Skip to content

Commit

Permalink
Merge pull request KelvinTegelaar#553 from kris6673/dev
Browse files Browse the repository at this point in the history 
Disable user level SMTP Basic Authentication and fix error logging in calDefaults
  • Loading branch information
@KelvinTegelaar
KelvinTegelaar authored Jan 3, 2024
2 parents 906c4f2 + 9b423f4 commit 66a5ac0
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 13 deletions.
35 changes: 27 additions & 8 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,42 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP {
#>
param($Tenant, $Settings)
If ($Settings.remediate) {

# Disable SMTP Basic Authentication for the tenant
try {
$Request = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-TransportConfig' -cmdParams @{ SmtpClientAuthenticationDisabled = $true }
Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled SMTP Basic Authentication' -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication: $($_.exception.message)" -sev Error
}

# Disable SMTP Basic Authentication for all users
$SMTPusers = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-CASMailbox' -cmdParams @{ ResultSize = 'Unlimited' } | Where-Object { ($null -ne $_.SmtpClientAuthenticationDisabled) }
$SMTPusers | ForEach-Object {
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-CASMailbox' -cmdParams @{ Identity = $_.Identity; SmtpClientAuthenticationDisabled = $null } -UseSystemMailbox $true
Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info
} catch {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error

}
}
}
if ($Settings.alert) {


# This is ugly but done to avoid a second call to the Graph API
if ($Settings.alert -or $Settings.report) {
$CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-TransportConfig'
if ($CurrentInfo.SmtpClientAuthenticationDisabled) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is disabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is not disabled' -sev Alert

if ($Settings.alert) {
if ($CurrentInfo.SmtpClientAuthenticationDisabled) {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is disabled' -sev Info
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is not disabled' -sev Alert
}
}
if ($Settings.report) {
Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue [bool]$CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant
}
}
if ($Settings.report) {
Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue [bool]$CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant
}
}
15 changes: 10 additions & 5 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,27 +25,32 @@ function Invoke-CIPPStandardcalDefault {
do {
# Get all calendars for the mailbox, retry if it fails
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName |
New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName | Where-Object { $_.FolderType -eq 'Calendar' } |
# Set permissions for each calendar found
Where-Object { $_.FolderType -eq 'Calendar' } | ForEach-Object {
ForEach-Object {
$SetRetryCount = 0
do {
try {
New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdparams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $Settings.permissionlevel } -Anchor $Mailbox.UserPrincipalName
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $($Settings.permissionlevel)" -sev Debug
$Success = $true
$UserSuccesses.Counter++
} catch {
# Retry Set-MailboxFolderStatistics
Start-Sleep -Milliseconds 250
Start-Sleep -Milliseconds (Get-Random -Minimum 200 -Maximum 300)
$SetRetryCount++

# Log error if it fails 3 times
if ($SetRetryCount -ge 3) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($_.exception.message)" -sev Error
}
}
} Until ($SetRetryCount -ge 3 -or $Success -eq $true)
}
$Success = $true
$UserSuccesses.Counter++
} catch {
# Retry Get-MailboxFolderStatistics
Start-Sleep -Milliseconds 250
Start-Sleep -Milliseconds (Get-Random -Minimum 250 -Maximum 500)
$GetRetryCount++
}

Expand Down

0 comments on commit 66a5ac0

Please sign in to comment.