter Specifies an additional filter to apply to the sign-in results. This parameter is optional. .EXAMPLE Get-CIPPSignIns -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -failedlogononly This example retrieves all failed logon sign-ins for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPSignIns { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$failedlogononly, [Parameter(Mandatory = $false)] [string]$filter ) Write-Verbose "Getting Signins for $CustomerTenantID" $endpoint = '/api/listsignins' $params = @{ tenantfilter = $CustomerTenantID filter = $filter } if ($failedlogononly) { $params.failedlogononly = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Identity/Reports/Get-CIPPSignIns.ps1' 48 #Region './public/Invoke-CIPPRestMethod.ps1' -1 <# .SYNOPSIS Invokes a REST method using the CIPP API. .DESCRIPTION The Invoke-CIPPRestMethod function is used to send HTTP requests to the CIPP API. It supports various HTTP methods such as GET, POST, PUT, DELETE, etc. The function assembles the request parameters, including the endpoint, query parameters, request body, headers, and authorization token. It then sends the request using the Invoke-RestMethod cmdlet and returns the response. .PARAMETER Endpoint The endpoint of the API to send the request to. .PARAMETER Params Optional. A hashtable of query parameters to include in the request URL. .PARAMETER Method Optional. The HTTP method to use for the request. The default value is 'GET'. .PARAMETER Body Optional. A hashtable representing the request body. It will be converted to JSON before sending the request. .PARAMETER ContentType Optional. The content type of the request body. The default value is 'application/json'. .PARAMETER Authorization Optional. The authorization token to include in the request headers. .EXAMPLE Invoke-CIPPRestMethod -Endpoint '/api/Listusers' -Method 'GET' -Params @{ 'tenantfilter' = '11c11ab1-527a-1d29-l92e-76413h012s76' } This example sends a GET request to the '/api/Listusers' endpoint with a query parameter 'tenantfilter' set to '11c11ab1-527a-1d29-l92e-76413h012s76'. .EXAMPLE Invoke-CIPPRestMethod -Endpoint '/api/ListMailboxPermissions' -Params @{ 'tenantfilter' = '', 'userid' = '11c11ab1-527a-1d29-l92e-76413h012s76'} This example sends a GET request to the '/api/ListMailboxPermissions' endpoint with a query parameter 'tenantfilter' set to '' and 'userid' set to '11c11ab1-527a-1d29-l92e-76413h012s76' .EXAMPLE Invoke-CIPPRestMethod -Endpoint '/api/adduser' -method 'POST' -Body @{ 'tenantID' = '11c11ab1-527a-1d29-l92e-76413h012s76';'DisplayName' = 'Test User';'UserName' = 'testuser';'AutoPassword' = $true;'FirstName' = 'Test';'LastName' = 'User';'Domain' = '';'CopyFrom' = "" } This example sends a POST request to the '/api/adduser' endpoint with a Body 'tenantID' set to '11c11ab1-527a-1d29-l92e-76413h012s76' and 'DisplayName' set to 'Test User', 'UserName' set to 'testuser', 'AutoPassword' set to $true, 'FirstName' set to 'Test', 'LastName' set to 'User', 'Domain' set to '' #> function Invoke-CIPPRestMethod { param ( [string]$Endpoint, [hashtable]$Params = @{}, [ValidateSet('GET', 'POST')][string]$Method = 'GET', [hashtable]$Body = @{}, [string]$ContentType = 'application/json', [string]$Authorization = $null ) try { Invoke-CIPPPreFlightCheck } catch { Write-Error "$($_.Exception.Message)" break } $Headers = $script:AuthHeader # Assemble parameters $ParamCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty) $Params.GetEnumerator() | ForEach-Object { $ParamCollection.Add($_.Key, $_.Value) } $Request = $ParamCollection.ToString() $UriBuilder = [System.UriBuilder]('{0}{1}' -f $script:CIPPAPIUrl, $Endpoint) $UriBuilder.Query = $Request $BodyJson = $Body | ConvertTo-Json -Depth 10 $Request = @{ Uri = $UriBuilder.ToString() Method = $Method Headers = $Headers ContentType = $ContentType Body = $BodyJson } Write-Verbose "$Method [ $($UriBuilder.ToString()) ]" $response = Invoke-RestMethod @Request return $response } #EndRegion './public/Invoke-CIPPRestMethod.ps1' 83 #Region './public/Security/Defender/Get-CIPPDefenderState.ps1' -1 <# .SYNOPSIS Retrieves the Defender state for a specific customer. .DESCRIPTION The Get-CIPPDefenderState function retrieves the Defender state for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID Specifies the tenant ID of the customer for whom the Defender state needs to be retrieved. .EXAMPLE Get-CIPPDefenderState -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Defender state for the customer with the specified tenant ID. #> function Get-CIPPDefenderState { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [Guid]$CustomerTenantID ) Write-Verbose "Getting Defender State for customer: $CustomerTenantID" $endpoint = '/api/listdefenderstate' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Defender/Get-CIPPDefenderState.ps1' 31 #Region './public/Security/Defender/Get-CIPPDefenderTVM.ps1' -1 <# .SYNOPSIS Retrieves Defender TVM for a specific customer. .DESCRIPTION The Get-CIPPDefenderTVM function retrieves the Defender TVM (Threat and Vulnerability Management) for a specific customer based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the unique identifier of the customer's tenant. .EXAMPLE Get-CIPPDefenderTVM -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Defender TVM for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDefenderTVM { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Defender TVM for customer: $CustomerTenantID" $endpoint = '/api/listdefendertvm' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Defender/Get-CIPPDefenderTVM.ps1' 30 #Region './public/Security/Incidents/Get-CIPPAlertsList.ps1' -1 <# .SYNOPSIS Retrieves a list of alerts for a specific customer. .DESCRIPTION The Get-CIPPAlertsList function retrieves a list of alerts for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the alerts. .EXAMPLE Get-CIPPAlertsList -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the alerts for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAlertsList { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Alerts for customer: $CustomerTenantID" $endpoint = '/api/execalertslist' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Incidents/Get-CIPPAlertsList.ps1' 30 #Region './public/Security/Incidents/Get-CIPPAlertsQueue.ps1' -1 <# .SYNOPSIS Retrieves the alerts from the queue. .DESCRIPTION The Get-CIPPAlertsQueue function retrieves a list of alerts from the queue for a specific customer identified by their tenant ID. .EXAMPLE Get-CIPPAlertsQueue Retrieves the alerts from the queue. .NOTES Requires appropriate permissions to access queue information. #> function Get-CIPPAlertsQueue { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Alerts Queue for customer: $CustomerTenantID" $endpoint = '/api/ListAlertsQueue' $params = @{ } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Incidents/Get-CIPPAlertsQueue.ps1' 29 #Region './public/Security/Incidents/Get-CIPPIncidentList.ps1' -1 <# .SYNOPSIS Retrieves a list of incidents for a specific customer. .DESCRIPTION The Get-CIPPIncidentList function retrieves a list of incidents for a specific customer identified by their tenant ID. .PARAMETER CustomerTenantID The tenant ID of the customer for whom to retrieve the incidents. .EXAMPLE Get-CIPPIncidentList -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the incidents for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPIncidentList { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Incidents for customer: $CustomerTenantID" $endpoint = '/api/execincidentslist' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Incidents/Get-CIPPIncidentList.ps1' 30 #Region './public/Security/Reports/Get-CIPPBreachesAccount.ps1' -1 <# .SYNOPSIS Gets account breach information. .DESCRIPTION The Get-CIPPBreachesAccount function retrieves information about potential security breaches associated with accounts in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER AccountOrDomain Specifies the account or domain to check for breaches. .EXAMPLE Get-CIPPBreachesAccount -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -AccountOrDomain "" Retrieves breach information for the specified account. .EXAMPLE Get-CIPPBreachesAccount -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -AccountOrDomain "" Retrieves breach information for the specified domain. .NOTES Requires appropriate permissions to view security breach information. #> function Get-CIPPBreachesAccount { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$AccountOrDomain ) Write-Verbose "Getting breach information for $AccountOrDomain in tenant $CustomerTenantID" $endpoint = '/api/ListBreachesAccount' $params = @{ tenantFilter = $CustomerTenantID account = $AccountOrDomain } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Security/Reports/Get-CIPPBreachesAccount.ps1' 46 #Region './public/Security/Reports/Get-CIPPBreachesTenant.ps1' -1 <# .SYNOPSIS Gets tenant-wide breach information. .DESCRIPTION The Get-CIPPBreachesTenant function retrieves information about potential security breaches across the entire tenant in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPBreachesTenant -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Retrieves breach information for all accounts in the specified tenant. .NOTES Requires appropriate permissions to view security breach information. #> function Get-CIPPBreachesTenant { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting tenant-wide breach information for tenant $CustomerTenantID" $endpoint = '/api/ListBreachesTenant' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Security/Reports/Get-CIPPBreachesTenant.ps1' 35 #Region './public/Security/Reports/Get-CIPPBreachSearch.ps1' -1 <# .SYNOPSIS Searches for security breaches. .DESCRIPTION The Get-CIPPBreachSearch function executes a search for security breaches in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPBreachSearch -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Gets all breach information for the specified tenant. .NOTES Requires appropriate permissions to access security breach information. #> function Get-CIPPBreachSearch { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting breach information for tenant $CustomerTenantID" $endpoint = '/api/ExecBreachSearch' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Security/Reports/Get-CIPPBreachSearch.ps1' 35 #Region './public/Security/Reports/Get-CIPPDeviceCompliance.ps1' -1 <# .SYNOPSIS Retrieves device compliance information for a specific customer tenant. .DESCRIPTION The Get-CIPPDeviceCompliance function retrieves device compliance information for a specified customer tenant. It makes use of the Invoke-CIPPRestMethod function to send a request to the CIPP API and retrieve the device compliance data. .PARAMETER CustomerTenantID The unique identifier of the customer tenant for which to retrieve device compliance information. .EXAMPLE Get-CIPPDeviceCompliance -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves device compliance information for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDeviceCompliance { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Device Compliance for $CustomerTenantID" $endpoint = '/api/listalltenantdevicecompliance' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Security/Reports/Get-CIPPDeviceCompliance.ps1' 30 #Region './public/Set-CIPPAPIDetails.ps1' -1 <# .SYNOPSIS Sets the CIPP API details. .DESCRIPTION The Set-CIPPAPIDetails function is used to set the CIPP API details, including the client ID, client secret, API URL, and tenant ID. .PARAMETER CIPPClientID Specifies the client ID for the CIPP API. .PARAMETER CIPPClientSecret Specifies the client secret for the CIPP API. .PARAMETER CIPPAPIUrl Specifies the URL for the CIPP API. .PARAMETER TenantID Specifies the tenant ID for the CIPP API. .EXAMPLE Set-CIPPAPIDetails -CIPPClientID "d8d41058-97df-4b80-8e1b-7083d756409f" -CIPPClientSecret "YourSecurePassword" -CIPPAPIUrl "" -TenantID "7c2f78c0-554e-4f42-a663-c4df3ce7f51f" This example sets the CIPP API details with the specified values. #> function Set-CIPPAPIDetails { [CmdletBinding()] Param( [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [string]$CIPPClientID, [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [String]$CIPPClientSecret, [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [String]$CIPPAPIUrl, [Parameter(ParameterSetName = 'CIPP', Mandatory = $true)] [String]$TenantID ) Write-Verbose 'Setting CIPP API Keys' $script:CIPPClientID = $CIPPClientID $script:CIPPClientSecret = $CIPPClientSecret $script:CIPPAPIUrl = $CIPPAPIUrl $script:TenantID = $TenantID } #EndRegion './public/Set-CIPPAPIDetails.ps1' 44 #Region './public/Settings/Invoke-CIPPSchedulerBillingRun.ps1' -1 <# .SYNOPSIS Executes the scheduler billing run. .DESCRIPTION The Invoke-CIPPSchedulerBillingRun function executes the scheduler billing run. .EXAMPLE Invoke-CIPPSchedulerBillingRun Executes the scheduler billing run. #> function Invoke-CIPPSchedulerBillingRun { [CmdletBinding()] param () Write-Verbose 'Executing scheduler billing run' $endpoint = '/api/ExecSchedulerBillingRun' $body = @{ } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Settings/Invoke-CIPPSchedulerBillingRun.ps1' 24 #Region './public/Teams-Sharepoint/OneDrive/Get-CIPPOneDriveList.ps1' -1 <# .SYNOPSIS Retrieves a list of OneDrive sites for a specified customer tenant. .DESCRIPTION The Get-CIPPOneDriveList function retrieves a list of OneDrive sites for a specified customer tenant. It uses the Invoke-CIPPRestMethod function to make a REST API call to retrieve the sites. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the OneDrive sites. .PARAMETER urlonly Specifies whether to return only the URLs of the OneDrive sites. If this switch is used, only the URLs will be returned. .PARAMETER UserUPN The user's UPN (User Principal Name) for which to retrieve the OneDrive sites. This parameter is optional. .EXAMPLE PS> Get-CIPPOneDriveList -CustomerTenantID "" Retrieves a list of OneDrive sites for the customer tenant with the ID "". .EXAMPLE PS> Get-CIPPOneDriveList -CustomerTenantID "" -urlonly Retrieves a list of OneDrive site URLs for the customer tenant with the ID "". .EXAMPLE PS> Get-CIPPOneDriveList -CustomerTenantID "" -UserUPN "" Retrieves a list of OneDrive sites for the customer tenant with the ID "" and the specified user's UPN "". #> function Get-CIPPOneDriveList { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$urlonly, [Parameter(Mandatory = $false)] [string]$UserUPN ) Write-Verbose "Getting sites for $CustomerTenantID" $endpoint = '/api/listsites' $params = @{ tenantfilter = $CustomerTenantID type = 'OneDriveUsageAccount' userupn = $UserUPN } if ($urlonly) { $params.URLOnly = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/OneDrive/Get-CIPPOneDriveList.ps1' 58 #Region './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDrivePerms.ps1' -1 <# .SYNOPSIS Sets permissions for a user on a OneDrive. .DESCRIPTION The Set-CIPPOneDrivePerms function is used to give or remove access permissions for a specified user on a OneDrive. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER OneDriveUserUPN The User Principal Name (UPN) of the OneDrive user. .PARAMETER RemovePermission Specifies whether to remove the access permission for the specified user. If set to $true, the permission will be removed. If set to $false, the permission will be granted. .PARAMETER GiveAccessToUPN The User Principal Name (UPN) of the user to whom access is being granted or removed. .EXAMPLE Set-CIPPOneDrivePerms -CustomerTenantID "" -OneDriveUserUPN "" -RemovePermission $false -GiveAccessToUPN "" Grants access to "" on the OneDrive of user "" in the "" tenant. .EXAMPLE Set-CIPPOneDrivePerms -CustomerTenantID "" -OneDriveUserUPN "" -RemovePermission $true -GiveAccessToUPN "" Removes access for "" from the OneDrive of user "" in the "" tenant. #> function Set-CIPPOneDrivePerms { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$OneDriveUserUPN, [Parameter(Mandatory = $true)] [bool]$RemovePermission, [Parameter(Mandatory = $true)] [string]$GiveAccessToUPN ) Write-Verbose "Giving access to $GiveAccessToUPN on $OneDriveUserUPN's OneDrive." $endpoint = '/api/ExecSharePointPerms' $body = @{ TenantFilter = $CustomerTenantID UPN = $OneDriveUserUPN URL = $SiteUrl RemovePermission = $RemovePermission input = $GiveAccessToUPN } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDrivePerms.ps1' 53 #Region './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDriveShortCut.ps1' -1 <# .SYNOPSIS Creates a OneDrive shortcut for a user to a specified SharePoint URL. .DESCRIPTION The Set-CIPPOneDriveShortCut function creates a OneDrive shortcut for a specified user to a specified SharePoint URL. It uses the Invoke-CIPPRestMethod function to make a POST request to the "/api/execonedriveshortcut" endpoint. .PARAMETER CustomerTenantID The default domain of the customer's tenant. .PARAMETER Username The username of the user for whom the OneDrive shortcut is being created. .PARAMETER UserID The UserID of the user for whom the OneDrive shortcut is being created. .PARAMETER SharePointURL The URL of the SharePoint site to which the OneDrive shortcut will point. .EXAMPLE Set-CIPPOneDriveShortCut -CustomerTenantID "" -Username "" -UserID "98765432-1234-5678-9012-34567890abcd" -SharePointURL "" This example creates a OneDrive shortcut for the user "" to the SharePoint site located at "" in the customer's tenant with the ID "". #> function Set-CIPPOneDriveShortCut { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Username, [Parameter(Mandatory = $true)] [guid]$UserID, [Parameter(Mandatory = $true)] [string]$SharePointURL ) Write-Verbose "Creating OneDrive Shortcut for $Username to $SharePointURL" $endpoint = '/api/execonedriveshortcut' $body = @{ TenantFilter = $CustomerTenantID username = $Username userid = $UserID input = $SharePointURL } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/OneDrive/Set-CIPPOneDriveShortCut.ps1' 51 #Region './public/Teams-Sharepoint/Sharepoint/Add-CIPPSharePointSite.ps1' -1 <# .SYNOPSIS Adds a new SharePoint site to the specified customer tenant. .DESCRIPTION The Add-CIPPSharePointSite function creates a new SharePoint site with the specified parameters. It supports different site designs and templates. .PARAMETER CustomerTenantID The ID of the customer tenant where the SharePoint site will be added. This parameter is mandatory. .PARAMETER DisplayName The display name of the SharePoint site. This parameter is mandatory. .PARAMETER Description The description of the SharePoint site. This parameter is mandatory. .PARAMETER Owner The owner of the SharePoint site. Should be a valid user principal name (UPN). This parameter is mandatory. .PARAMETER SiteDesign The design of the SharePoint site. Valid values are 'Topic', 'Showcase', 'Blank', and 'Custom'. The default value is 'Showcase'. This parameter is optional. .PARAMETER TemplateName The template of the SharePoint site. Valid values are 'Communication' and 'Team'. The default value is 'Communication'. This parameter is optional. .EXAMPLE Add-CIPPSharePointSite -CustomerTenantID "166cc908-10b2-405f-a00b-03006c430c9c" -DisplayName "Project Site" -Description "Site for project collaboration" -Owner "" This example adds a new SharePoint site with the display name "Project Site" and the description "Site for project collaboration" to the customer tenant with ID "166cc908-10b2-405f-a00b-03006c430c9c". The owner of the site is "". .EXAMPLE Add-CIPPSharePointSite -CustomerTenantID "" -DisplayName "Project Site" -Description "Site for project collaboration" -Owner "" This example adds a new SharePoint site with the display name "Project Site" and the description "Site for project collaboration" to the customer tenant with ID "". The owner of the site is "". .NOTES This function requires the Invoke-CIPPRestMethod cmdlet to send the request to the API endpoint. #> function Add-CIPPSharePointSite { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $true)] [string]$Description, [Parameter(Mandatory = $true)] [string]$Owner, [Parameter(Mandatory = $false)] [ValidateSet('Topic', 'Showcase', 'Blank', 'Custom')] [string]$SiteDesign = 'Showcase', [Parameter(Mandatory = $false)] [ValidateSet('Communication', 'Team')] [string]$TemplateName = 'Communication' ) Write-Verbose "Adding SharePoint site $DisplayName for $CustomerTenantID" $endpoint = '/api/AddSite' $Body = @{ tenantFilter = $CustomerTenantID siteName = $DisplayName siteDescription = $Description siteOwner = @{ value = $Owner } siteDesign = @{ value = $SiteDesign } TemplateName = @{ value = $TemplateName } } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $Body -Method 'POST' } #EndRegion './public/Teams-Sharepoint/Sharepoint/Add-CIPPSharePointSite.ps1' 72 #Region './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointQuota.ps1' -1 <# .SYNOPSIS Retrieves the SharePoint quota for a specific customer tenant. .DESCRIPTION The Get-CIPPSharePointQuota function retrieves the SharePoint quota for a specific customer tenant by making a REST API call to the "/api/listsharepointquota" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which the SharePoint quota needs to be retrieved. .EXAMPLE Get-CIPPSharePointQuota -CustomerTenantID "" This example retrieves the SharePoint quota for the customer tenant with the ID "". .EXAMPLE Get-CIPPSharePointQuota -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves the SharePoint quota for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPSharePointQuota { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting SharePoint quota for $CustomerTenantID" $endpoint = '/api/listsharepointquota' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointQuota.ps1' 34 #Region './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointSites.ps1' -1 <# .SYNOPSIS Retrieves SharePoint sites for a specified customer tenant. .DESCRIPTION The Get-CIPPSharePointSites function retrieves SharePoint sites for a specified customer tenant. It uses the Invoke-CIPPRestMethod function to make a REST API call to retrieve the sites. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve SharePoint sites. This parameter is mandatory. .PARAMETER urlonly Specifies whether to retrieve only the URLs of the SharePoint sites. By default, this parameter is not specified. .PARAMETER UserUPN The user's UPN (User Principal Name) for which to retrieve SharePoint sites. This parameter is optional. .EXAMPLE Get-CIPPSharePointSites -CustomerTenantID "" Retrieves all SharePoint sites for the customer tenant "". .EXAMPLE Get-CIPPSharePointSites -CustomerTenantID "" -urlonly Retrieves only the URLs of the SharePoint sites for the customer tenant "". .EXAMPLE Get-CIPPSharePointSites -CustomerTenantID "" -UserUPN "" Retrieves SharePoint sites for the user "" in the customer tenant "". #> function Get-CIPPSharePointSites { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$urlonly, [Parameter(Mandatory = $false)] [string]$UserUPN ) Write-Verbose "Getting sites for $CustomerTenantID" $endpoint = '/api/listsites' $params = @{ tenantfilter = $CustomerTenantID type = 'SharePointSiteUsage' userupn = $UserUPN } if ($urlonly) { $params.URLOnly = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Sharepoint/Get-CIPPSharePointSites.ps1' 55 #Region './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteAdmin.ps1' -1 <# .SYNOPSIS Sets the SharePoint site admin for a given site. .DESCRIPTION The Set-CIPPSharePointSiteAdmin function sets the SharePoint site admin for a specified site by making a REST API call to the CIPP API. .PARAMETER CustomerTenantID The ID of the customer's tenant. .PARAMETER CurrentAdminUPN The UPN (User Principal Name) of the current site admin. .PARAMETER SiteUrl The URL of the SharePoint site. .PARAMETER RemovePermission Specifies whether to remove the admin permission for the current admin UPN. .PARAMETER AdditionalAdminUPN The UPN of the additional admin to be added. .EXAMPLE Set-CIPPSharePointSiteAdmin -CustomerTenantID "" -CurrentAdminUPN "" -SiteUrl "" -RemovePermission $true -AdditionalAdminUPN "" Sets the SharePoint site admin for the site "" by removing the admin permission for "" and adding "" as an additional admin. #> function Set-CIPPSharePointSiteAdmin { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$CurrentAdminUPN, [Parameter(Mandatory = $true)] [string]$SiteUrl, [Parameter(Mandatory = $true)] [bool]$RemovePermission, [Parameter(Mandatory = $true)] [string]$AdditionalAdminUPN ) Write-Verbose "Setting SharePoint Owner on $Url" $endpoint = '/api/ExecSharePointPerms' $body = @{ TenantFilter = $CustomerTenantID UPN = $CurrentAdminUPN URL = $SiteUrl RemovePermission = $RemovePermission input = $AdditionalAdminUPN } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteAdmin.ps1' 55 #Region './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteMembers.ps1' -1 <# .SYNOPSIS Sets SharePoint site members with specified permissions. .DESCRIPTION The Set-CIPPSharePointSiteMembers function is used to set SharePoint site members with specified permissions. It sends a request to the CIPP API to execute the operation. .PARAMETER CustomerTenantID Specifies the ID of the customer's tenant. .PARAMETER SharePointType Specifies the type of SharePoint site. .PARAMETER SiteUrl Specifies the URL of the SharePoint site. .PARAMETER AddPermission Specifies whether to add or remove permissions for the user. .PARAMETER GroupUPN Specifies the UPN (User Principal Name) of the site group. .PARAMETER UserToGiveAccessUPN Specifies the UPN of the user to give access to. .EXAMPLE Set-CIPPSharePointSiteMembers -CustomerTenantID "" -SharePointType "Group" -SiteUrl "" -AddPermission $true -GroupUPN "" -UserToGiveAccessUPN "" Sets the SharePoint site members by adding permissions for the specified user. . #> function Set-CIPPSharePointSiteMembers { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$SharePointType, [Parameter(Mandatory = $true)] [string]$SiteUrl, [Parameter(Mandatory = $true)] [bool]$AddPermission, [Parameter(Mandatory = $true)] [string]$GroupUPN, [Parameter(Mandatory = $true)] [string]$UserToGiveAccessUPN ) Write-Verbose "Setting SharePoint Member on $Url" $endpoint = '/api/ExecSetSharePointMember' $body = @{ TenantFilter = $CustomerTenantID SharePointType = $SharePointType URL = $SiteUrl add = $AddPermission GroupId = $GroupUPN input = $UserToGiveAccessUPN } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Teams-Sharepoint/Sharepoint/Set-CIPPSharePointSiteMembers.ps1' 61 #Region './public/Teams-Sharepoint/Teams/Add-CIPPTeam.ps1' -1 <# .SYNOPSIS Adds a new team site to the specified customer tenant. .DESCRIPTION The Add-CIPPTeam function creates a new team site in the specified customer tenant using the provided display name, description, visibility, and owner. .PARAMETER CustomerTenantID The ID of the customer tenant where the team site will be added. Can be the tenant ID or default domain name. .PARAMETER DisplayName The display name of the new team site. .PARAMETER Description A description for the new team site. .PARAMETER Visibility The visibility setting for the new team site (e.g., Public or Private). .PARAMETER Owner The owner of the new team site. Should be a valid user principal name (UPN) with a teams license assigned. .EXAMPLE Add-CIPPTeam -CustomerTenantID "9d606831-a394-4d1a-b508-260f428807a4" -DisplayName "Engineering Team" -Description "Team for engineering department" -Visibility "Private" -Owner "" This example adds a new team site named "Engineering Team" with the description "Team for engineering department" to the customer tenant with the ID "12345". The team site is set to private visibility and owned by .EXAMPLE Add-CIPPTeam -CustomerTenantID "" -DisplayName "Marketing Team" -Description "Team for marketing department" -Visibility "Public" -Owner "" This example adds a new team site named "Marketing Team" with the description "Team for marketing department" to the customer tenant with the ID "67890". The team site is set to public visibility and owned by .NOTES This function requires the Invoke-CIPPRestMethod cmdlet to send the request to the API endpoint. #> function Add-CIPPTeam { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$Description, [Parameter(Mandatory = $true)] [ValidateSet('private', 'public')] [string]$Visibility, [Parameter(Mandatory = $true)] [string]$Owner ) Write-Verbose "Adding team site $DisplayName for $CustomerTenantID" $endpoint = '/api/AddTeam' $Body = @{ tenantID = $CustomerTenantID displayName = $DisplayName description = $Description visibility = $Visibility owner = $Owner } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $Body -Method 'POST' } #EndRegion './public/Teams-Sharepoint/Teams/Add-CIPPTeam.ps1' 63 #Region './public/Teams-Sharepoint/Teams/Get-CIPPTeams.ps1' -1 <# .SYNOPSIS Retrieves teams sites for a specified customer tenant ID. .DESCRIPTION The Get-CIPPTeams function retrieves teams sites for a specified customer tenant ID. It uses the Invoke-CIPPRestMethod function to make a REST API call to retrieve the teams sites. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve teams sites. This parameter is mandatory. .PARAMETER ID The ID of the teams site to retrieve. This parameter is optional. .EXAMPLE Get-CIPPTeams -CustomerTenantID "" Retrieves all teams sites for the "" tenant. .EXAMPLE Get-CIPPTeams -CustomerTenantID "" -ID "12345" Retrieves the teams site with the ID "12345" for the "" tenant. #> function Get-CIPPTeams { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$ID ) Write-Verbose "Getting teams sites for $CustomerTenantID" $endpoint = '/api/listteams' $params = @{ tenantfilter = $CustomerTenantID type = if ($ID) { 'team' } else { 'list' } ID = $id } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Teams/Get-CIPPTeams.ps1' 43 #Region './public/Teams-Sharepoint/Teams/Get-CIPPTeamsActivity.ps1' -1 <# .SYNOPSIS Retrieves the activity of Teams users in a specified customer tenant. .DESCRIPTION The Get-CIPPTeamsActivity function retrieves the activity of Teams users in a specified customer tenant. It makes use of the Invoke-CIPPRestMethod function to send a request to the "/api/listteamsactivity" endpoint with the provided parameters. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the Teams activity. .EXAMPLE Get-CIPPTeamsActivity -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Teams activity for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPTeamsActivity { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting teams activity $CustomerTenantID" $endpoint = '/api/listteamsactivity' $params = @{ tenantfilter = $CustomerTenantID type = 'TeamsUserActivityUser' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Teams/Get-CIPPTeamsActivity.ps1' 32 #Region './public/Teams-Sharepoint/Teams/Get-CIPPTeamsVoice.ps1' -1 <# .SYNOPSIS Retrieves teams voice information for a specified customer tenant ID. .DESCRIPTION The Get-CIPPTeamsVoice function retrieves teams voice information for a specified customer tenant ID. It makes use of the Invoke-CIPPRestMethod function to send a request to the "/api/listteamsvoice" endpoint with the provided tenant filter. .PARAMETER CustomerTenantID The customer tenant ID for which to retrieve teams voice information. This parameter is mandatory. .EXAMPLE Get-CIPPTeamsVoice -CustomerTenantID "" Retrieves teams voice information for the customer tenant with the ID "". #> function Get-CIPPTeamsVoice { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting teams voice $CustomerTenantID" $endpoint = '/api/listteamsvoice' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Teams-Sharepoint/Teams/Get-CIPPTeamsVoice.ps1' 31 #Region './public/Teams/Voice/Get-CIPPTeamsLisLocation.ps1' -1 <# .SYNOPSIS Gets Teams LIS locations. .DESCRIPTION The Get-CIPPTeamsLisLocation function retrieves Location Information Service (LIS) locations for Teams emergency services from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPTeamsLisLocation -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Returns all LIS locations configured for Teams in the specified tenant. .NOTES Requires Teams.Voice.Read permissions. LIS locations are used for emergency services to determine caller location. #> function Get-CIPPTeamsLisLocation { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Teams LIS locations for tenant $CustomerTenantID" $endpoint = '/api/ListTeamsLisLocation' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Teams/Voice/Get-CIPPTeamsLisLocation.ps1' 36 #Region './public/Tenant/Administration/Alerts/Get-CIPPAlerts.ps1' -1 <# .SYNOPSIS Retrieves CIPP alerts from the API. .DESCRIPTION The Get-CIPPAlerts function retrieves CIPP alerts from the API by invoking the "/api/getcippalerts" endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPAlerts Retrieves CIPP alerts from the API. #> function Get-CIPPAlerts { [CmdletBinding()] param () Write-Verbose 'Getting CIPP Alerts' # Define the endpoint and parameters $endpoint = '/api/getcippalerts' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Tenant/Administration/Alerts/Get-CIPPAlerts.ps1' 28 #Region './public/Tenant/Administration/Alerts/Get-CIPPAuditLog.ps1' -1 <# .SYNOPSIS Gets audit logs from CIPP. .DESCRIPTION The Get-CIPPAuditLog function retrieves audit logs from CIPP with various filtering options. It allows filtering by tenant, specific log ID, date range, or relative time period. .PARAMETER CustomerTenantID The ID of the customer tenant to get logs from. Use 'AllTenants' for logs across all tenants. .PARAMETER LogID A specific log entry ID to retrieve. .PARAMETER StartDate The start date for filtering logs. Accepts DateTime object. .PARAMETER EndDate The end date for filtering logs. Accepts DateTime object. .PARAMETER RelativeTime A timespan object specifying a relative time period to retrieve logs from. Will be converted to format: Xd (days), Xh (hours), or Xm (minutes). .EXAMPLE Get-CIPPAuditLog -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Gets audit logs for specified tenant using default 2 day time range. .EXAMPLE Get-CIPPAuditLog -CustomerTenantID "AllTenants" -RelativeTime ([TimeSpan]::FromHours(24)) Gets audit logs across all tenants from the last 24 hours. .EXAMPLE Get-CIPPAuditLog -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) Gets audit logs for specified tenant from the last 7 days. .EXAMPLE Get-CIPPAuditLog -LogID "abc123" -CustomerTenantID "tenant1" -RelativeTime ([TimeSpan]::FromDays(1)) Gets a specific audit log entry. .NOTES Requires CIPP.Alert.Read permissions. Defaults to last 2 days if no valid relative time specified. Calls /api/ListAuditLogs endpoint. #> function Get-CIPPAuditLog { [CmdletBinding(DefaultParameterSetName = 'RelativeTime')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'TimeRange')] [Parameter(Mandatory = $true, ParameterSetName = 'RelativeTime')] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$LogID, [Parameter(Mandatory = $false, ParameterSetName = 'TimeRange')] [ValidateNotNullOrEmpty()] [datetime]$StartDate, [Parameter(Mandatory = $false, ParameterSetName = 'TimeRange')] [ValidateNotNullOrEmpty()] [datetime]$EndDate, [Parameter(Mandatory = $false, ParameterSetName = 'TimeRange')] [Parameter(Mandatory = $true, ParameterSetName = 'RelativeTime')] [timespan]$RelativeTime ) Write-Verbose "Getting audit logs for tenant $CustomerTenantID" # Convert relative time to expected input format if ($RelativeTime.Days -ne 0) { $RelativeTimeFormatted = "$($RelativeTime.Days)d" } elseif ($RelativeTime.Hours -ne 0) { $RelativeTimeFormatted = "$($RelativeTime.Hours)h" } elseif ($RelativeTime.Minutes -ne 0) { $RelativeTimeFormatted = "$($RelativeTime.Minutes)m" } else { Write-Warning 'No valid relative time specified. Defaulting to last 2 days.' $RelativeTimeFormatted = '2d' } $endpoint = '/api/ListAuditLogs' $params = @{ tenantFilter = $CustomerTenantID LogId = $LogID RelativeTime = $RelativeTimeFormatted } if ($null -ne $StartDate) { $params['StartDate'] = (ConvertTo-UnixTime $StartDate) } if ($null -ne $EndDate) { $params['EndDate'] = (ConvertTo-UnixTime $EndDate) } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Tenant/Administration/Alerts/Get-CIPPAuditLog.ps1' 98 #Region './public/Tenant/Administration/Get-CIPPAppConsentReqs.ps1' -1 <# .SYNOPSIS Retrieves app consent requests for a specific customer tenant. .DESCRIPTION The Get-CIPPAppConsentReqs function retrieves app consent requests for a specific customer tenant by making a REST API call to the "/api/listappconsentrequests" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve app consent requests. This parameter is mandatory. .EXAMPLE Get-CIPPAppConsentReqs -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves app consent requests for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPAppConsentReqs { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting app consent requests for customer: $CustomerTenantID" $Endpoint = '/api/listappconsentrequests' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Administration/Get-CIPPAppConsentReqs.ps1' 32 #Region './public/Tenant/Administration/Get-CIPPDomains.ps1' -1 <# .SYNOPSIS Retrieves the domains for a specific customer. .DESCRIPTION The Get-CIPPDomains function retrieves the domains associated with a specific customer in the CIPP system. .PARAMETER CustomerTenantID The unique identifier of the customer's tenant. .EXAMPLE Get-CIPPDomains -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves the domains for the customer with the tenant ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> Function Get-CIPPDomains { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Domains for customer: $CustomerTenantID" # Define the endpoint and parameters $endpoint = '/api/ListDomains' $params = @{ tenantfilter = $CustomerTenantID } # Use the Invoke-CIPPRequest function to make the request Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Get-CIPPDomains.ps1' 35 #Region './public/Tenant/Administration/Get-CIPPTenantOnboarding.ps1' -1 <# .SYNOPSIS Gets tenant onboarding information. .DESCRIPTION The Get-CIPPTenantOnboarding function retrieves onboarding information for tenants in CIPP, including onboarding steps, relationships, and logs. .EXAMPLE Get-CIPPTenantOnboarding Returns onboarding information for all tenants, sorted by timestamp in descending order. .NOTES Requires Tenant.Administration.Read permissions. The results include: - Onboarding steps and their status - Relationship information - Onboarding logs #> function Get-CIPPTenantOnboarding { [CmdletBinding()] param () Write-Verbose 'Getting tenant onboarding information' $endpoint = '/api/ListTenantOnboarding' Invoke-CIPPRestMethod -Endpoint $endpoint -Method GET } #EndRegion './public/Tenant/Administration/Get-CIPPTenantOnboarding.ps1' 30 #Region './public/Tenant/Administration/Licenses/Get-CIPPCSPLicenses.ps1' -1 <# .SYNOPSIS Gets CSP license information. .DESCRIPTION The Get-CIPPCSPLicenses function retrieves Cloud Solution Provider (CSP) license information from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPCSPLicenses -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Retrieves CSP license information for the specified tenant. .NOTES Requires appropriate permissions to view CSP license information. #> function Get-CIPPCSPLicenses { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting CSP license information for tenant $CustomerTenantID" $endpoint = '/api/ListCSPLicenses' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Tenant/Administration/Licenses/Get-CIPPCSPLicenses.ps1' 35 #Region './public/Tenant/Administration/Licenses/Get-CIPPCSPSku.ps1' -1 <# .SYNOPSIS Gets CSP SKU information. .DESCRIPTION The Get-CIPPCSPSku function retrieves Cloud Solution Provider (CSP) SKU information from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .EXAMPLE Get-CIPPCSPSku -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" Retrieves CSP SKU information for the specified tenant. .NOTES Requires appropriate permissions to view CSP SKU information. #> function Get-CIPPCSPSku { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting CSP SKU information for tenant $CustomerTenantID" $endpoint = '/api/ListCSPsku' $params = @{ tenantFilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Tenant/Administration/Licenses/Get-CIPPCSPSku.ps1' 35 #Region './public/Tenant/Administration/Licenses/Set-CIPPCSPLicense.ps1' -1 <# .SYNOPSIS Manages CSP licenses for a tenant. .DESCRIPTION The Set-CIPPCSPLicense function manages Cloud Solution Provider (CSP) licenses for a specified tenant in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER SKU Specifies the SKU of the license to manage. .PARAMETER SubscriptionIds Specifies an array of subscription IDs to manage. .PARAMETER Action Specifies the action to perform on the license. Valid values are 'Add', 'Remove', 'Update', or 'Cancel'. .PARAMETER Quantity Specifies the number of licenses to add or update. Only applicable for 'Add' or 'Update' actions. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -SKU "O365_BUSINESS_PREMIUM" -SubscriptionIds @("sub-1", "sub-2") -Action Add -Quantity 5 Adds 5 licenses of the specified SKU to the tenant for the specified subscriptions. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -SKU "O365_BUSINESS_PREMIUM" -SubscriptionIds @("sub-1") -Action Cancel Cancels the specified subscription. .NOTES Requires appropriate permissions to manage CSP licenses. #> function Set-CIPPCSPLicense { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$SKU, [Parameter(Mandatory = $true)] [string[]]$SubscriptionIds, [Parameter(Mandatory = $true)] [ValidateSet('Add', 'Remove', 'Update', 'Cancel')] [string]$Action, [Parameter(Mandatory = $false)] [int]$Quantity ) Write-Verbose "Managing CSP license SKU: $SKU for tenant $CustomerTenantID with action $Action" $endpoint = '/api/ExecCSPLicense' $body = @{ tenantFilter = $CustomerTenantID SKU = $SKU subscriptionIds = $SubscriptionIds action = $Action } if ($Action -in @('Add', 'Update')) { $body['quantity'] = $Quantity } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post }<# .SYNOPSIS Manages CSP licenses for a tenant. .DESCRIPTION The Set-CIPPCSPLicense function manages Cloud Solution Provider (CSP) licenses for a specified tenant in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER LicenseId Specifies the ID of the CSP license to manage. .PARAMETER SKU Specifies the SKU of the license to manage. .PARAMETER SubscriptionIds Specifies an array of subscription IDs to manage. .PARAMETER Action Specifies the action to perform on the license. Valid values are 'Add', 'Remove', 'Update', or 'Cancel'. .PARAMETER Quantity Specifies the number of licenses to add or update. Only applicable for 'Add' or 'Update' actions. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LicenseId "CFQ7TTC0LH16" -SKU "O365_BUSINESS_PREMIUM" -SubscriptionIds @("sub-1", "sub-2") -Action Add -Quantity 5 Adds 5 licenses of the specified type to the tenant for the specified subscriptions. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LicenseId "CFQ7TTC0LH16" -SKU "O365_BUSINESS_PREMIUM" -SubscriptionIds @("sub-1") -Action Cancel Cancels the specified subscription. .NOTES Requires appropriate permissions to manage CSP licenses. #> function Set-CIPPCSPLicense { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$LicenseId, [Parameter(Mandatory = $true)] [string]$SKU, [Parameter(Mandatory = $true)] [string[]]$SubscriptionIds, [Parameter(Mandatory = $true)] [ValidateSet('Add', 'Remove', 'Update', 'Cancel')] [string]$Action, [Parameter(Mandatory = $false)] [int]$Quantity ) Write-Verbose "Managing CSP license $LicenseId (SKU: $SKU) for tenant $CustomerTenantID with action $Action" $endpoint = '/api/ExecCSPLicense' $body = @{ tenantFilter = $CustomerTenantID LicenseId = $LicenseId SKU = $SKU SubscriptionIds = $SubscriptionIds Action = $Action } if ($Action -in @('Add', 'Update')) { $body['Quantity'] = $Quantity } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post }<# .SYNOPSIS Manages CSP licenses for a tenant. .DESCRIPTION The Set-CIPPCSPLicense function manages Cloud Solution Provider (CSP) licenses for a specified tenant in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER LicenseId Specifies the ID of the CSP license to manage. .PARAMETER Action Specifies the action to perform on the license. Valid values are 'Add', 'Remove', or 'Update'. .PARAMETER Quantity Specifies the number of licenses to add or update. Only applicable for 'Add' or 'Update' actions. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LicenseId "CFQ7TTC0LH16" -Action Add -Quantity 5 Adds 5 licenses of the specified type to the tenant. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LicenseId "CFQ7TTC0LH16" -Action Remove Removes the specified license from the tenant. .NOTES Requires appropriate permissions to manage CSP licenses. #> function Set-CIPPCSPLicense { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$LicenseId, [Parameter(Mandatory = $true)] [ValidateSet('Add', 'Remove', 'Update', 'Cancel')] [string]$Action, [Parameter(Mandatory = $false)] [int]$Quantity ) Write-Verbose "Managing CSP license $LicenseId for tenant $CustomerTenantID with action $Action" $endpoint = '/api/ExecCSPLicense' $body = @{ tenantFilter = $CustomerTenantID licenseId = $LicenseId action = $Action } if ($Action -in @('Add', 'Update')) { $body['quantity'] = $Quantity } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post }<# .SYNOPSIS Manages CSP licenses for a tenant. .DESCRIPTION The Set-CIPPCSPLicense function manages Cloud Solution Provider (CSP) licenses for a specified tenant in the CIPP system. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER LicenseId Specifies the ID of the CSP license to manage. .PARAMETER Action Specifies the action to perform on the license. Valid values are 'Add', 'Remove', or 'Update'. .PARAMETER Quantity Specifies the number of licenses to add or update. Only applicable for 'Add' or 'Update' actions. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LicenseId "CFQ7TTC0LH16" -Action Add -Quantity 5 Adds 5 licenses of the specified type to the tenant. .EXAMPLE Set-CIPPCSPLicense -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -LicenseId "CFQ7TTC0LH16" -Action Remove Removes the specified license from the tenant. .NOTES Requires appropriate permissions to manage CSP licenses. #> function Set-CIPPCSPLicense { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$LicenseId, [Parameter(Mandatory = $true)] [ValidateSet('Add', 'Remove', 'Update', 'Cancel')] [string]$Action, [Parameter(Mandatory = $false)] [int]$Quantity ) Write-Verbose "Managing CSP license $LicenseId for tenant $CustomerTenantID with action $Action" $endpoint = '/api/ExecCSPLicense' $body = @{ tenantFilter = $CustomerTenantID licenseId = $LicenseId action = $Action } if ($Action -in @('Add', 'Update')) { $body['quantity'] = $Quantity } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Tenant/Administration/Licenses/Set-CIPPCSPLicense.ps1' 271 #Region './public/Tenant/Administration/Remove-CIPPTenantAllowBlockList.ps1' -1 <# .SYNOPSIS Removes entries from a tenant's allow/block list. .DESCRIPTION The Remove-CIPPTenantAllowBlockList function removes specified entries from a tenant's allow/block list in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER EntryId Specifies the ID of the allow/block list entry to remove. .EXAMPLE Remove-CIPPTenantAllowBlockList -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -EntryId "98765432-4321-4321-4321-BA0987654321" Removes the specified entry from the tenant's allow/block list. .NOTES Requires appropriate permissions to manage tenant allow/block lists. #> function Remove-CIPPTenantAllowBlockList { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$Entries ) Write-Verbose "Removing allow/block list entries $Entries from tenant $CustomerTenantID" $endpoint = '/api/RemoveTenantAllowBlockList' $body = @{ tenantFilter = $CustomerTenantID entries = $Entries } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Tenant/Administration/Remove-CIPPTenantAllowBlockList.ps1' 42 #Region './public/Tenant/Administration/Tenant/Get-CIPPADConnectStatus.ps1' -1 <# .SYNOPSIS Retrieves the AD Connect status, AD Connect settings, or AD objects in error for a specified customer tenant. .DESCRIPTION The Get-CIPPADConnectStatus function retrieves information about the AD Connect status, AD Connect settings, or AD objects in error for a specified customer tenant. It makes a REST API call to retrieve the data from the CIPP API. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the AD Connect information is to be retrieved. .PARAMETER dataToReturn Specifies the type of data to be returned. Valid values are "AzureADConnectSettings" to retrieve AD Connect settings, "AzureADObjectsInError" to retrieve AD objects in error, or leave empty to retrieve the AD Connect status. .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "" -dataToReturn "AzureADConnectSettings" Retrieves the AD Connect settings for the customer tenant "". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -dataToReturn "AzureADConnectSettings" Retrieves the AD Connect settings for the customer tenant "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "" -dataToReturn "AzureADObjectsInError" Retrieves the AD objects in error for the customer tenant "". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -dataToReturn "AzureADObjectsInError" Retrieves the AD objects in error for the customer tenant "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "" Retrieves the AD Connect status for the customer tenant "". .EXAMPLE Get-CIPPADConnectStatus -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the AD Connect status for the customer tenant "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPADConnectStatus { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [ValidateSet('AzureADConnectSettings', 'AzureADObjectsInError')] [string]$dataToReturn ) if ($dataToReturn -eq 'AzureADConnectSettings') { Write-Verbose "Getting AD Connect Settings for: $CustomerTenantID" } elseif ($dataToReturn -eq 'AzureADObjectsInError') { Write-Verbose "Getting AD Objects in Error for: $CustomerTenantID" } else { Write-Verbose "Getting AD Connect Status for: $CustomerTenantID" } $Endpoint = '/api/listazureadconnectstatus' $Params = @{ tenantfilter = $CustomerTenantID datatoreturn = $dataToReturn } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPADConnectStatus.ps1' 63 #Region './public/Tenant/Administration/Tenant/Get-CIPPOrg.ps1' -1 <# .SYNOPSIS Retrieves information about a specific organization in the CIPP system. .DESCRIPTION The Get-CIPPOrg function retrieves information about a specific organization in the CIPP system based on the provided CustomerTenantID. .PARAMETER CustomerTenantID Specifies the unique identifier of the customer tenant. .EXAMPLE Get-CIPPOrg -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" This example retrieves information about the organization with the CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPOrg -CustomerTenantID "" This example retrieves information about the organization with the CustomerTenantID "". #> function Get-CIPPOrg { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting org $CustomerTenantID" $endpoint = '/api/listorg' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPOrg.ps1' 34 #Region './public/Tenant/Administration/Tenant/Get-CIPPPartnerRelationships.ps1' -1 <# .SYNOPSIS Retrieves partner relationships for a specified customer tenant. .DESCRIPTION The Get-CIPPPartnerRelationships function retrieves partner relationships for a specified customer tenant by making a REST API call to the "/api/listpartnerrelationships" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve partner relationships. .EXAMPLE Get-CIPPPartnerRelationships -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves partner relationships for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPPartnerRelationships -CustomerTenantID "" Retrieves partner relationships for the customer tenant with ID "". #> function Get-CIPPPartnerRelationships { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting org $CustomerTenantID" $endpoint = '/api/listpartnerrelationships' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPPartnerRelationships.ps1' 34 #Region './public/Tenant/Administration/Tenant/Get-CIPPTenantDetails.ps1' -1 <# .SYNOPSIS Retrieves the details of a specific CIPP tenant. .DESCRIPTION The Get-CIPPTenantDetails function retrieves the details of a specific CIPP (Customer Information Protection Platform) tenant using the provided CustomerTenantID. .PARAMETER CustomerTenantID The unique identifier of the CIPP tenant. .EXAMPLE Get-CIPPTenantDetails -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the details of the CIPP tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPTenantDetails -CustomerTenantID "" Retrieves the details of the CIPP tenant with the ID "". #> function Get-CIPPTenantDetails { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Tenant Details for $CustomerTenantID" $endpoint = '/api/ListTenantDetails' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPTenantDetails.ps1' 34 #Region './public/Tenant/Administration/Tenant/Get-CIPPTenants.ps1' -1 <# .SYNOPSIS Retrieves a list of CIPP tenants. .DESCRIPTION The Get-CIPPTenants function retrieves a list of CIPP tenants based on the specified parameters. It makes a REST API call to the "/api/listtenants" endpoint and returns the result. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant. This parameter is optional. .PARAMETER ClearCache Indicates whether to clear the cache before retrieving the tenants. This parameter is optional. .PARAMETER TriggerRefresh Indicates whether to trigger a refresh before retrieving the tenants. This parameter is optional. .EXAMPLE Get-CIPPTenants -CustomerTenantID "" -ClearCache This example retrieves the list of CIPP tenants for the specified customer tenant and clears the cache before retrieving the tenants. #> function Get-CIPPTenants { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$ClearCache, [Parameter(Mandatory = $false)] [switch]$TriggerRefresh ) Write-Verbose 'Getting Tenants' $endpoint = '/api/listtenants' $params = @{ tenantfilter = $CustomerTenantID } if ($ClearCache) { $params.ClearCache = 'true' } if ($TriggerRefresh) { $params.TriggerRefresh = 'true' } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Administration/Tenant/Get-CIPPTenants.ps1' 49 #Region './public/Tenant/Conditional/Get-CIPPCAPolicies.ps1' -1 <# .SYNOPSIS Retrieves Conditional Access Policies for a specific customer tenant. .DESCRIPTION The Get-CIPPCAPolicies function retrieves the Conditional Access Policies for a specific customer tenant by making a REST API call to the "/api/listconditionalaccesspolicies" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the Conditional Access Policies. .EXAMPLE Get-CIPPCAPolicies -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the Conditional Access Policies for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPCAPolicies -CustomerTenantID "" Retrieves the Conditional Access Policies for the customer tenant with the ID "". #> function Get-CIPPCAPolicies { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Conditional Access Policies for customer: $CustomerTenantID" $Endpoint = '/api/listconditionalaccesspolicies' $Params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Conditional/Get-CIPPCAPolicies.ps1' 36 #Region './public/Tenant/Conditional/Get-CIPPCATemplates.ps1' -1 <# .SYNOPSIS Retrieves Conditional Access Templates. .DESCRIPTION The Get-CIPPCATemplates function retrieves the list of Conditional Access Templates from the specified endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPCATemplates Retrieves the list of Conditional Access Templates. #> function Get-CIPPCATemplates { [CmdletBinding()] Param() Write-Verbose 'Getting Conditional Access Templates' $endpoint = '/api/listcatemplates' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Tenant/Conditional/Get-CIPPCATemplates.ps1' 26 #Region './public/Tenant/Conditional/Get-CIPPNamedLocations.ps1' -1 <# .SYNOPSIS Retrieves named locations for a specific customer tenant. .DESCRIPTION The Get-CIPPNamedLocations function retrieves named locations for a specific customer tenant by making a REST API call to the "/api/listnamedlocations" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve named locations. .EXAMPLE Get-CIPPNamedLocations -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves named locations for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPNamedLocations -CustomerTenantID "" Retrieves named locations for the customer tenant with ID "". #> function Get-CIPPNamedLocations { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting named locations for $CustomerTenantID" $endpoint = '/api/listnamedlocations' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Conditional/Get-CIPPNamedLocations.ps1' 34 #Region './public/Tenant/Conditional/Remove-CIPPCAPolicy.ps1' -1 <# .SYNOPSIS Removes a Conditional Access Policy from a tenant. .DESCRIPTION The Remove-CIPPCAPolicy function removes a specified Conditional Access Policy from a tenant in CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the Conditional Access Policy will be removed. .PARAMETER PolicyId Specifies the ID of the Conditional Access Policy to remove. .EXAMPLE Remove-CIPPCAPolicy -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -PolicyId "98765432-4321-4321-4321-BA0987654321" Removes the specified Conditional Access Policy from the specified tenant. .NOTES Requires appropriate permissions to manage Conditional Access Policies. #> function Remove-CIPPCAPolicy { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [guid]$PolicyId ) Write-Verbose "Removing Conditional Access Policy $PolicyId" $endpoint = '/api/RemoveCAPolicy' $body = @{ tenantFilter = $CustomerTenantID GUID = $PolicyId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Tenant/Conditional/Remove-CIPPCAPolicy.ps1' 42 #Region './public/Tenant/Conditional/Remove-CIPPCATemplate.ps1' -1 <# .SYNOPSIS Removes a Conditional Access template. .DESCRIPTION The Remove-CIPPCATemplate function removes a specified Conditional Access template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the Conditional Access template to remove. .EXAMPLE Remove-CIPPCATemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified Conditional Access template from the specified tenant. .NOTES Requires appropriate permissions to manage Conditional Access templates. #> function Remove-CIPPCATemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing Conditional Access template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveCATemplate' $body = @{ tenantFilter = $CustomerTenantID ID = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Tenant/Conditional/Remove-CIPPCATemplate.ps1' 42 #Region './public/Tenant/Conditional/Set-CIPPCAPolicy.ps1' -1 <# .SYNOPSIS Sets the Conditional Access (CA) Policy for a specific customer tenant. .DESCRIPTION The Set-CIPPCAPolicy function is used to set the Conditional Access (CA) Policy for a specific customer tenant. It allows you to enable or disable the CA Policy for the tenant. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which the CA Policy needs to be set. .PARAMETER State Specifies the state of the CA Policy. Valid values are "Enabled" and "Disabled". .PARAMETER Guid Specifies the GUID of the CA Policy. .EXAMPLE Set-CIPPCAPolicy -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -State "Enabled" -Guid "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6" Sets the CA Policy for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" to "Enabled" using the GUID "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6". .EXAMPLE Set-CIPPCAPolicy -CustomerTenantID "" -State "Enabled" -Guid "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6" Sets the CA Policy for the customer tenant with ID "" to "Enabled" using the GUID "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6". #> function Set-CIPPCAPolicy { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [ValidateSet('Enabled', 'Disabled')] [string]$State, [Parameter(Mandatory = $true)] [guid]$Guid ) Write-Verbose "Editing CA Policy for tenant $CustomerTenantID" $endpoint = '/api/editcapolicy' $params = @{ tenantfilter = $CustomerTenantID state = $State guid = $Guid } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Conditional/Set-CIPPCAPolicy.ps1' 48 #Region './public/Tenant/GDAP/Get-CIPPGDAPInvite.ps1' -1 <# .SYNOPSIS Gets GDAP invites. .DESCRIPTION The Get-CIPPGDAPInvite function retrieves Granular Delegated Admin Privileges (GDAP) invites from CIPP. .PARAMETER RelationshipId Optional. The specific relationship ID to retrieve. If not specified, returns all invites. .EXAMPLE Get-CIPPGDAPInvite Returns all GDAP invites. .EXAMPLE Get-CIPPGDAPInvite -RelationshipId "12345678-1234-1234-1234-1234567890AB" Returns the specific GDAP invite for the given relationship ID. .NOTES Requires Tenant.Relationship.Read permissions. #> function Get-CIPPGDAPInvite { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [string]$RelationshipId ) Write-Verbose 'Getting GDAP invites' $endpoint = '/api/ListGDAPInvite' $params = @{} if ($RelationshipId) { Write-Verbose "Filtering for relationship ID: $RelationshipId" $params['RelationshipId'] = $RelationshipId } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Tenant/GDAP/Get-CIPPGDAPInvite.ps1' 42 #Region './public/Tenant/GDAP/Get-CIPPGDAPRoles.ps1' -1 <# .SYNOPSIS Retrieves the list of GDAP roles. .DESCRIPTION The Get-CIPPGDAPRoles function retrieves the list of GDAP (Granular delegated Admin Privileges ) roles by making a REST API call to the "/api/ListGDAPRoles" endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPGDAPRoles Retrieves the list of GDAP roles. #> function Get-CIPPGDAPRoles { [CmdletBinding()] Param() Write-Verbose 'Getting GDAP Role List' $endpoint = '/api/ListGDAPRoles' Invoke-CIPPRestMethod -Endpoint $endpoint } #EndRegion './public/Tenant/GDAP/Get-CIPPGDAPRoles.ps1' 27 #Region './public/Tenant/GDAP/New-CIPPGDAPInvite.ps1' -1 <# .SYNOPSIS Creates a GDAP (Granular Delegated Admin Privileges) invite. .DESCRIPTION The New-CIPPGDAPInvite function sends a request to create a GDAP invite using the specified GDAP roles. You can either provide a custom set of roles using the `-GDAPRoles` parameter or include all existing roles by using the `-UseAllExistingRoles` switch. .PARAMETER GDAPRoles An array of GDAP roles to be included in the invite. Each role is represented as a hashtable with the following keys: - `GroupName`: The name of the role group. - `GroupId`: The unique identifier of the role group. - `RoleName`: The name of the specific role. - `roleDefinitionId`: The unique identifier for the role definition. .PARAMETER UseAllExistingRoles A switch parameter that, when specified, includes all existing roles in the GDAP invite. This is mutually exclusive with `-GDAPRoles`. .EXAMPLE PS C:\> New-CIPPGDAPInvite -GDAPRoles @(@{GroupName="M365 GDAP Cloud Device Administrator";GroupId="fa03defa-27c4-4639-8e50-14cbb746a78d";RoleName="Cloud Device Administrator";roleDefinitionId="7698a772-787b-4ac8-901f-60d6b08affd2"},@{GroupName="M365 GDAP Intune Administrator";GroupId="3d1c917f-8d1e-4a1e-a61c-df3263a0d1bc";RoleName="Intune Administrator";roleDefinitionId="3a2c62db-5318-420d-8d74-23affee5d9d5"}) This example creates a GDAP invite with the roles "Cloud Device Administrator" and "Intune Administrator." .EXAMPLE PS C:\> New-CIPPGDAPInvite -UseAllExistingRoles This example creates a GDAP invite including all existing roles retrieved by the `Get-CIPPGDAPRoles` function. .NOTES - This function uses the `Invoke-CIPPRestMethod` cmdlet to send the request to the `/api/ExecGDAPInvite` endpoint. - You must specify either `-GDAPRoles` or `-UseAllExistingRoles`, but not both. - Ensure the GDAP roles are valid and correctly formatted before calling this function. #> function New-CIPPGDAPInvite { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [array]$GDAPRoles, [Parameter(Mandatory = $false)] [switch]$UseAllExistingRoles ) if ($GDAPRoles -and $UseAllExistingRoles) { throw 'Cannot specify both GDAPRoles and UseAllExistingRoles' } if (-not $GDAPRoles -and -not $UseAllExistingRoles) { throw 'Must specify either GDAPRoles or UseAllExistingRoles' } if ($UseAllExistingRoles) { Write-Verbose 'Using all existing roles for GDAP Invite' $GDAPRoles = Get-CIPPGDAPRoles } Write-Verbose 'Creating GDAP Invite' $endpoint = '/api/ExecGDAPInvite' $Body = @{ roleMappings = $GDAPRoles } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $Body -Method Post } #EndRegion './public/Tenant/GDAP/New-CIPPGDAPInvite.ps1' 67 #Region './public/Tenant/GDAP/Remove-CIPPGDAPRelationship.ps1' -1 <# .SYNOPSIS Removes a GDAP (Global Data Access Point) relationship. .DESCRIPTION The Remove-CIPPGDAPRelationship function terminates a GDAP relationship by invoking a REST API endpoint. .PARAMETER GDAPID Specifies the ID of the GDAP relationship to be terminated. .EXAMPLE Remove-CIPPGDAPRelationship -GDAPID "59a6b837-2c8d-4f91-93e1-746cd82b1e37-a9d8b5e2-73cf-41a5-8de7-134f62b0c6e9" Terminates the GDAP relationship with the ID "59a6b837-2c8d-4f91-93e1-746cd82b1e37-a9d8b5e2-73cf-41a5-8de7-134f62b0c6e9". #> function Remove-CIPPGDAPRelationship { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$GDAPID ) Write-Verbose "Terminating GDAP Relationship: $GDAPID" $Endpoint = '/api/execdeletegdaprelationship' $Params = @{ gdapid = $GDAPID } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/GDAP/Remove-CIPPGDAPRelationship.ps1' 32 #Region './public/Tenant/Reports/Get-CIPPLicenses.ps1' -1 <# .SYNOPSIS Retrieves licenses for a specific customer tenant. .DESCRIPTION The Get-CIPPLicenses function retrieves licenses for a specific customer tenant by making a REST API call to the "/api/ListLicenses" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which licenses need to be retrieved. .EXAMPLE Get-CIPPLicenses -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves licenses for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPLicenses -CustomerTenantID "" Retrieves licenses for the customer tenant with the ID "". #> function Get-CIPPLicenses { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Licenses for $CustomerTenantID" $endpoint = '/api/ListLicenses' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Reports/Get-CIPPLicenses.ps1' 34 #Region './public/Tenant/Reports/Get-CIPPOAuthApps.ps1' -1 <# .SYNOPSIS Retrieves OAuth apps for a specific customer tenant. .DESCRIPTION The Get-CIPPOAuthApps function retrieves OAuth apps for a specific customer tenant by making a REST API call to the "/api/listoauthapps" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve OAuth apps. .EXAMPLE Get-CIPPOAuthApps -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves OAuth apps for the customer tenant with the ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPOAuthApps { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting OAuth apps for $CustomerTenantID" $endpoint = '/api/listoauthapps' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Reports/Get-CIPPOAuthApps.ps1' 30 #Region './public/Tenant/Reports/Get-CIPPServiceHealth.ps1' -1 <# .SYNOPSIS Gets service health information. .DESCRIPTION The Get-CIPPServiceHealth function retrieves active service health issues from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. Use 'AllTenants' to get health information for all tenants, or use the AllTenants switch parameter. .PARAMETER AllTenants When specified, retrieves service health information for all tenants. .PARAMETER DisplayName When querying a specific tenant, specifies the display name of the tenant. Required when CustomerTenantID is not 'AllTenants'. .PARAMETER DefaultDomainName When querying a specific tenant, specifies the default domain name of the tenant. Required when CustomerTenantID is not 'AllTenants'. .EXAMPLE Get-CIPPServiceHealth -CustomerTenantID "AllTenants" Returns active service health issues for all tenants. .EXAMPLE Get-CIPPServiceHealth -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -DisplayName "Contoso" -DefaultDomainName "" Returns active service health issues for the specified tenant. .NOTES Requires Tenant.Administration.Read permissions. Only returns active issues (where endDateTime is null). #> function Get-CIPPServiceHealth { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [switch]$AllTenants, [Parameter(Mandatory = $false)] [string]$DisplayName, [Parameter(Mandatory = $false)] [string]$DefaultDomainName ) if ($AllTenants.IsPresent -eq $true) { $CustomerTenantID = 'AllTenants' } Write-Verbose "Getting service health information for tenant $CustomerTenantID" if ($CustomerTenantID -ne 'AllTenants' -and (-not $DisplayName -or -not $DefaultDomainName)) { throw 'DisplayName and DefaultDomainName are required when querying a specific tenant' } $endpoint = '/api/ListServiceHealth' $params = @{ tenantFilter = $CustomerTenantID displayName = $DisplayName defaultDomainName = $DefaultDomainName } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params -Method GET } #EndRegion './public/Tenant/Reports/Get-CIPPServiceHealth.ps1' 67 #Region './public/Tenant/Standards/Get-CIPPBPA.ps1' -1 <# .SYNOPSIS Retrieves the BPA (Best Practices Analyzer) report for a specific customer tenant. .DESCRIPTION The Get-CIPPBPA function retrieves the BPA report for a customer tenant based on the provided CustomerTenantID. Optionally, you can specify a ReportName to filter the report. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant for which to retrieve the BPA report. This parameter is optional. .PARAMETER ReportName Specifies the name of the report to filter the BPA report. This parameter is optional. .EXAMPLE Get-CIPPBPA -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -ReportName "CIPP Best Practices V1.0 - Tenant View" This example retrieves the BPA report for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" and filters it by the report name "CIPP Best Practices V1.0 - Tenant View". #> function Get-CIPPBPA { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID, [Parameter(Mandatory = $false)] [string]$ReportName ) Write-Verbose "Getting BPA Report for customer: $CustomerTenantID" $Endpoint = '/api/listbpa' $Params = @{ tenantfilter = $CustomerTenantID Report = $ReportName } Invoke-CIPPRestMethod -Endpoint $Endpoint -Params $Params } #EndRegion './public/Tenant/Standards/Get-CIPPBPA.ps1' 39 #Region './public/Tenant/Standards/Get-CIPPBPATemplates.ps1' -1 <# .SYNOPSIS Retrieves the CIPP BPA Templates. .DESCRIPTION The Get-CIPPBPATemplates function retrieves the CIPP (Continuous Improvement and Performance Program) BPA (Best Practice Assessment) Templates from the specified API endpoint. .PARAMETER None This function does not accept any parameters. .EXAMPLE Get-CIPPBPATemplates Retrieves the CIPP BPA Templates. #> function Get-CIPPBPATemplates { [CmdletBinding()] Param() Write-Verbose 'Getting BPA Templates' $Endpoint = '/api/listbpatemplates' Invoke-CIPPRestMethod -Endpoint $Endpoint } #EndRegion './public/Tenant/Standards/Get-CIPPBPATemplates.ps1' 27 #Region './public/Tenant/Standards/Get-CIPPDomainAnalyser.ps1' -1 <# .SYNOPSIS Retrieves the list of domain analyzers for a specific customer tenant. .DESCRIPTION The Get-CIPPDomainAnalyser function retrieves the list of domain analyzers associated with a specific customer tenant. It makes a REST API call to retrieve the list of domain analyzers based on the provided customer tenant ID. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the domain analyzers. .EXAMPLE Get-CIPPDomainAnalyser -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the list of domain analyzers for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". #> function Get-CIPPDomainAnalyser { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Getting Domain Analyser List for customer: $CustomerTenantID" $endpoint = '/api/ListDomainAnalyser' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Get-CIPPDomainAnalyser.ps1' 30 #Region './public/Tenant/Standards/Get-CIPPDomainHealth.ps1' -1 <# .SYNOPSIS Gets the domain health information for a specified domain. .DESCRIPTION The Get-CIPPDomainHealth function retrieves domain health information for a specified domain using the CIPP API. It supports various actions such as reading WHOIS records, NS records, MX records, SPF records, DMARC policies, DKIM records, testing DNSSEC, and testing MTA-STS. .PARAMETER DomainName Specifies the name of the domain for which to retrieve the health information. .PARAMETER Action Specifies the action to perform for retrieving the domain health information. Valid values are: - ReadWhoisRecord: Retrieves the WHOIS record for the domain. - ReadNSRecord: Retrieves the NS record for the domain. - ReadMXRecord: Retrieves the MX record for the domain. - ReadSpfRecord: Retrieves the SPF record for the domain. - ReadDmarcPolicy: Retrieves the DMARC policy for the domain. - ReadDkimRecord: Retrieves the DKIM record for the domain. - TestDNSSEC: Tests DNSSEC for the domain. - TestMtaSts: Tests MTA-STS for the domain. .EXAMPLE PS> Get-CIPPDomainHealth -DomainName "" -Action "ReadWhoisRecord" Retrieves the WHOIS record for the domain "". .EXAMPLE PS> Get-CIPPDomainHealth -DomainName "" -Action "TestDNSSEC" Tests DNSSEC for the domain "". #> function Get-CIPPDomainHealth { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$DomainName, [Parameter(Mandatory = $true)] [ValidateSet('ReadWhoisRecord', 'ReadNSRecord', 'ReadMXRecord', 'ReadSpfRecord', 'ReadDmarcPolicy', 'ReadDkimRecord', 'TestDNSSEC', 'TestMtaSts')] [string]$Action ) Write-Verbose "Getting Domain Health for $DomainName with action $Action" $endpoint = '/api/listdomainhealth' $params = @{ Domain = $DomainName Action = $action } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Get-CIPPDomainHealth.ps1' 52 #Region './public/Tenant/Standards/Get-CIPPStandards.ps1' -1 <# .SYNOPSIS Retrieves the CIPP standards for a specific customer tenant. .DESCRIPTION The Get-CIPPStandards function retrieves the CIPP standards for a specific customer tenant by making a REST API call to the "/api/liststandards" endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which to retrieve the standards. .EXAMPLE Get-CIPPStandards -CustomerTenantID "7ced1621-b8f7-4231-868c-bc6b1a2f1778" Retrieves the CIPP standards for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPStandards -CustomerTenantID "" Retrieves the CIPP standards for the customer tenant with ID "". #> function Get-CIPPStandards { [CmdletBinding()] Param( [Parameter(Mandatory = $false)] [string]$CustomerTenantID ) Write-Verbose "Getting standards for $CustomerTenantID" $endpoint = '/api/liststandards' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Get-CIPPStandards.ps1' 34 #Region './public/Tenant/Standards/Remove-CIPPBPATemplate.ps1' -1 <# .SYNOPSIS Removes a BPA (Best Practice Analyzer) template. .DESCRIPTION The Remove-CIPPBPATemplate function removes a specified BPA template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the BPA template to remove. .EXAMPLE Remove-CIPPBPATemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified BPA template from the specified tenant. .NOTES Requires appropriate permissions to manage BPA templates. #> function Remove-CIPPBPATemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$CustomerTenantID, [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing BPA template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveBPATemplate' $body = @{ tenantFilter = $CustomerTenantID TemplateName = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method POST } #EndRegion './public/Tenant/Standards/Remove-CIPPBPATemplate.ps1' 42 #Region './public/Tenant/Standards/Remove-CIPPStandard.ps1' -1 <# .SYNOPSIS Removes standards for a specified customer domain. .DESCRIPTION The Remove-CIPPStandard function removes standards associated with a given customer domain by calling the appropriate API endpoint. .PARAMETER CustomerDefaultDomain The default domain of the customer for which the standards are to be removed. This parameter is mandatory. .EXAMPLE Remove-CIPPStandard -CustomerDefaultDomain "" This example removes the standards for the customer with the default domain "". .NOTES This function uses the Invoke-CIPPRestMethod cmdlet to call the API endpoint. #> function Remove-CIPPStandard { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerDefaultDomain ) Write-Verbose "Removing standards for $CustomerTenantID" $endpoint = '/api/RemoveStandard' $params = @{ ID = $CustomerDefaultDomain } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Remove-CIPPStandard.ps1' 32 #Region './public/Tenant/Standards/Remove-CIPPStandardTemplate.ps1' -1 <# .SYNOPSIS Removes a standards template. .DESCRIPTION The Remove-CIPPStandardTemplate function removes a specified standards template from CIPP. .PARAMETER CustomerTenantID Specifies the ID of the customer tenant where the operation will be performed. This parameter is mandatory for proper data isolation and multi-tenancy compliance. .PARAMETER TemplateId Specifies the ID of the standards template to remove. .EXAMPLE Remove-CIPPStandardTemplate -CustomerTenantID "12345678-1234-1234-1234-1234567890AB" -TemplateId "98765432-4321-4321-4321-BA0987654321" Removes the specified standards template from the specified tenant. .NOTES Requires appropriate permissions to manage tenant standards templates. #> function Remove-CIPPStandardTemplate { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$TemplateId ) Write-Verbose "Removing standards template $TemplateId from tenant $CustomerTenantID" $endpoint = '/api/RemoveStandardTemplate' $body = @{ ID = $TemplateId } Invoke-CIPPRestMethod -Endpoint $endpoint -Body $body -Method Post } #EndRegion './public/Tenant/Standards/Remove-CIPPStandardTemplate.ps1' 38 #Region './public/Tenant/Standards/Set-CIPPStandardsRun.ps1' -1 <# .SYNOPSIS Runs standards for a specific customer tenant. .DESCRIPTION The Set-CIPPStandardsRun function runs standards for a specific customer tenant by invoking a REST API endpoint. .PARAMETER CustomerTenantID The ID of the customer tenant for which the standards should be run. .EXAMPLE Set-CIPPStandardsRun -CustomerTenantID "" Runs standards for the customer tenant with ID "". #> function Set-CIPPStandardsRun { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantID ) Write-Verbose "Running standards for $CustomerTenantID" $endpoint = '/api/execstandardsrun' $params = @{ tenantfilter = $CustomerTenantID } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Standards/Set-CIPPStandardsRun.ps1' 30 #Region './public/Tenant/Tools/Get-CIPPAuditLogTest.ps1' -1 <# .SYNOPSIS Retrieves audit logs for a specified customer tenant. .DESCRIPTION The Get-CIPPAuditLogTest function retrieves audit logs for a specified customer tenant based on the log type. .PARAMETER CustomerTenantId Specifies the ID of the customer tenant for which to retrieve audit logs. .PARAMETER LogType Specifies the type of audit logs to retrieve. Valid values are 'Audit.Exchange' and 'Audit.AzureActiveDirectory'. .EXAMPLE Get-CIPPAuditLogTest -CustomerTenantId "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -LogType "Audit.Exchange" Retrieves Exchange audit logs for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAuditLogTest -CustomerTenantId "7ced1621-b8f7-4231-868c-bc6b1a2f1778" -LogType "Audit.AzureActiveDirectory" Retrieves Azure Active Directory audit logs for the customer tenant with ID "7ced1621-b8f7-4231-868c-bc6b1a2f1778". .EXAMPLE Get-CIPPAuditLogTest -CustomerTenantId "" -LogType "Audit.Exchange" Retrieves Azure Active Directory audit logs for the customer tenant "". #> function Get-CIPPAuditLogTest { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantId, [Parameter(Mandatory = $true)] [validateset('Audit.Exchange', 'Audit.AzureActiveDirectory')] [string]$LogType ) Write-Verbose "Looking up $LogType logs for tenant $CustomerTenantId" $endpoint = '/api/ListAuditLogTest' $params = @{ TenantFilter = $CustomerTenantId LogType = $LogType } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPAuditLogTest.ps1' 46 #Region './public/Tenant/Tools/Get-CIPPExternalGEOIPLookup.ps1' -1 <# .SYNOPSIS Performs a Geo IP lookup for a given IP address. .DESCRIPTION The Get-CIPPExternalGEOIPLookup function performs a Geo IP lookup for a given IP address using a REST API. It retrieves information about the geographical location of the IP address. .PARAMETER IP Specifies the IP address for which the Geo IP lookup needs to be performed. The IP address can be in IPv4 or IPv6 format. .EXAMPLE Get-CIPPExternalGEOIPLookup -IP "" Performs a Geo IP lookup for the IP address "". .EXAMPLE Get-CIPPExternalGEOIPLookup -IP "2001:0db8:85a3:0000:0000:8a2e:0370:7334" Performs a Geo IP lookup for the IP address "2001:0db8:85a3:0000:0000:8a2e:0370:7334". .INPUTS None. You cannot pipe input to this function. .OUTPUTS System.Object. The function returns the result of the Geo IP lookup as an object. .NOTES This function requires the Invoke-CIPPRestMethod function to be available in the current session. .LINK Invoke-CIPPRestMethod #> function Get-CIPPExternalGEOIPLookup { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [ValidatePattern('^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){1,7}:)|(([0-9A-Fa-f]{1,4}:){1,6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2})|(([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3})|(([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4})|(([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5})|(([0-9A-Fa-f]{1,4}:):(:[0-9A-Fa-f]{1,4}){1,6})|(::([0-9A-Fa-f]{1,4}:){1,7}))$')] [string]$IP ) Write-Verbose "Looking up $ip in Geo DB" $endpoint = '/api/execgeoiplookup' $params = @{ ip = $IP } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPExternalGEOIPLookup.ps1' 47 #Region './public/Tenant/Tools/Get-CIPPExternalTenantInfo.ps1' -1 <# .SYNOPSIS Retrieves external tenant information for a specified tenant. .DESCRIPTION The Get-CIPPExternalTenantInfo function retrieves external tenant information for a specified tenant by making a REST API call to the "/api/ListExternalTenantInfo" endpoint. .PARAMETER Tenant Specifies the name of the tenant for which to retrieve the external tenant information. .EXAMPLE Get-CIPPExternalTenantInfo -Tenant "" Retrieves the external tenant information for the "Contoso" tenant. #> function Get-CIPPExternalTenantInfo { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$Tenant ) Write-Verbose "Getting Tenant info for $Tenant" $endpoint = '/api/ListExternalTenantInfo' $params = @{ tenant = $Tenant } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPExternalTenantInfo.ps1' 31 #Region './public/Tenant/Tools/Get-CIPPGraphRequest.ps1' -1 <# .SYNOPSIS Retrieves graph data from a specified endpoint for a given tenant. .DESCRIPTION The Get-CIPPGraphRequest function queries a specified Graph endpoint for a specific tenant and retrieves the graph data. It supports various optional parameters for customization. .PARAMETER CustomerTenantId Specifies the ID of the customer tenant for which the graph data is requested. This parameter is mandatory. .PARAMETER GraphEndPoint Specifies the endpoint URL of the Graph API. This parameter is mandatory. .PARAMETER count Specifies whether to include the count of items in the response. This parameter is optional. .PARAMETER Select Specifies the properties to include in the response. This parameter is optional. .PARAMETER DisablePagination Specifies whether to disable pagination in the response. This parameter is optional. .PARAMETER Top Specifies the maximum number of items to include in the response. This parameter is optional. .PARAMETER Format Specifies the format of the response. This parameter is optional. .PARAMETER Filter Specifies the filter to apply to the response. This parameter is optional. .PARAMETER Expand Specifies the properties to expand in the response. This parameter is optional. .PARAMETER Search Specifies the search query to apply to the response. This parameter is optional. .PARAMETER ReverseTenantLookupProperty Specifies the property to use for reverse tenant lookup. This parameter is optional. .EXAMPLE Get-CIPPGraphRequest -CustomerTenantId "" -GraphEndPoint "users" -Select "displayName,mail" -DisablePagination $true -Top 10 Retrieves graph data from the specified endpoint for the tenant with ID "". The response includes only the "displayName" and "mail" properties, disables pagination, and includes a maximum of 10 items in the response. #> function Get-CIPPGraphRequest { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$CustomerTenantId, [Parameter(Mandatory = $true)] [string]$GraphEndPoint, [Parameter(Mandatory = $false)] [bool]$count, [Parameter(Mandatory = $false)] [string]$Select, [Parameter(Mandatory = $false)] [bool]$DisablePagination, [Parameter(Mandatory = $false)] [string]$Top, [Parameter(Mandatory = $false)] [string]$Format, [Parameter(Mandatory = $false)] [string]$Filter, [Parameter(Mandatory = $false)] [string]$Expand, [Parameter(Mandatory = $false)] [string]$Search, [Parameter(Mandatory = $false)] [string]$ReverseTenantLookupProperty ) Write-Verbose "Querying Graph Endpoint $EndPoint for tenant $CustomerTenantId" $endpoint = '/api/ListGraphRequest' $params = [ordered]@{ tenantFilter = $CustomerTenantId endpoint = $GraphEndPoint } $optionalParams = @{ '$count' = if ($count -eq $true) { 'true' } else { $null } '$select' = $Select 'NoPagination' = if ($DisablePagination) { 'true' } else { 'false' } '$top' = $Top '$format' = $Format '$filter' = $Filter '$expand' = $Expand '$search' = $Search 'reverseTenantLookupProperty' = $ReverseTenantLookupProperty } foreach ($key in $optionalParams.Keys) { if ($null -ne $optionalParams[$key]) { $params[$key] = $optionalParams[$key] } } Invoke-CIPPRestMethod -Endpoint $endpoint -Params $params } #EndRegion './public/Tenant/Tools/Get-CIPPGraphRequest.ps1' 100 |