diff --git a/.claude/worktrees/blissful-golick-d405ab b/.claude/worktrees/blissful-golick-d405ab new file mode 160000 index 000000000000..0710355e2ada --- /dev/null +++ b/.claude/worktrees/blissful-golick-d405ab @@ -0,0 +1 @@ +Subproject commit 0710355e2adac37fffe4c7eef48d6f2c3a04993d diff --git a/.github/workflows/Node_Project_Check.yml b/.github/workflows/Node_Project_Check.yml index 1116a307ceb7..3347edfbe84d 100644 --- a/.github/workflows/Node_Project_Check.yml +++ b/.github/workflows/Node_Project_Check.yml @@ -20,7 +20,7 @@ jobs: steps: - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v6.3.0 + uses: actions/setup-node@v6.4.0 with: node-version: ${{ matrix.node-version }} - name: Install and Build Test diff --git a/.github/workflows/cipp_dev_build.yml b/.github/workflows/cipp_dev_build.yml index f0131a4f3692..394b8bc794f1 100644 --- a/.github/workflows/cipp_dev_build.yml +++ b/.github/workflows/cipp_dev_build.yml @@ -26,7 +26,7 @@ jobs: echo "node_version=$node_sanitized_version" >> $GITHUB_OUTPUT - name: Set up Node.js - uses: actions/setup-node@v6.3.0 + uses: actions/setup-node@v6.4.0 with: node-version: ${{ steps.get_node_version.outputs.node_version }} diff --git a/.github/workflows/cipp_frontend_build.yml b/.github/workflows/cipp_frontend_build.yml index 8dedfa497669..5c8d7230e9d3 100644 --- a/.github/workflows/cipp_frontend_build.yml +++ b/.github/workflows/cipp_frontend_build.yml @@ -26,7 +26,7 @@ jobs: echo "node_version=$node_sanitized_version" >> $GITHUB_OUTPUT - name: Set up Node.js - uses: actions/setup-node@v6.3.0 + uses: actions/setup-node@v6.4.0 with: node-version: ${{ steps.get_node_version.outputs.node_version }} diff --git a/next.config.js b/next.config.js index 97685f34f91e..f2bc28bcd2bb 100644 --- a/next.config.js +++ b/next.config.js @@ -16,6 +16,7 @@ const config = { 'mui-tiptap', 'recharts', '@react-pdf/renderer', + 'lodash', ], webpackMemoryOptimizations: true, preloadEntriesOnStart: false, diff --git a/package.json b/package.json index ee84a95ad7bf..a4402ea681b5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cipp", - "version": "10.4.3", + "version": "10.4.5", "author": "CIPP Contributors", "homepage": "https://cipp.app/", "bugs": { @@ -43,37 +43,35 @@ "@reduxjs/toolkit": "^2.11.2", "@tanstack/query-sync-storage-persister": "^5.90.25", "@tanstack/react-query": "^5.96.2", - "@tanstack/react-query-devtools": "^5.51.11", - "@tanstack/react-query-persist-client": "^5.76.0", + "@tanstack/react-query-devtools": "^5.96.2", + "@tanstack/react-query-persist-client": "^5.96.2", "@tanstack/react-table": "^8.19.2", "@tiptap/core": "^3.4.1", "@tiptap/extension-heading": "^3.4.1", - "@tiptap/extension-image": "^3.20.5", "@tiptap/extension-table": "^3.19.0", "@tiptap/pm": "^3.22.3", "@tiptap/react": "^3.20.5", "@tiptap/starter-kit": "^3.20.5", - "@uiw/react-json-view": "^2.0.0-alpha.41", "@vvo/tzdb": "^6.198.0", "apexcharts": "5.10.4", "axios": "1.15.0", "date-fns": "4.1.0", "diff": "^8.0.3", + "dompurify": "^3.4.2", "eml-parse-js": "^1.2.0-beta.0", "export-to-csv": "^1.3.0", "formik": "2.4.9", "gray-matter": "4.0.3", - "i18next": "25.8.18", "javascript-time-ago": "^2.6.2", "jspdf": "^4.2.0", "jspdf-autotable": "^5.0.7", "leaflet": "^1.9.4", - "leaflet-defaulticon-compatibility": "^0.1.2", "leaflet.markercluster": "^1.5.3", + "lodash": "^4.18.1", "lodash.isequal": "4.5.0", "material-react-table": "^3.0.1", "monaco-editor": "^0.55.1", - "mui-tiptap": "^1.29.1", + "mui-tiptap": "^1.30.0", "next": "^16.2.2", "nprogress": "0.2.0", "numeral": "2.0.6", @@ -82,15 +80,12 @@ "react": "19.2.5", "react-apexcharts": "2.1.0", "react-beautiful-dnd": "13.1.1", - "react-copy-to-clipboard": "^5.1.0", "react-dom": "19.2.5", "react-dropzone": "15.0.0", "react-error-boundary": "^6.1.1", - "react-grid-layout": "^2.2.3", "react-hook-form": "^7.72.0", "react-hot-toast": "2.6.0", "react-html-parser": "^2.0.2", - "react-i18next": "16.6.5", "react-leaflet": "5.0.0", "react-leaflet-markercluster": "^5.0.0-rc.0", "react-markdown": "10.1.0", @@ -101,28 +96,23 @@ "react-syntax-highlighter": "^16.1.0", "react-time-ago": "^7.3.3", "react-virtuoso": "^4.18.5", - "react-window": "^2.2.7", - "recharts": "^3.7.0", + "recharts": "^3.8.1", "redux": "5.0.1", - "redux-devtools-extension": "2.13.9", "redux-persist": "^6.0.0", - "redux-thunk": "3.1.0", "rehype-raw": "^7.0.0", "remark-gfm": "^4.0.0", + "remark-parse": "^11.0.0", "simplebar": "6.3.3", "simplebar-react": "3.3.2", "stylis-plugin-rtl": "2.1.1", - "typescript": "5.9.3", + "unified": "^11.0.5", "yup": "1.7.1" }, "devDependencies": { "@svgr/webpack": "8.1.0", - "@types/react": "^19.2.14", - "@types/react-dom": "^19.2.3", "eslint": "^9.39.4", "eslint-config-next": "^16.2.3", "eslint-config-prettier": "^10.1.8", - "prettier": "^3.8.1", - "prettier-eslint": "^16.4.2" + "prettier": "^3.8.1" } } diff --git a/public/assets/integrations/autotask.png b/public/assets/integrations/autotask.png new file mode 100644 index 000000000000..cf2940427613 Binary files /dev/null and b/public/assets/integrations/autotask.png differ diff --git a/public/assets/integrations/connectwise.png b/public/assets/integrations/connectwise.png new file mode 100644 index 000000000000..ef1dfd1234f0 Binary files /dev/null and b/public/assets/integrations/connectwise.png differ diff --git a/public/assets/integrations/kaseya.svg b/public/assets/integrations/kaseya.svg new file mode 100644 index 000000000000..7e34c610d76a --- /dev/null +++ b/public/assets/integrations/kaseya.svg @@ -0,0 +1,3 @@ + + Kaseya BMS + diff --git a/public/manifest.json b/public/manifest.json index 2cc60cd8b5a7..42f5d73ea6af 100644 --- a/public/manifest.json +++ b/public/manifest.json @@ -1,15 +1,26 @@ { - "short_name": "Carpatin", - "name": "Carpatin", + "short_name": "CIPP", + "name": "CIPP - CyberDrian Improved Partner Portal", "icons": [ { "src": "favicon.ico", "sizes": "64x64 32x32 24x24 16x16", "type": "image/x-icon" + }, + { + "src": "android-chrome-192x192.png", + "sizes": "192x192", + "type": "image/png" + }, + { + "src": "android-chrome-512x512.png", + "sizes": "512x512", + "type": "image/png" } ], - "start_url": ".", + "start_url": "/", + "scope": "/", "display": "standalone", - "theme_color": "#000000", + "theme_color": "#ffffff", "background_color": "#ffffff" -} \ No newline at end of file +} diff --git a/public/sw.js b/public/sw.js new file mode 100644 index 000000000000..a5b7af04ecf4 --- /dev/null +++ b/public/sw.js @@ -0,0 +1,8 @@ +// Minimal service worker to satisfy Chrome's installability criteria. +// This does NOT cache anything or provide offline support — it simply +// passes all requests through to the network so Chrome treats the site +// as an installable web app. + +self.addEventListener('install', () => self.skipWaiting()) +self.addEventListener('activate', (event) => event.waitUntil(self.clients.claim())) +self.addEventListener('fetch', () => {}) diff --git a/public/version.json b/public/version.json index 521d35e0af9b..a09d0fcf2ccd 100644 --- a/public/version.json +++ b/public/version.json @@ -1,3 +1,3 @@ { - "version": "10.4.3" + "version": "10.4.5" } diff --git a/src/components/CippCards/CippDomainCards.jsx b/src/components/CippCards/CippDomainCards.jsx index 9268fcd08f96..fede72bd1347 100644 --- a/src/components/CippCards/CippDomainCards.jsx +++ b/src/components/CippCards/CippDomainCards.jsx @@ -470,6 +470,13 @@ export const CippDomainCards = ({ domain: propDomain = "", fullwidth = false }) waiting: !!domain, }); + const { data: autoDiscoverData, isFetching: autoDiscoverLoading } = ApiGetCall({ + url: "/api/ListDomainHealth", + queryKey: `autodiscover-${domain}`, + data: { Domain: domain, Action: "ReadAutoDiscover" }, + waiting: !!domain, + }); + const { data: httpsData, isFetching: httpsLoading } = ApiGetCall({ url: "/api/ListDomainHealth", queryKey: `https-${domain}-${subdomains}`, @@ -684,6 +691,26 @@ export const CippDomainCards = ({ domain: propDomain = "", fullwidth = false }) } /> + + +

+ AutoDiscover ({autoDiscoverData?.RecordType || "None"}): +

+ + + + } + /> + {enableHttps && ( Disconnect all current sessions Remove all MFA methods for the user Disable all inbox rules for the user + Disable OneDrive sharing - ); + ) } diff --git a/src/components/CippCards/CippStandardsDialog.jsx b/src/components/CippCards/CippStandardsDialog.jsx index 86de00f07d92..0e006ef43615 100644 --- a/src/components/CippCards/CippStandardsDialog.jsx +++ b/src/components/CippCards/CippStandardsDialog.jsx @@ -1,5 +1,5 @@ import React, { useState } from 'react' -import _ from 'lodash' +import { get } from 'lodash' import { Dialog, DialogTitle, @@ -311,7 +311,7 @@ export const CippStandardsDialog = ({ open, onClose, standardsData, currentTenan {info.addedComponent.map((component, componentIndex) => { - const value = _.get(templateItem, component.name) + const value = get(templateItem, component.name) let displayValue = 'N/A' if (value) { @@ -427,7 +427,7 @@ export const CippStandardsDialog = ({ open, onClose, standardsData, currentTenan let extractedValue = null // Try direct access first - componentValue = _.get(config, component.name) + componentValue = get(config, component.name) // If direct access fails and component name contains dots (nested structure) if ( @@ -441,7 +441,7 @@ export const CippStandardsDialog = ({ open, onClose, standardsData, currentTenan if (pathParts[0] === 'standards' && config.standards) { // Remove 'standards.' prefix and try to find the value in config.standards const nestedPath = pathParts.slice(1).join('.') - extractedValue = _.get(config.standards, nestedPath) + extractedValue = get(config.standards, nestedPath) // If still not found, try alternative nested structures // Some standards have double nesting like: config.standards.StandardName.fieldName @@ -452,7 +452,7 @@ export const CippStandardsDialog = ({ open, onClose, standardsData, currentTenan ) { const standardName = pathParts[1] const fieldPath = pathParts.slice(2).join('.') - extractedValue = _.get( + extractedValue = get( config.standards, `${standardName}.${fieldPath}` ) diff --git a/src/components/CippCards/CippUniversalSearchV2.jsx b/src/components/CippCards/CippUniversalSearchV2.jsx index 28a53f35ef82..070396f0a56e 100644 --- a/src/components/CippCards/CippUniversalSearchV2.jsx +++ b/src/components/CippCards/CippUniversalSearchV2.jsx @@ -348,6 +348,16 @@ export const CippUniversalSearchV2 = React.forwardRef( router.push( `/identity/administration/groups/group?groupId=${itemData.id}&tenantFilter=${tenantDomain}`, ); + } else if (searchType === "Applications") { + if (match.Type === "Apps") { + router.push( + `/tenant/administration/applications/app-registration?appId=${itemData.appId || itemData.id}&tenantFilter=${tenantDomain}`, + ); + } else { + router.push( + `/tenant/administration/applications/enterprise-app?spId=${itemData.id}&tenantFilter=${tenantDomain}`, + ); + } } else if (searchType === "Pages") { router.push(match.path, undefined, { shallow: true }); } @@ -389,6 +399,11 @@ export const CippUniversalSearchV2 = React.forwardRef( icon: "Group", onClick: () => handleTypeChange("Groups"), }, + { + label: "Applications", + icon: "Apps", + onClick: () => handleTypeChange("Applications"), + }, { label: "BitLocker", icon: "FilePresent", @@ -730,6 +745,20 @@ const Results = ({ )} )} + {searchType === "Applications" && ( + <> + {itemData.appId && ( + + {highlightMatch(itemData.appId || "")} + + )} + {itemData.publisherName && ( + + {highlightMatch(itemData.publisherName || "")} + + )} + + )} a.displayName.localeCompare(b.displayName)); - if (!_.isEqual(selectedApp, newApps)) { + if (!isEqual(selectedApp, newApps)) { setSelectedApp(newApps); // Prevent unnecessary updates } diff --git a/src/components/CippComponents/CippAppTemplateDrawer.jsx b/src/components/CippComponents/CippAppTemplateDrawer.jsx index e9db8701f3d6..4727f66988f2 100644 --- a/src/components/CippComponents/CippAppTemplateDrawer.jsx +++ b/src/components/CippComponents/CippAppTemplateDrawer.jsx @@ -892,6 +892,21 @@ export const CippAppTemplateDrawer = ({ /> + + + + + {/* Add App Button */} {applicationType?.value && ( diff --git a/src/components/CippComponents/CippApplicationDeployDrawer.jsx b/src/components/CippComponents/CippApplicationDeployDrawer.jsx index 99c2cd52d249..a68ade232835 100644 --- a/src/components/CippComponents/CippApplicationDeployDrawer.jsx +++ b/src/components/CippComponents/CippApplicationDeployDrawer.jsx @@ -1,119 +1,119 @@ -import React, { useEffect, useCallback, useState } from "react"; -import { Divider, Button, Alert, CircularProgress } from "@mui/material"; -import { Grid } from "@mui/system"; -import { useForm, useWatch } from "react-hook-form"; -import { Add } from "@mui/icons-material"; -import { CippOffCanvas } from "./CippOffCanvas"; -import CippFormComponent from "./CippFormComponent"; -import { CippFormTenantSelector } from "./CippFormTenantSelector"; -import { CippFormCondition } from "./CippFormCondition"; -import { CippApiResults } from "./CippApiResults"; -import languageList from "../../data/languageList.json"; -import { ApiPostCall } from "../../api/ApiCall"; +import React, { useEffect, useCallback, useState } from 'react' +import { Divider, Button, Alert, CircularProgress } from '@mui/material' +import { Grid } from '@mui/system' +import { useForm, useWatch } from 'react-hook-form' +import { Add } from '@mui/icons-material' +import { CippOffCanvas } from './CippOffCanvas' +import CippFormComponent from './CippFormComponent' +import { CippFormTenantSelector } from './CippFormTenantSelector' +import { CippFormCondition } from './CippFormCondition' +import { CippApiResults } from './CippApiResults' +import languageList from '../../data/languageList.json' +import { ApiPostCall } from '../../api/ApiCall' export const CippApplicationDeployDrawer = ({ - buttonText = "Add Application", + buttonText = 'Add Application', requiredPermissions = [], PermissionButton = Button, }) => { - const [drawerVisible, setDrawerVisible] = useState(false); + const [drawerVisible, setDrawerVisible] = useState(false) const formControl = useForm({ - mode: "onChange", - }); + mode: 'onChange', + }) const selectedTenants = useWatch({ control: formControl.control, - name: "selectedTenants", - }); + name: 'selectedTenants', + }) const applicationType = useWatch({ control: formControl.control, - name: "appType", - }); + name: 'appType', + }) const searchQuerySelection = useWatch({ control: formControl.control, - name: "packageSearch", - }); + name: 'packageSearch', + }) const updateSearchSelection = useCallback( (searchQuerySelection) => { if (searchQuerySelection) { - formControl.setValue("packagename", searchQuerySelection.value.packagename); - formControl.setValue("applicationName", searchQuerySelection.value.applicationName); - formControl.setValue("description", searchQuerySelection.value.description); + formControl.setValue('packagename', searchQuerySelection.value.packagename) + formControl.setValue('applicationName', searchQuerySelection.value.applicationName) + formControl.setValue('description', searchQuerySelection.value.description) searchQuerySelection.value.customRepo - ? formControl.setValue("customRepo", searchQuerySelection.value.customRepo) - : null; + ? formControl.setValue('customRepo', searchQuerySelection.value.customRepo) + : null } }, - [formControl.setValue], - ); + [formControl.setValue] + ) useEffect(() => { - updateSearchSelection(searchQuerySelection); - }, [updateSearchSelection, searchQuerySelection]); + updateSearchSelection(searchQuerySelection) + }, [updateSearchSelection, searchQuerySelection]) const postUrl = { - mspApp: "/api/AddMSPApp", - StoreApp: "/api/AddStoreApp", - winGetApp: "/api/AddwinGetApp", - chocolateyApp: "/api/AddChocoApp", - officeApp: "/api/AddOfficeApp", - win32ScriptApp: "/api/AddWin32ScriptApp", - }; + mspApp: '/api/AddMSPApp', + StoreApp: '/api/AddStoreApp', + winGetApp: '/api/AddwinGetApp', + chocolateyApp: '/api/AddChocoApp', + officeApp: '/api/AddOfficeApp', + win32ScriptApp: '/api/AddWin32ScriptApp', + } const ChocosearchResults = ApiPostCall({ urlFromData: true, - }); + }) const winGetSearchResults = ApiPostCall({ urlFromData: true, - }); + }) const deployApplication = ApiPostCall({ urlFromData: true, - relatedQueryKeys: ["Queued Applications"], - }); + relatedQueryKeys: ['Queued Applications'], + }) const searchApp = (searchText, type) => { - if (type === "choco") { + if (type === 'choco') { ChocosearchResults.mutate({ url: `/api/ListAppsRepository`, data: { search: searchText }, queryKey: `SearchApp-${searchText}-${type}`, - }); + }) } - if (type === "StoreApp") { + if (type === 'StoreApp') { winGetSearchResults.mutate({ url: `/api/ListPotentialApps`, - data: { searchString: searchText, type: "WinGet" }, + data: { searchString: searchText, type: 'WinGet' }, queryKey: `SearchApp-${searchText}-${type}`, - }); + }) } - }; + } const handleSubmit = () => { - const formData = formControl.getValues(); - const formattedData = { ...formData }; - formattedData.tenantFilter = "allTenants"; //added to prevent issues with location check. temp fix + const formData = formControl.getValues() + const formattedData = { ...formData } + formattedData.tenantFilter = 'allTenants' //added to prevent issues with location check. temp fix formattedData.selectedTenants = selectedTenants.map((tenant) => ({ defaultDomainName: tenant.value, customerId: tenant.addedFields.customerId, - })); + })) deployApplication.mutate({ url: postUrl[applicationType?.value], data: formattedData, - relatedQueryKeys: ["Queued Applications"], - }); - }; + relatedQueryKeys: ['Queued Applications'], + }) + } const handleCloseDrawer = () => { - setDrawerVisible(false); - formControl.reset(); - }; + setDrawerVisible(false) + formControl.reset() + } return ( <> @@ -130,7 +130,7 @@ export const CippApplicationDeployDrawer = ({ onClose={handleCloseDrawer} size="xl" footer={ -
+
+ + + } + > + + + + + + + + + option, + url: config.listTemplatesUrl, + }} + placeholder="Select a template or enter PowerShell JSON manually" + /> + + + + + + + + + + + + + ); +}; diff --git a/src/components/CippComponents/CippFormTemplateTenantSelector.jsx b/src/components/CippComponents/CippFormTemplateTenantSelector.jsx new file mode 100644 index 000000000000..4ee436723abf --- /dev/null +++ b/src/components/CippComponents/CippFormTemplateTenantSelector.jsx @@ -0,0 +1,146 @@ +import { useEffect, useState } from 'react' +import { CippFormComponent } from './CippFormComponent' +import { ApiGetCall } from '../../api/ApiCall' + +/** + * A tenant selector scoped to the tenants applicable to a given standards template. + * + * - If the template targets AllTenants, all tenants are offered plus an "All Tenants" option. + * - If the template targets tenant groups, each group's members are fetched and offered, + * plus the group itself as a "run for whole group" option. + * - Individual tenant entries are offered directly. + * + * The final value sent to the API will be the tenant's defaultDomainName, a group ID, or + * "allTenants". + */ +export const CippFormTemplateTenantSelector = ({ + formControl, + templateTenants = [], + excludedTenants = [], + name = 'tenantFilter', + label = 'Select Tenant', + placeholder = 'Select a tenant, group, or All Tenants...', + required = true, + ...other +}) => { + // Build a set of excluded values for fast lookup + const excludedValues = new Set( + excludedTenants.map((t) => (typeof t === 'object' ? t?.value : t)).filter(Boolean) + ) + const isExcluded = (value) => excludedValues.has(value) + const [options, setOptions] = useState([]) + + // Determine what the template targets + const hasAllTenants = templateTenants.some( + (t) => t?.value === 'AllTenants' || t?.value === 'allTenants' + ) + const groupIds = templateTenants.filter((t) => t?.type === 'Group').map((t) => t.value) + const individualTenants = templateTenants.filter( + (t) => t?.type !== 'Group' && t?.value !== 'AllTenants' && t?.value !== 'allTenants' + ) + + // Fetch all tenants when AllTenants is targeted + const allTenantList = ApiGetCall({ + url: '/api/ListTenants?AllTenantSelector=true', + queryKey: 'ListTenants-TemplateTenantSelector', + waiting: hasAllTenants, + }) + + // Fetch each group's members (one request per group) + const groupRequests = groupIds.map((id) => + // eslint-disable-next-line react-hooks/rules-of-hooks + ApiGetCall({ + url: `/api/ListTenantGroups?groupId=${id}`, + queryKey: `TenantGroup-${id}`, + waiting: groupIds.length > 0, + }) + ) + + useEffect(() => { + const built = [{ label: 'All Tenants in Template', value: 'allTenants', group: 'All Tenants' }] + + if (hasAllTenants) { + if (allTenantList.isSuccess && Array.isArray(allTenantList.data)) { + allTenantList.data.forEach((tenant) => { + if (isExcluded(tenant.defaultDomainName)) return + built.push({ + label: `${tenant.displayName} (${tenant.defaultDomainName})`, + value: tenant.defaultDomainName, + group: 'Individual Tenants', + }) + }) + } + } + + groupRequests.forEach((req, idx) => { + const groupId = groupIds[idx] + const groupEntry = templateTenants.find((t) => t.value === groupId) + const groupName = groupEntry?.label ?? groupId + + if (req.isSuccess) { + const results = Array.isArray(req.data?.Results) + ? req.data.Results + : Array.isArray(req.data) + ? req.data + : [] + const matchedGroup = results.find((g) => g.Id === groupId) ?? results[0] + + if (matchedGroup) { + // Individual members only — group itself is not selectable + const members = Array.isArray(matchedGroup.Members) ? matchedGroup.Members : [] + members.forEach((m) => { + if (isExcluded(m.defaultDomainName)) return + built.push({ + label: `${m.displayName ?? m.defaultDomainName} (${m.defaultDomainName})`, + value: m.defaultDomainName, + group: matchedGroup.Name ?? groupName, + }) + }) + } + } + }) + + // Individual tenant entries from the template + individualTenants.forEach((t) => { + if (isExcluded(t.value)) return + if (!built.some((b) => b.value === t.value)) { + built.push({ + label: t.label ?? t.value, + value: t.value, + group: 'Individual Tenants', + }) + } + }) + + setOptions(built) + }, [ + hasAllTenants, + allTenantList.isSuccess, + allTenantList.data, + ...groupRequests.map((r) => r.isSuccess), + ...groupRequests.map((r) => r.data), + ]) + + const isFetching = + (hasAllTenants && allTenantList.isFetching) || groupRequests.some((r) => r.isFetching) + + return ( + option.group} + validators={ + required ? { required: { value: true, message: 'Please select a tenant' } } : undefined + } + {...other} + /> + ) +} diff --git a/src/components/CippComponents/CippHVEUserDrawer.jsx b/src/components/CippComponents/CippHVEUserDrawer.jsx index 3c4ba53ca852..56505c0f18dd 100644 --- a/src/components/CippComponents/CippHVEUserDrawer.jsx +++ b/src/components/CippComponents/CippHVEUserDrawer.jsx @@ -98,7 +98,8 @@ export const CippHVEUserDrawer = ({ HVE SMTP Configuration Settings:
  • - Server: smtp-hve.office365.com + Server: smtp.hve.mx.microsoft (recommended) or + smtp-hve.office365.com (deprecated)
  • Port: 587 @@ -109,9 +110,12 @@ export const CippHVEUserDrawer = ({
  • TLS Support: TLS 1.2 and TLS 1.3
    • +
  • + Authentication: HVE account credentials or OAuth token +
    • - Use these settings to configure your email client for HVE access. + Use these settings to configure your application or device for HVE access. diff --git a/src/components/CippComponents/CippIntunePolicyActions.jsx b/src/components/CippComponents/CippIntunePolicyActions.jsx index 531245e94625..09faf1efebf5 100644 --- a/src/components/CippComponents/CippIntunePolicyActions.jsx +++ b/src/components/CippComponents/CippIntunePolicyActions.jsx @@ -1,15 +1,15 @@ -import { Book, LaptopChromebook } from "@mui/icons-material"; -import { GlobeAltIcon, TrashIcon, UserIcon, UserGroupIcon } from "@heroicons/react/24/outline"; +import { Book, LaptopChromebook } from '@mui/icons-material' +import { GlobeAltIcon, TrashIcon, UserIcon, UserGroupIcon } from '@heroicons/react/24/outline' const assignmentModeOptions = [ - { label: "Replace existing assignments", value: "replace" }, - { label: "Append to existing assignments", value: "append" }, -]; + { label: 'Replace existing assignments', value: 'replace' }, + { label: 'Append to existing assignments', value: 'append' }, +] const assignmentFilterTypeOptions = [ - { label: "Include - Apply policy to devices matching filter", value: "include" }, - { label: "Exclude - Apply policy to devices NOT matching filter", value: "exclude" }, -]; + { label: 'Include - Apply policy to devices matching filter', value: 'include' }, + { label: 'Exclude - Apply policy to devices NOT matching filter', value: 'exclude' }, +] /** * Get assignment actions for Intune policies @@ -30,184 +30,191 @@ export const useCippIntunePolicyActions = (tenant, policyType, options = {}) => includeDelete = true, deleteUrlName = policyType, templateData = null, - } = options; + } = options const getAssignmentFields = () => [ { - type: "radio", - name: "assignmentMode", - label: "Assignment mode", + type: 'radio', + name: 'assignmentMode', + label: 'Assignment mode', options: assignmentModeOptions, - defaultValue: "replace", + defaultValue: 'replace', helperText: - "Replace will overwrite existing assignments. Append keeps current assignments and adds/overwrites only for the selected groups.", + 'Replace will overwrite existing assignments. Append keeps current assignments and adds/overwrites only for the selected groups.', }, { - type: "autoComplete", - name: "assignmentFilter", - label: "Assignment Filter (Optional)", + type: 'autoComplete', + name: 'assignmentFilter', + label: 'Assignment Filter (Optional)', multiple: false, creatable: false, api: { - url: "/api/ListAssignmentFilters", + url: '/api/ListAssignmentFilters', queryKey: `ListAssignmentFilters-${tenant}`, labelField: (filter) => filter.displayName, - valueField: "displayName", + valueField: 'displayName', }, }, { - type: "radio", - name: "assignmentFilterType", - label: "Assignment Filter Mode", + type: 'radio', + name: 'assignmentFilterType', + label: 'Assignment Filter Mode', options: assignmentFilterTypeOptions, - defaultValue: "include", - helperText: "Choose whether to include or exclude devices matching the filter.", + defaultValue: 'include', + helperText: 'Choose whether to include or exclude devices matching the filter.', }, - ]; + { + type: 'textField', + name: 'excludeGroup', + label: 'Exclude Group Names separated by comma. Wildcards (*) are allowed', + }, + ] const getCustomDataFormatter = (assignTo) => (row, action, formData) => { - const rows = Array.isArray(row) ? row : [row]; + const rows = Array.isArray(row) ? row : [row] return rows.map((item) => ({ - tenantFilter: tenant === "AllTenants" && item?.Tenant ? item.Tenant : tenant, + tenantFilter: tenant === 'AllTenants' && item?.Tenant ? item.Tenant : tenant, ID: item?.id, type: item?.URLName || policyType, ...(platformType && { platformType }), AssignTo: assignTo, - assignmentMode: formData?.assignmentMode || "replace", + assignmentMode: formData?.assignmentMode || 'replace', + excludeGroup: formData?.excludeGroup || null, AssignmentFilterName: formData?.assignmentFilter?.value || null, AssignmentFilterType: formData?.assignmentFilter?.value - ? formData?.assignmentFilterType || "include" + ? formData?.assignmentFilterType || 'include' : null, - })); - }; + })) + } const getCustomDataFormatterForGroups = () => (row, action, formData) => { - const rows = Array.isArray(row) ? row : [row]; - const selectedGroups = Array.isArray(formData?.groupTargets) ? formData.groupTargets : []; + const rows = Array.isArray(row) ? row : [row] + const selectedGroups = Array.isArray(formData?.groupTargets) ? formData.groupTargets : [] return rows.map((item) => ({ - tenantFilter: tenant === "AllTenants" && item?.Tenant ? item.Tenant : tenant, + tenantFilter: tenant === 'AllTenants' && item?.Tenant ? item.Tenant : tenant, ID: item?.id, type: item?.URLName || policyType, ...(platformType && { platformType }), GroupIds: selectedGroups.map((group) => group.value).filter(Boolean), GroupNames: selectedGroups.map((group) => group.label).filter(Boolean), - assignmentMode: formData?.assignmentMode || "replace", + assignmentMode: formData?.assignmentMode || 'replace', + excludeGroup: formData?.excludeGroup || null, AssignmentFilterName: formData?.assignmentFilter?.value || null, AssignmentFilterType: formData?.assignmentFilter?.value - ? formData?.assignmentFilterType || "include" + ? formData?.assignmentFilterType || 'include' : null, - })); - }; + })) + } - const actions = []; + const actions = [] // Create template action if (includeCreateTemplate) { actions.push({ - label: "Create template based on policy", - type: "POST", - url: "/api/AddIntuneTemplate", + label: 'Create template based on policy', + type: 'POST', + url: '/api/AddIntuneTemplate', data: templateData || { - ID: "id", - URLName: policyType === "URLName" ? "URLName" : policyType, + ID: 'id', + URLName: policyType === 'URLName' ? 'URLName' : policyType, }, - confirmText: "Are you sure you want to create a template based on this policy?", + confirmText: 'Are you sure you want to create a template based on this policy?', icon: , - color: "info", + color: 'info', multiPost: false, - }); + }) } // Assign to All Users actions.push({ - label: "Assign to All Users", - type: "POST", - url: "/api/ExecAssignPolicy", + label: 'Assign to All Users', + type: 'POST', + url: '/api/ExecAssignPolicy', data: { - AssignTo: "allLicensedUsers", - ID: "id", - type: policyType === "URLName" ? "URLName" : policyType, - ...(platformType && { platformType: "!deviceAppManagement" }), + AssignTo: 'allLicensedUsers', + ID: 'id', + type: policyType === 'URLName' ? 'URLName' : policyType, + ...(platformType && { platformType: '!deviceAppManagement' }), }, multiPost: false, fields: getAssignmentFields(), - customDataformatter: getCustomDataFormatter("allLicensedUsers"), + customDataformatter: getCustomDataFormatter('allLicensedUsers'), confirmText: 'Are you sure you want to assign "[displayName]" to all users?', icon: , - color: "info", - }); + color: 'info', + }) // Assign to All Devices actions.push({ - label: "Assign to All Devices", - type: "POST", - url: "/api/ExecAssignPolicy", + label: 'Assign to All Devices', + type: 'POST', + url: '/api/ExecAssignPolicy', data: { - AssignTo: "AllDevices", - ID: "id", - type: policyType === "URLName" ? "URLName" : policyType, - ...(platformType && { platformType: "!deviceAppManagement" }), + AssignTo: 'AllDevices', + ID: 'id', + type: policyType === 'URLName' ? 'URLName' : policyType, + ...(platformType && { platformType: '!deviceAppManagement' }), }, multiPost: false, fields: getAssignmentFields(), - customDataformatter: getCustomDataFormatter("AllDevices"), + customDataformatter: getCustomDataFormatter('AllDevices'), confirmText: 'Are you sure you want to assign "[displayName]" to all devices?', icon: , - color: "info", - }); + color: 'info', + }) // Assign Globally (All Users / All Devices) actions.push({ - label: "Assign Globally (All Users / All Devices)", - type: "POST", - url: "/api/ExecAssignPolicy", + label: 'Assign Globally (All Users / All Devices)', + type: 'POST', + url: '/api/ExecAssignPolicy', data: { - AssignTo: "AllDevicesAndUsers", - ID: "id", - type: policyType === "URLName" ? "URLName" : policyType, - ...(platformType && { platformType: "!deviceAppManagement" }), + AssignTo: 'AllDevicesAndUsers', + ID: 'id', + type: policyType === 'URLName' ? 'URLName' : policyType, + ...(platformType && { platformType: '!deviceAppManagement' }), }, multiPost: false, fields: getAssignmentFields(), - customDataformatter: getCustomDataFormatter("AllDevicesAndUsers"), + customDataformatter: getCustomDataFormatter('AllDevicesAndUsers'), confirmText: 'Are you sure you want to assign "[displayName]" to all users and devices?', icon: , - color: "info", - }); + color: 'info', + }) // Assign to Custom Group actions.push({ - label: "Assign to Custom Group", - type: "POST", - url: "/api/ExecAssignPolicy", + label: 'Assign to Custom Group', + type: 'POST', + url: '/api/ExecAssignPolicy', icon: , - color: "info", + color: 'info', confirmText: 'Select the target groups for "[displayName]".', multiPost: false, fields: [ { - type: "autoComplete", - name: "groupTargets", - label: "Group(s)", + type: 'autoComplete', + name: 'groupTargets', + label: 'Group(s)', multiple: true, creatable: false, allowResubmit: true, - validators: { required: "Please select at least one group" }, + validators: { required: 'Please select at least one group' }, api: { - url: "/api/ListGraphRequest", - dataKey: "Results", + url: '/api/ListGraphRequest', + dataKey: 'Results', queryKey: `ListPolicyAssignmentGroups-${tenant}`, labelField: (group) => group.id ? `${group.displayName} (${group.id})` : group.displayName, - valueField: "id", + valueField: 'id', addedField: { - description: "description", + description: 'description', }, data: { - Endpoint: "groups", + Endpoint: 'groups', manualPagination: true, - $select: "id,displayName,description", - $orderby: "displayName", + $select: 'id,displayName,description', + $orderby: 'displayName', $top: 999, $count: true, }, @@ -216,23 +223,23 @@ export const useCippIntunePolicyActions = (tenant, policyType, options = {}) => ...getAssignmentFields(), ], customDataformatter: getCustomDataFormatterForGroups(), - }); + }) // Delete action if (includeDelete) { actions.push({ - label: "Delete Policy", - type: "POST", - url: "/api/RemovePolicy", + label: 'Delete Policy', + type: 'POST', + url: '/api/RemovePolicy', data: { - ID: "id", - URLName: deleteUrlName === "URLName" ? "URLName" : deleteUrlName, + ID: 'id', + URLName: deleteUrlName === 'URLName' ? 'URLName' : deleteUrlName, }, - confirmText: "Are you sure you want to delete this policy?", + confirmText: 'Are you sure you want to delete this policy?', icon: , - color: "danger", - }); + color: 'danger', + }) } - return actions; -}; + return actions +} diff --git a/src/components/CippComponents/CippIntunePolicyDetails.jsx b/src/components/CippComponents/CippIntunePolicyDetails.jsx index ca822e61739a..b1820e1c47b8 100644 --- a/src/components/CippComponents/CippIntunePolicyDetails.jsx +++ b/src/components/CippComponents/CippIntunePolicyDetails.jsx @@ -4,37 +4,41 @@ import CippJsonView from '../CippFormPages/CippJSONView' export const CippIntunePolicyDetails = ({ row, tenant }) => { const isConfigurationPolicy = row?.URLName?.toLowerCase() === 'configurationpolicies' + const isAdministrativeTemplate = row?.URLName?.toLowerCase() === 'grouppolicyconfigurations' + const isSupportedPolicyType = isConfigurationPolicy || isAdministrativeTemplate + const urlName = isAdministrativeTemplate ? 'groupPolicyConfigurations' : 'configurationPolicies' + const policyTypeLabel = isAdministrativeTemplate ? 'Administrative Template' : 'Settings Catalog' const tenantFilter = tenant === 'AllTenants' && row?.Tenant ? row.Tenant : tenant const policyDetails = ApiGetCall({ url: '/api/ListIntunePolicy', - queryKey: `ListIntunePolicyDetails-${tenantFilter}-${row?.id}`, + queryKey: `ListIntunePolicyDetails-${urlName}-${tenantFilter}-${row?.id}`, data: { TenantFilter: tenantFilter, ID: row?.id, - URLName: 'configurationPolicies', + URLName: urlName, IncludeSettingDefinitions: true, }, - waiting: Boolean(isConfigurationPolicy && tenantFilter && row?.id), + waiting: Boolean(isSupportedPolicyType && tenantFilter && row?.id), retry: 1, refetchOnWindowFocus: false, toast: false, }) - if (!isConfigurationPolicy) { + if (!isSupportedPolicyType) { return null } const details = Array.isArray(policyDetails.data) ? policyDetails.data[0] : policyDetails.data - const fallbackDetails = row?.settings ? row : null - const settingsObject = details?.settings ? details : fallbackDetails + const fallbackDetails = row?.settings || row?.definitionValues ? row : null + const settingsObject = details?.settings || details?.definitionValues ? details : fallbackDetails if (policyDetails.isLoading || policyDetails.isFetching) { return ( - Loading policy settings and Microsoft descriptions... + Loading policy details and Microsoft descriptions... ) @@ -43,7 +47,7 @@ export const CippIntunePolicyDetails = ({ row, tenant }) => { if (policyDetails.isError && !settingsObject) { return ( - Could not load live Settings Catalog details for this policy. + Could not load live {policyTypeLabel} details for this policy. ) } @@ -51,10 +55,10 @@ export const CippIntunePolicyDetails = ({ row, tenant }) => { if (!settingsObject) { return ( - This Settings Catalog policy did not return any settings. + This {policyTypeLabel} policy did not return any settings. ) } - return + return } diff --git a/src/components/CippComponents/CippNotificationForm.jsx b/src/components/CippComponents/CippNotificationForm.jsx index 03ecce096ec9..f2f74b19d7f1 100644 --- a/src/components/CippComponents/CippNotificationForm.jsx +++ b/src/components/CippComponents/CippNotificationForm.jsx @@ -42,6 +42,7 @@ export const CippNotificationForm = ({ { label: "Adding a group", value: "AddGroup" }, { label: "Adding a tenant", value: "NewTenant" }, { label: "Executing the offboard wizard", value: "ExecOffboardUser" }, + { label: "Custom Test Alerts", value: "CustomTests" }, ]; const severityTypes = [ diff --git a/src/components/CippComponents/CippOffboardingDefaultSettings.jsx b/src/components/CippComponents/CippOffboardingDefaultSettings.jsx index 7ad68f3b74cb..5b6189ad2a7c 100644 --- a/src/components/CippComponents/CippOffboardingDefaultSettings.jsx +++ b/src/components/CippComponents/CippOffboardingDefaultSettings.jsx @@ -1,41 +1,41 @@ -import { CippPropertyListCard } from "../../components/CippCards/CippPropertyListCard"; -import CippFormComponent from "../../components/CippComponents/CippFormComponent"; -import { Typography, Box } from "@mui/material"; +import { CippPropertyListCard } from '../../components/CippCards/CippPropertyListCard' +import CippFormComponent from '../../components/CippComponents/CippFormComponent' +import { Typography, Box } from '@mui/material' export const CippOffboardingDefaultSettings = (props) => { - const { formControl, defaultsSource = null, title = "Offboarding Default Settings" } = props; - + const { formControl, defaultsSource = null, title = 'Offboarding Default Settings' } = props + const getSourceIndicator = () => { // Only show the indicator if defaultsSource is explicitly provided (for wizard, not tenant config) - if (!defaultsSource || defaultsSource === null) return null; - - let sourceText = ""; - let color = "text.secondary"; - + if (!defaultsSource || defaultsSource === null) return null + + let sourceText = '' + let color = 'text.secondary' + switch (defaultsSource) { - case "tenant": - sourceText = "Using Tenant Defaults"; - color = "primary.main"; - break; - case "user": - sourceText = "Using User Defaults"; - color = "info.main"; - break; - case "none": + case 'tenant': + sourceText = 'Using Tenant Defaults' + color = 'primary.main' + break + case 'user': + sourceText = 'Using User Defaults' + color = 'info.main' + break + case 'none': default: - sourceText = "Using Default Settings"; - color = "text.secondary"; - break; + sourceText = 'Using Default Settings' + color = 'text.secondary' + break } - + return ( - + {sourceText} - ); - }; + ) + } return ( <> @@ -45,178 +45,188 @@ export const CippOffboardingDefaultSettings = (props) => { showDivider={false} title={title} propertyItems={[ - { - label: "Convert to Shared Mailbox", - value: ( - - ), - }, - { - label: "Remove from all groups", - value: ( - - ), - }, - { - label: "Hide from Global Address List", - value: ( - - ), - }, - { - label: "Remove Licenses", - value: ( - - ), - }, - { - label: "Cancel all calendar invites", - value: ( - - ), - }, - { - label: "Revoke all sessions", - value: ( - - ), - }, - { - label: "Remove users mailbox permissions", - value: ( - - ), - }, - { - label: "Remove users calendar permissions", - value: ( - - ), - }, - { - label: "Remove all Rules", - value: ( - - ), - }, - { - label: "Reset Password", - value: ( - - ), - }, - { - label: "Keep copy of forwarded mail in source mailbox", - value: ( - - ), - }, - { - label: "Delete user", - value: ( - - ), - }, - { - label: "Remove all Mobile Devices", - value: ( - - ), - }, - { - label: "Disable Sign in", - value: ( - - ), - }, - { - label: "Remove all MFA Devices", - value: ( - - ), - }, - { - label: "Remove Teams Phone DID", - value: ( - - ), - }, - { - label: "Clear Immutable ID", - value: ( - - ), - }, - ]} - /> + { + label: 'Convert to Shared Mailbox', + value: ( + + ), + }, + { + label: 'Remove from all groups', + value: ( + + ), + }, + { + label: 'Hide from Global Address List', + value: ( + + ), + }, + { + label: 'Remove Licenses', + value: ( + + ), + }, + { + label: 'Cancel all calendar invites', + value: ( + + ), + }, + { + label: 'Revoke all sessions', + value: ( + + ), + }, + { + label: 'Remove users mailbox permissions', + value: ( + + ), + }, + { + label: 'Remove users calendar permissions', + value: ( + + ), + }, + { + label: 'Remove all Rules', + value: ( + + ), + }, + { + label: 'Reset Password', + value: ( + + ), + }, + { + label: 'Keep copy of forwarded mail in source mailbox', + value: ( + + ), + }, + { + label: 'Delete user', + value: ( + + ), + }, + { + label: 'Remove all Mobile Devices', + value: ( + + ), + }, + { + label: 'Disable Sign in', + value: ( + + ), + }, + { + label: 'Remove all MFA Devices', + value: ( + + ), + }, + { + label: 'Remove Teams Phone DID', + value: ( + + ), + }, + { + label: 'Clear Immutable ID', + value: ( + + ), + }, + { + label: 'Disable OneDrive Sharing Links', + value: ( + + ), + }, + ]} + /> - ); -}; + ) +} diff --git a/src/components/CippComponents/CippPolicyDeployDrawer.jsx b/src/components/CippComponents/CippPolicyDeployDrawer.jsx index 3810581daea9..ad695d39cace 100644 --- a/src/components/CippComponents/CippPolicyDeployDrawer.jsx +++ b/src/components/CippComponents/CippPolicyDeployDrawer.jsx @@ -201,6 +201,21 @@ export const CippPolicyDeployDrawer = ({ /> + + + + + { + setCacheOverride((prev) => { + const previousValue = prev.tenant === currentTenant ? prev.value : defaultCached; + const nextValue = + typeof valueOrUpdater === "function" ? valueOrUpdater(previousValue) : valueOrUpdater; - // Reset to default whenever tenant changes; AllTenants always forces cached - useEffect(() => { - if (isAllTenants) { - setUseReportDB(true) - } else { - setUseReportDB(defaultCached) - } - }, [currentTenant, isAllTenants, defaultCached]) + return { tenant: currentTenant, value: nextValue }; + }); + }, + [currentTenant, defaultCached], + ); // Whether the toggle is actually clickable const canToggle = allowToggle && !isAllTenants @@ -170,6 +178,7 @@ export function useCippReportDB(config) { relatedQueryKeys: [`${queryKey}-${currentTenant}-true`], data: { Name: cacheName, + ...(cacheName === "Mailboxes" ? { Types: "None" } : {}), ...(syncData || {}), }, onSuccess: handleSyncSuccess, diff --git a/src/components/CippComponents/CippTemplateFieldRenderer.jsx b/src/components/CippComponents/CippTemplateFieldRenderer.jsx index 1757e400acda..8ecef26973eb 100644 --- a/src/components/CippComponents/CippTemplateFieldRenderer.jsx +++ b/src/components/CippComponents/CippTemplateFieldRenderer.jsx @@ -244,11 +244,43 @@ const CippTemplateFieldRenderer = ({ React.useEffect(() => { if (templateData && formControl) { const processedData = parseIntuneRawJson(templateData); - const formValues = {}; + // Recursively strip null values, empty arrays, empty strings, + // and @odata / Graph metadata keys so they don't create blank + // form fields or phantom sections in the builder. + const stripEmpty = (obj) => { + if (obj === null || obj === undefined) return undefined; + if (typeof obj === "string" && obj.trim() === "") return undefined; + if (Array.isArray(obj)) { + const filtered = obj + .map(stripEmpty) + .filter((v) => v !== undefined && v !== null); + return filtered.length > 0 ? filtered : undefined; + } + if (typeof obj === "object") { + const result = {}; + let hasContent = false; + for (const [k, v] of Object.entries(obj)) { + // Drop @odata annotations and Graph metadata + if (k.includes("@odata") || k.startsWith("#")) continue; + const cleaned = stripEmpty(v); + if (cleaned !== undefined) { + result[k] = cleaned; + hasContent = true; + } + } + return hasContent ? result : undefined; + } + return obj; + }; + + const formValues = {}; Object.keys(processedData).forEach((key) => { if (!isFieldBlacklisted(key)) { - formValues[key] = processedData[key]; + const cleaned = stripEmpty(processedData[key]); + if (cleaned !== undefined) { + formValues[key] = cleaned; + } } }); formControl.reset(formValues); @@ -258,6 +290,10 @@ const CippTemplateFieldRenderer = ({ const renderFormField = (key, value, path = "") => { const fieldPath = path ? `${path}.${key}` : key; + // Skip null/undefined values and @odata / metadata keys + if (value === null || value === undefined) return null; + if (key.includes("@odata") || key.startsWith("#")) return null; + if (isFieldBlacklisted(key)) { return null; } @@ -776,12 +812,16 @@ const CippTemplateFieldRenderer = ({ {priorityFields.map( (fieldName) => processedData[fieldName] !== undefined && + processedData[fieldName] !== null && renderFormField(fieldName, processedData[fieldName]) )} {/* Render all other fields except priority fields */} {Object.entries(processedData) - .filter(([key]) => !priorityFields.includes(key)) + .filter( + ([key, value]) => + !priorityFields.includes(key) && value !== null && value !== undefined + ) .map(([key, value]) => renderFormField(key, value))} ); diff --git a/src/components/CippComponents/CippTenantAllowBlockListTemplateDrawer.jsx b/src/components/CippComponents/CippTenantAllowBlockListTemplateDrawer.jsx index cc0ecf78b506..0e28dce6d188 100644 --- a/src/components/CippComponents/CippTenantAllowBlockListTemplateDrawer.jsx +++ b/src/components/CippComponents/CippTenantAllowBlockListTemplateDrawer.jsx @@ -23,13 +23,41 @@ export const CippTenantAllowBlockListTemplateDrawer = ({ buttonText = 'Add Template', requiredPermissions = [], PermissionButton = Button, + editData = null, + drawerVisible: controlledDrawerVisible, + setDrawerVisible: controlledSetDrawerVisible, }) => { - const [drawerVisible, setDrawerVisible] = useState(false) + const [internalDrawerVisible, internalSetDrawerVisible] = useState(false) + const drawerVisible = + controlledDrawerVisible !== undefined ? controlledDrawerVisible : internalDrawerVisible + const setDrawerVisible = + controlledSetDrawerVisible !== undefined ? controlledSetDrawerVisible : internalSetDrawerVisible + + const isEditMode = !!editData + const formControl = useForm({ mode: 'onChange', defaultValues, }) + useEffect(() => { + if (editData && drawerVisible) { + formControl.reset({ + templateName: editData.templateName || '', + entries: Array.isArray(editData.entries) + ? editData.entries.join(', ') + : editData.entries || '', + notes: editData.notes || '', + listType: editData.listType ? { label: editData.listType, value: editData.listType } : null, + listMethod: editData.listMethod + ? { label: editData.listMethod, value: editData.listMethod } + : null, + NoExpiration: editData.NoExpiration || false, + RemoveAfter: editData.RemoveAfter || false, + }) + } + }, [editData, drawerVisible, formControl]) + const { isValid } = useFormState({ control: formControl.control }) const noExpiration = useWatch({ control: formControl.control, name: 'NoExpiration' }) @@ -197,10 +225,18 @@ export const CippTenantAllowBlockListTemplateDrawer = ({ RemoveAfter: values.RemoveAfter, } - saveTemplate.mutate({ - url: '/api/AddTenantAllowBlockListTemplate', - data: payload, - }) + if (isEditMode && editData?.GUID) { + payload.GUID = editData.GUID + saveTemplate.mutate({ + url: '/api/EditTenantAllowBlockListTemplate', + data: payload, + }) + } else { + saveTemplate.mutate({ + url: '/api/AddTenantAllowBlockListTemplate', + data: payload, + }) + } }) const handleCloseDrawer = () => { @@ -210,16 +246,22 @@ export const CippTenantAllowBlockListTemplateDrawer = ({ return ( <> - setDrawerVisible(true)} - startIcon={} - > - {buttonText} - + {!isEditMode && controlledDrawerVisible === undefined && ( + setDrawerVisible(true)} + startIcon={} + > + {buttonText} + + )} + ) : isSuccess ? ( + + ) : isError ? ( + + ) : null} + + + ) +} diff --git a/src/components/CippComponents/SsoMigrationDialog.jsx b/src/components/CippComponents/SsoMigrationDialog.jsx new file mode 100644 index 000000000000..fe184c40cd72 --- /dev/null +++ b/src/components/CippComponents/SsoMigrationDialog.jsx @@ -0,0 +1,137 @@ +import { useCallback, useEffect, useState } from 'react' +import { + Alert, + Button, + CircularProgress, + Dialog, + DialogActions, + DialogContent, + DialogTitle, + FormControlLabel, + Switch, + Typography, +} from '@mui/material' +import { ApiGetCall, ApiPostCall } from '../../api/ApiCall' + +const DISMISS_KEY = 'cipp_sso_migration_dismissed' + +export const SsoMigrationDialog = () => { + const [open, setOpen] = useState(false) + const [multiTenant, setMultiTenant] = useState(false) + const [submitted, setSubmitted] = useState(false) + + const currentRole = ApiGetCall({ + url: '/api/me', + queryKey: 'authmecipp', + }) + + const ssoSetup = ApiPostCall({ + relatedQueryKeys: 'authmecipp', + }) + + const permissions = currentRole.data?.permissions || [] + const ssoMigration = currentRole.data?.ssoMigration + const hasPermission = permissions.includes('CIPP.AppSettings.ReadWrite') + + useEffect(() => { + if (!currentRole.isSuccess || !hasPermission || !ssoMigration) return + if (ssoMigration.status !== 'none') return + + const dismissed = localStorage.getItem(DISMISS_KEY) + if (dismissed === 'true') return + + setOpen(true) + }, [currentRole.isSuccess, hasPermission, ssoMigration]) + + const handleApprove = useCallback(() => { + setSubmitted(true) + ssoSetup.mutate({ + url: '/api/ExecSSOSetup', + data: { + Action: 'Create', + multiTenant, + }, + }) + }, [multiTenant, ssoSetup]) + + const handleDismiss = useCallback(() => { + localStorage.setItem(DISMISS_KEY, 'true') + setOpen(false) + }, []) + + const handleClose = useCallback(() => { + setOpen(false) + }, []) + + const result = ssoSetup.data?.data?.Results ?? ssoSetup.data?.Results + const isSuccess = result?.severity === 'success' + const isError = ssoSetup.isError || result?.severity === 'failed' + + return ( + + Prepare for CIPP Single Sign-On + + {!submitted ? ( + <> + + CIPP will soon be moving to a dedicated Single Sign-On model, giving you full control + over Conditional Access policies, MFA requirements, and session management for your + CIPP users. + + + To get ready, CIPP needs to create an app registration in your tenant called{' '} + CIPP-SSO with minimal permissions (OpenID, Profile, Email only). + This won't change how you log in today — it just prepares your tenant for when + the update rolls out. + + + Review the options below and click "Create App Registration" to get set up + ahead of time. + + + setMultiTenant(e.target.checked)} /> + } + label="Multi-tenant mode (allow users from multiple Entra ID tenants to log in)" + sx={{ mb: 1 }} + /> + + ) : ssoSetup.isPending ? ( + <> + + Creating CIPP-SSO app registration... + + ) : isSuccess ? ( + + {result.message} + + ) : isError ? ( + + {result?.message || ssoSetup.error?.message || 'SSO setup failed. It will be retried automatically.'} + + ) : null} + + + {!submitted ? ( + <> + + + + ) : ( + + )} + + + ) +} diff --git a/src/components/CippFormPages/CippExchangeSettingsForm.jsx b/src/components/CippFormPages/CippExchangeSettingsForm.jsx index ee44517b8c51..0427d3d27d1f 100644 --- a/src/components/CippFormPages/CippExchangeSettingsForm.jsx +++ b/src/components/CippFormPages/CippExchangeSettingsForm.jsx @@ -124,6 +124,15 @@ const CippExchangeSettingsForm = (props) => { ...values[type], }; + // Include browser timezone for OOO so the API can display local times in the response + if (type === "ooo") { + try { + data.timezone = Intl.DateTimeFormat().resolvedOptions().timeZone; + } catch { + // Fallback: leave timezone unset; API will display UTC + } + } + // Format data for recipient limits if (type === "recipientLimits") { data.Identity = currentSettings.Mailbox[0].Identity; diff --git a/src/components/CippFormPages/CippJSONView.jsx b/src/components/CippFormPages/CippJSONView.jsx index cc7fe72e749e..fb69ef966b37 100644 --- a/src/components/CippFormPages/CippJSONView.jsx +++ b/src/components/CippFormPages/CippJSONView.jsx @@ -24,6 +24,12 @@ import { getCippFormatting } from '../../utils/get-cipp-formatting' import { CippCodeBlock } from '../CippComponents/CippCodeBlock' import intuneCollection from '../../data/intuneCollection.json' import { useGuidResolver } from '../../hooks/use-guid-resolver' +import { useAdminTemplateDefinitions } from '../../hooks/use-admin-template-definitions' +import { + definitionBindPattern, + presentationBindPattern, + extractBindGuid, +} from '../../utils/intune-bind-helpers' const intuneCollectionMap = new Map( (intuneCollection || []).filter((item) => item?.id).map((item) => [item.id, item]) @@ -242,15 +248,31 @@ function CippJsonView({ type, defaultOpen = false, title = 'Policy Details', + tenant = null, }) { const [viewJson, setViewJson] = useState(false) const [accordionOpen, setAccordionOpen] = useState(defaultOpen) const [drilldownData, setDrilldownData] = useState([]) // Array of { data, title } + const objectTenant = + tenant || object?.Tenant || object?.tenant || object?.TenantFilter || object?.tenantFilter || null + // Use the GUID resolver hook - const { guidMapping, isLoadingGuids, resolveGuids, isGuid } = useGuidResolver() + const { guidMapping, isLoadingGuids, resolveGuids, isGuid } = useGuidResolver(objectTenant) const resolvedType = - type || (object?.omaSettings || object?.settings || object?.added ? 'intune' : undefined) + type || + (object?.omaSettings || object?.settings || object?.definitionValues || object?.added + ? 'intune' + : undefined) + const { + definitionsMap: addedDefinitionsMap, + isLoadingDefinitions, + isDefinitionsError, + } = useAdminTemplateDefinitions({ + added: object?.added, + manualTenant: objectTenant, + waiting: resolvedType === 'intune', + }) const renderIntuneItems = (data) => { const items = [] @@ -292,7 +314,7 @@ function CippJsonView({ } const renderDefinitionTooltip = (definition, optionDefinition) => { - const description = definition?.helpText || definition?.description + const description = definition?.helpText || definition?.description || definition?.explainText const optionDescription = optionDefinition?.helpText || optionDefinition?.description const infoUrls = Array.isArray(definition?.infoUrls) ? definition.infoUrls : [] @@ -395,6 +417,185 @@ function CippJsonView({ } } + const getDisplayValue = (value) => { + if (value === null || value === undefined || value === '') { + return '' + } + + if (typeof value === 'boolean') { + return value ? 'Yes' : 'No' + } + + if (typeof value === 'string' || typeof value === 'number') { + return value + } + + try { + return JSON.stringify(value) + } catch { + return String(value) + } + } + + const getAdministrativeTemplatePresentationValue = (presentationValue) => { + if (!presentationValue || typeof presentationValue !== 'object') { + return 'Not configured' + } + + if (Object.prototype.hasOwnProperty.call(presentationValue, 'value')) { + const displayValue = getDisplayValue(presentationValue.value) + if (displayValue !== '') { + return displayValue + } + } + + if (Array.isArray(presentationValue.values)) { + const values = presentationValue.values + .map((entry) => { + if (entry && typeof entry === 'object') { + const entryLabel = + entry.name || + entry.key || + entry.displayName || + entry.id || + entry.PresentationDefinitionLabel || + '' + const entryValue = getDisplayValue( + entry.value ?? entry.text ?? entry.Value ?? entry.StringValue ?? entry + ) + + if (entryLabel && entryValue !== '') { + return `${entryLabel}: ${entryValue}` + } + + return entryValue + } + + return getDisplayValue(entry) + }) + .filter((entry) => entry !== null && entry !== undefined && entry !== '') + + if (values.length > 0) { + return values.join(', ') + } + } + + return 'Not configured' + } + + const getStatusText = (enabled) => + enabled === true ? 'Enabled' : enabled === false ? 'Disabled' : 'Configured' + + const addAdministrativeTemplateValue = ( + value, + index, + { definition, definitionId, label, keyPrefix, presentationKeyInfix, resolvePresentationLabel } + ) => { + if (!value || typeof value !== 'object') { + return + } + + const categoryPath = definition?.categoryPath + const presentationValues = Array.isArray(value.presentationValues) + ? value.presentationValues + : [] + const itemKey = value.id || definitionId || index + + items.push( + + + {getStatusText(value.enabled)} + + {categoryPath && ( + + {categoryPath} + + )} + {!definition && definitionId && ( + + Definition ID: {definitionId} + + )} + {presentationValues.map((presentationValue, presentationIndex) => { + const presentationLabel = resolvePresentationLabel( + definition, + presentationValue, + presentationIndex + ) + const presentationDisplayValue = getAdministrativeTemplatePresentationValue( + presentationValue + ) + + return ( + + + {presentationLabel}: + {' '} + {renderSettingValue(presentationDisplayValue)} + + ) + })} + + } + /> + ) + } + + const getPresentationTypeLabel = (odataType) => { + switch (odataType) { + case '#microsoft.graph.groupPolicyPresentationValueBoolean': + return 'Boolean value' + case '#microsoft.graph.groupPolicyPresentationValueDecimal': + case '#microsoft.graph.groupPolicyPresentationValueLongDecimal': + return 'Numeric value' + case '#microsoft.graph.groupPolicyPresentationValueMultiText': + return 'Text list' + case '#microsoft.graph.groupPolicyPresentationValueList': + return 'List value' + case '#microsoft.graph.groupPolicyPresentationValueText': + return 'Text value' + default: + return 'Value' + } + } + + const getAddedPresentationLabel = (definition, presentationValue) => { + const presentationId = extractBindGuid( + presentationValue?.['presentation@odata.bind'], + presentationBindPattern + ) + + if (presentationId && Array.isArray(definition?.presentations)) { + const resolvedPresentation = definition.presentations.find( + (presentation) => String(presentation?.id || '').toLowerCase() === presentationId + ) + + if (resolvedPresentation) { + return ( + resolvedPresentation.label || + resolvedPresentation.displayName || + resolvedPresentation.id || + getPresentationTypeLabel(presentationValue?.['@odata.type']) + ) + } + } + + return getPresentationTypeLabel(presentationValue?.['@odata.type']) + } + + const resolveLivePresentationLabel = (_definition, presentationValue, presentationIndex) => + presentationValue?.presentation?.label || + presentationValue?.presentation?.displayName || + presentationValue?.presentation?.id || + `Value ${presentationIndex + 1}` + const addSettingInstance = (settingInstance, setting, keyPrefix) => { if (!settingInstance) { return @@ -498,14 +699,82 @@ function CippJsonView({ data.settings.forEach((setting, index) => { addSettingInstance(setting.settingInstance, setting, `setting-${index}`) }) - } else if (data.added) { - items.push( - - ) + } else if (Array.isArray(data.definitionValues)) { + if (data.definitionValues.length === 0) { + items.push( + + ) + } + + data.definitionValues.forEach((definitionValue, index) => { + const definition = definitionValue?.definition + addAdministrativeTemplateValue(definitionValue, index, { + definition, + definitionId: null, + label: definition?.displayName || definition?.id || definitionValue?.id || 'Setting', + keyPrefix: 'definitionValue', + presentationKeyInfix: 'presentation', + resolvePresentationLabel: resolveLivePresentationLabel, + }) + }) + } else if (Array.isArray(data.added)) { + const hasResolvedDefinitions = Object.keys(addedDefinitionsMap).length > 0 + + if (isLoadingDefinitions && !hasResolvedDefinitions) { + items.push( + + + Resolving administrative template settings... + + } + /> + ) + return items + } + + if (data.added.length === 0) { + items.push( + + ) + } + + if (isDefinitionsError && !hasResolvedDefinitions) { + items.push( + + ) + } + + data.added.forEach((addedValue, index) => { + const definitionId = extractBindGuid( + addedValue?.['definition@odata.bind'], + definitionBindPattern + ) + const definition = definitionId ? addedDefinitionsMap[definitionId] : null + addAdministrativeTemplateValue(addedValue, index, { + definition, + definitionId, + label: definition?.displayName || definitionId || `Setting ${index + 1}`, + keyPrefix: 'addedDefinition', + presentationKeyInfix: 'added-presentation', + resolvePresentationLabel: getAddedPresentationLabel, + }) + }) } else { Object.entries(data).forEach(([key, value]) => { // Check if value is a GUID that we've resolved diff --git a/src/components/CippIntegrations/CippApiClientManagement.jsx b/src/components/CippIntegrations/CippApiClientManagement.jsx index 3dab6bf2bf1b..a9a2d2960ef1 100644 --- a/src/components/CippIntegrations/CippApiClientManagement.jsx +++ b/src/components/CippIntegrations/CippApiClientManagement.jsx @@ -1,6 +1,7 @@ import { Button, Stack, SvgIcon, Menu, MenuItem, ListItemText, Alert } from "@mui/material"; -import { useState } from "react"; +import { useState, useEffect, useMemo } from "react"; import isEqual from "lodash/isEqual"; +import { useRouter } from "next/router"; import { useForm } from "react-hook-form"; import { ApiGetCall, ApiGetCallWithPagination, ApiPostCall } from "../../api/ApiCall"; import { CippDataTable } from "../CippTable/CippDataTable"; @@ -19,6 +20,7 @@ import { CippCopyToClipBoard } from "../CippComponents/CippCopyToClipboard"; import { Box } from "@mui/system"; const CippApiClientManagement = () => { + const router = useRouter(); const [openAddClientDialog, setOpenAddClientDialog] = useState(false); const [openAddExistingAppDialog, setOpenAddExistingAppDialog] = useState(false); const [addClientRetryPayload, setAddClientRetryPayload] = useState(null); @@ -45,6 +47,46 @@ const CippApiClientManagement = () => { queryKey: "ApiClients", }); + const hasUnsavedChanges = useMemo(() => { + if (!azureConfig.isSuccess || !apiClients.isSuccess) return false; + return !isEqual( + (apiClients.data?.pages?.[0]?.Results || []) + .filter((c) => c.Enabled) + .map((c) => c.ClientId) + .sort(), + (azureConfig.data?.Results?.ClientIDs || []).sort() + ); + }, [azureConfig.isSuccess, azureConfig.data, apiClients.isSuccess, apiClients.data]); + + useEffect(() => { + const handleBeforeUnload = (e) => { + if (hasUnsavedChanges) { + e.preventDefault(); + e.returnValue = ""; + } + }; + + const handleRouteChange = (url) => { + if ( + hasUnsavedChanges && + !window.confirm( + "You have unsaved API client changes. Are you sure you want to leave this page?" + ) + ) { + router.events.emit("routeChangeError"); + throw "Route change aborted due to unsaved changes."; + } + }; + + window.addEventListener("beforeunload", handleBeforeUnload); + router.events.on("routeChangeStart", handleRouteChange); + + return () => { + window.removeEventListener("beforeunload", handleBeforeUnload); + router.events.off("routeChangeStart", handleRouteChange); + }; + }, [hasUnsavedChanges, router.events]); + const handleMenuOpen = (event) => { setMenuAnchorEl(event.currentTarget); }; @@ -54,11 +96,18 @@ const CippApiClientManagement = () => { }; const handleSaveToAzure = () => { + handleMenuClose(); + if ( + !window.confirm( + "Saving to Azure will restart the CIPP instance. Changes may take up to 60 seconds to reflect. Do you want to continue?" + ) + ) { + return; + } postCall.mutate({ url: `/api/ExecApiClient?action=SaveToAzure`, data: {}, }); - handleMenuClose(); }; const getRetryPayload = (result) => { @@ -284,13 +333,7 @@ const CippApiClientManagement = () => { /> {azureConfig.isSuccess && apiClients.isSuccess && ( <> - {!isEqual( - (apiClients.data?.pages?.[0]?.Results || []) - .filter((c) => c.Enabled) - .map((c) => c.ClientId) - .sort(), - (azureConfig.data?.Results?.ClientIDs || []).sort() - ) && ( + {hasUnsavedChanges && ( You have unsaved changes. Click Actions > Save Azure Configuration to update diff --git a/src/components/CippSettings/CippContainerManagement.jsx b/src/components/CippSettings/CippContainerManagement.jsx new file mode 100644 index 000000000000..37daf6aa3e45 --- /dev/null +++ b/src/components/CippSettings/CippContainerManagement.jsx @@ -0,0 +1,442 @@ +import { useEffect } from "react"; +import { + Alert, + Button, + CardActions, + CardContent, + Chip, + Divider, + Skeleton, + Stack, + Typography, +} from "@mui/material"; +import { Grid } from "@mui/system"; +import { useForm } from "react-hook-form"; +import CippFormComponent from "../CippComponents/CippFormComponent"; +import CippButtonCard from "../CippCards/CippButtonCard"; +import { ApiGetCall, ApiPostCall } from "../../api/ApiCall"; +import { CippApiResults } from "../CippComponents/CippApiResults"; + +const channelLabels = { + latest: { label: "Latest (Stable)", color: "success" }, + dev: { label: "Dev", color: "warning" }, + nightly: { label: "Nightly", color: "info" }, + unknown: { label: "Unknown", color: "default" }, +}; + +const intervalOptions = [ + { label: "Disabled", value: "0" }, + { label: "Every hour", value: "1h" }, + { label: "Every 4 hours", value: "4h" }, + { label: "Every 12 hours", value: "12h" }, + { label: "Every day", value: "1d" }, +]; + +const hourOptions = Array.from({ length: 24 }, (_, i) => ({ + label: `${i.toString().padStart(2, "0")}:00`, + value: String(i), +})); + +export const CippContainerManagement = () => { + const channelForm = useForm({ + mode: "onChange", + defaultValues: { Channel: null }, + }); + + const updateSettingsForm = useForm({ + mode: "onChange", + defaultValues: { CheckInterval: null, AutoUpdate: false, CheckTime: null }, + }); + + const containerStatus = ApiGetCall({ + url: "/api/ExecContainerManagement", + data: { Action: "Status" }, + queryKey: "containerStatus", + }); + + const channelAction = ApiPostCall({ + relatedQueryKeys: ["containerStatus"], + }); + + const restartAction = ApiPostCall({ + relatedQueryKeys: ["containerStatus"], + }); + + const updateCheckAction = ApiPostCall({ + relatedQueryKeys: ["containerStatus"], + }); + + const updateSettingsAction = ApiPostCall({ + relatedQueryKeys: ["containerStatus"], + }); + + const data = containerStatus.data?.Results; + const channelInfo = channelLabels[data?.CurrentChannel] ?? channelLabels.unknown; + const updateSettings = data?.UpdateSettings; + + const channelOptions = (data?.ValidChannels ?? ["latest", "dev", "nightly"]).map((c) => ({ + label: channelLabels[c]?.label ?? c, + value: c, + })); + + useEffect(() => { + if (containerStatus.isSuccess && data?.CurrentChannel) { + const current = channelOptions.find((o) => o.value === data.CurrentChannel); + if (current) { + channelForm.reset({ Channel: current }); + } + } + }, [containerStatus.isSuccess, data?.CurrentChannel]); + + useEffect(() => { + if (containerStatus.isSuccess && updateSettings) { + const interval = intervalOptions.find((o) => o.value === (updateSettings.CheckInterval ?? "0")); + const hour = updateSettings.CheckTime != null + ? hourOptions.find((o) => o.value === String(updateSettings.CheckTime)) + : null; + updateSettingsForm.reset({ + CheckInterval: interval ?? intervalOptions[0], + AutoUpdate: updateSettings.AutoUpdate ?? false, + CheckTime: hour ?? null, + }); + } + }, [containerStatus.isSuccess, updateSettings?.CheckInterval, updateSettings?.AutoUpdate, updateSettings?.CheckTime]); + + const handleUpdateChannel = () => { + const selected = channelForm.getValues("Channel"); + const channel = selected?.value ?? selected; + channelAction.mutate({ + url: "/api/ExecContainerManagement", + data: { Action: "UpdateChannel", Channel: channel }, + }); + }; + + const handleRestart = () => { + restartAction.mutate({ + url: "/api/ExecContainerManagement", + data: { Action: "Restart" }, + }); + }; + + const handleCheckUpdate = () => { + updateCheckAction.mutate({ + url: "/api/ExecContainerManagement", + data: { Action: "CheckUpdate" }, + }); + }; + + const handleSaveUpdateSettings = () => { + const interval = updateSettingsForm.getValues("CheckInterval"); + const autoUpdate = updateSettingsForm.getValues("AutoUpdate"); + const checkTime = updateSettingsForm.getValues("CheckTime"); + updateSettingsAction.mutate({ + url: "/api/ExecContainerManagement", + data: { + Action: "SaveUpdateSettings", + CheckInterval: interval?.value ?? interval ?? "0", + AutoUpdate: autoUpdate ?? false, + CheckTime: checkTime?.value ?? checkTime ?? null, + }, + }); + }; + + const truncateDigest = (digest) => { + if (!digest) return "—"; + // Show algo prefix + first 12 hex chars + if (digest.startsWith("sha256:")) { + return `sha256:${digest.slice(7, 19)}…`; + } + return digest.length > 20 ? `${digest.slice(0, 20)}…` : digest; + }; + + return ( + + + + + {containerStatus.isLoading ? ( + + + + + ) : ( + + {data?.ConfiguredChannel && data.ConfiguredChannel !== data.CurrentChannel && ( + + A channel change is pending. Running: {data.CurrentChannel}, + configured: {data.ConfiguredChannel}. Restart the container to + apply. + + )} + {updateSettings?.UpdateAvailable && ( + + A container update is available. Restart the container to pull the latest image. + + )} + + + + Running Channel + + + + + + + + + Image Tag + + + + + {data?.ImageTag ?? "unknown"} + + + + + + App Version + + + + + {data?.CurrentVersion ?? "unknown"} + + + + + + Commit SHA + + + + + {data?.CommitSha ?? "unknown"} + + + + {updateSettings?.RunningDigest && ( + <> + + + Container Digest + + + + + {truncateDigest(updateSettings.RunningDigest)} + + + + )} + + {data?.CurrentImage && data.CurrentImage !== "unknown" && ( + <> + + + Container Image + + + + + {data.CurrentImage} + + + + )} + + {data?.SiteName && ( + <> + + + App Service + + + + {data.SiteName} + + + )} + + + )} + + + + + + + + + + Configure automatic update checking. CIPP will query the container registry for a new + image digest and optionally restart the container to apply the update. + NOTE: If the container restarts for any reason the latest image version for your update channel will be pulled regardless + + + + + + + + + + + + + {updateSettings?.LastCheck && ( + + Last checked: {new Date(updateSettings.LastCheck * 1000).toLocaleString()} + {updateSettings.UpdateAvailable ? ( + + ) : ( + + )} + + )} + + {updateSettings?.RunningDigest && updateSettings?.RemoteDigest && ( + + + + Running Digest + + + + + {truncateDigest(updateSettings.RunningDigest)} + + + + + Remote Digest + + + + + {truncateDigest(updateSettings.RemoteDigest)} + + + + )} + + + + + + + + + + + + + + + + + Changing the release channel updates the container image tag. The new image will be + pulled on the next container restart. Switching to "Dev" or + "Nightly" may include unstable or untested changes. + + + + + + + + + + + + + + + + + Restart the application container. This will cause a brief downtime while the container + restarts. If you changed the release channel, this will pull the new image. + + + + + + + + + + + ); +}; + +export default CippContainerManagement; diff --git a/src/components/CippSettings/CippSSOSettings.jsx b/src/components/CippSettings/CippSSOSettings.jsx new file mode 100644 index 000000000000..e22cd1ab6edf --- /dev/null +++ b/src/components/CippSettings/CippSSOSettings.jsx @@ -0,0 +1,202 @@ +import { useEffect, useState } from "react"; +import { + Alert, + Button, + CardActions, + CardContent, + CardHeader, + Chip, + Divider, + Skeleton, + Stack, + Typography, +} from "@mui/material"; +import { useForm } from "react-hook-form"; +import { Grid } from "@mui/system"; +import CippFormComponent from "../CippComponents/CippFormComponent"; +import CippButtonCard from "../CippCards/CippButtonCard"; +import { ApiGetCall, ApiPostCall } from "../../api/ApiCall"; +import { CippApiResults } from "../CippComponents/CippApiResults"; + +const statusLabels = { + none: { label: "Not Configured", color: "default" }, + app_created: { label: "App Created", color: "info" }, + appid_stored: { label: "App ID Stored", color: "info" }, + secrets_stored: { label: "Secrets Stored", color: "success" }, + complete: { label: "Complete", color: "success" }, + error: { label: "Error", color: "error" }, +}; + +export const CippSSOSettings = () => { + const [showCreate, setShowCreate] = useState(false); + + const formControl = useForm({ + mode: "onChange", + defaultValues: { multiTenant: false }, + }); + + const ssoStatus = ApiGetCall({ + url: "/api/ExecSSOSetup", + data: { Action: "Status" }, + queryKey: "SSOStatus", + }); + + const ssoAction = ApiPostCall({ + relatedQueryKeys: ["SSOStatus", "authmecipp"], + }); + + useEffect(() => { + if (ssoStatus.isSuccess && ssoStatus.data?.Results) { + const data = ssoStatus.data.Results; + formControl.reset({ multiTenant: data.multiTenant ?? false }); + setShowCreate(!data.configured); + } + }, [ssoStatus.isSuccess, ssoStatus.data]); + + const handleUpdate = () => { + if ( + !window.confirm( + "Updating SSO settings will restart the CIPP instance. Changes may take up to 60 seconds to reflect. Do you want to continue?" + ) + ) { + return; + } + ssoAction.mutate({ + url: "/api/ExecSSOSetup", + data: { + Action: "Update", + multiTenant: formControl.getValues("multiTenant"), + }, + }); + }; + + const handleCreate = () => { + ssoAction.mutate({ + url: "/api/ExecSSOSetup", + data: { + Action: "Create", + multiTenant: formControl.getValues("multiTenant"), + }, + }); + }; + + const handleRotateSecret = () => { + ssoAction.mutate({ + url: "/api/ExecSSOSetup", + data: { Action: "RotateSecret" }, + }); + }; + + const data = ssoStatus.data?.Results; + const statusInfo = statusLabels[data?.status] ?? statusLabels.none; + + return ( + + + {ssoStatus.isLoading ? ( + + + + + ) : ( + + + + + Status + + + + + + + {data?.appId && ( + <> + + + App ID + + + + + {data.appId} + + + + )} + + {data?.createdAt && ( + <> + + + Created + + + + + {new Date(data.createdAt).toLocaleString()} + + + + )} + + {data?.lastError && ( + <> + + + {data.lastError} + + + + )} + + + + + + + + + )} + + {!ssoStatus.isLoading && ( + + + {showCreate ? ( + + ) : ( + <> + + + + )} + + + )} + + ); +}; diff --git a/src/components/CippSettings/CippUserManagement.jsx b/src/components/CippSettings/CippUserManagement.jsx new file mode 100644 index 000000000000..ab4be74c1b2b --- /dev/null +++ b/src/components/CippSettings/CippUserManagement.jsx @@ -0,0 +1,221 @@ +import React, { useState } from "react"; +import { + Alert, + Box, + Button, + CardActions, + CardContent, + Chip, + Dialog, + DialogActions, + DialogContent, + DialogTitle, + Divider, + Stack, + SvgIcon, + Typography, +} from "@mui/material"; +import { Grid } from "@mui/system"; +import { useForm } from "react-hook-form"; +import { TrashIcon, PlusIcon, PencilIcon } from "@heroicons/react/24/outline"; +import { CippDataTable } from "../CippTable/CippDataTable"; +import CippFormComponent from "../CippComponents/CippFormComponent"; +import { CippApiResults } from "../CippComponents/CippApiResults"; +import { ApiGetCall, ApiPostCall } from "../../api/ApiCall"; + +export const CippUserManagement = () => { + const [dialogOpen, setDialogOpen] = useState(false); + const [editingUser, setEditingUser] = useState(null); + + const formControl = useForm({ + mode: "onChange", + defaultValues: { UPN: "", Roles: [] }, + }); + + const rolesQuery = ApiGetCall({ + url: "/api/ListCustomRole", + queryKey: "customRoleList", + }); + + const userAction = ApiPostCall({ + relatedQueryKeys: ["cippUsersList"], + }); + + const allRoles = Array.isArray(rolesQuery.data) ? rolesQuery.data : []; + const roleOptions = allRoles.map((r) => ({ + label: `${r.RoleName} (${r.Type})`, + value: r.RoleName, + })); + + const openAddDialog = () => { + setEditingUser(null); + formControl.reset({ UPN: "", Roles: [] }); + setDialogOpen(true); + }; + + const openEditDialog = (row) => { + setEditingUser(row); + const currentRoles = (row.Roles ?? []).map((r) => { + const match = roleOptions.find((opt) => opt.value === r); + return match ?? { label: r, value: r }; + }); + formControl.reset({ UPN: row.UPN, Roles: currentRoles }); + setDialogOpen(true); + }; + + const handleSaveUser = (data) => { + const roles = Array.isArray(data.Roles) ? data.Roles.map((r) => r.value ?? r) : [data.Roles]; + userAction.mutate( + { + url: "/api/ExecCIPPUsers", + data: { + Action: "AddUpdate", + UPN: data.UPN, + Roles: roles, + }, + }, + { + onSuccess: () => { + formControl.reset({ UPN: "", Roles: [] }); + setEditingUser(null); + setDialogOpen(false); + }, + } + ); + }; + + const actions = [ + { + label: "Edit Roles", + icon: ( + + + + ), + noConfirm: true, + customFunction: (row) => openEditDialog(row), + }, + { + label: "Delete User", + icon: ( + + + + ), + confirmText: "Are you sure you want to remove this user's access to CIPP?", + url: "/api/ExecCIPPUsers", + type: "POST", + data: { + Action: "Delete", + UPN: "UPN", + }, + relatedQueryKeys: ["cippUsersList"], + }, + ]; + + const offCanvas = { + children: (row) => ( + + + + Email / UPN + + {row.UPN} + + + + + Assigned Roles + + + {(row.Roles ?? []).map((role, idx) => ( + + ))} + + + + ), + }; + + return ( + + + + + } + onClick={openAddDialog} + > + Add User + + } + api={{ + url: "/api/ListCIPPUsers", + dataKey: "Users", + }} + queryKey="cippUsersList" + simpleColumns={["UPN", "Roles"]} + offCanvas={offCanvas} + /> + + + + setDialogOpen(false)} + maxWidth="sm" + fullWidth + > + {editingUser ? `Edit Roles — ${editingUser.UPN}` : "Add CIPP User"} + + + + {editingUser + ? "Update the roles assigned to this user." + : "Add a user by their email address (UPN) and assign one or more roles. If the user already exists, their roles will be updated."} + + {!editingUser && ( + + )} + + + + + + + + + + ); +}; + +export default CippUserManagement; diff --git a/src/components/CippStandards/CippStandardAccordion.jsx b/src/components/CippStandards/CippStandardAccordion.jsx index 1a2811d462c3..5aed7f6950a8 100644 --- a/src/components/CippStandards/CippStandardAccordion.jsx +++ b/src/components/CippStandards/CippStandardAccordion.jsx @@ -2,6 +2,7 @@ import React, { useEffect, useState, useMemo } from "react"; import { Card, Stack, + Alert, Avatar, Box, Typography, @@ -31,7 +32,7 @@ import { import { Grid } from "@mui/system"; import CippFormComponent from "../CippComponents/CippFormComponent"; import { useWatch, useFormState } from "react-hook-form"; -import _ from "lodash"; +import { get, isEqual, cloneDeep } from "lodash"; import Microsoft from "../../icons/iconly/bulk/microsoft"; import Azure from "../../icons/iconly/bulk/azure"; import Exchange from "../../icons/iconly/bulk/exchange"; @@ -53,8 +54,9 @@ const getAvailableActions = (disabledFeatures) => { return allActions.filter((action) => !disabledFeatures?.[action.value.toLowerCase()]); }; -const CippAddedComponent = React.memo(({ standardName, component, formControl }) => { +const CippAddedComponent = React.memo(({ standardName, component, formControl, currentValue }) => { const updatedComponent = { ...component }; + const fieldName = `${standardName}.${updatedComponent.name}`; if (component.type === "AdminRolesMultiSelect") { updatedComponent.type = "autoComplete"; @@ -73,15 +75,30 @@ const CippAddedComponent = React.memo(({ standardName, component, formControl }) updatedComponent.type = component.type; } + const warningThreshold = Number(updatedComponent.warningThreshold); + const numericValue = Number(currentValue); + const showThresholdWarning = + Number.isFinite(warningThreshold) && + !Number.isNaN(numericValue) && + `${currentValue}`.trim() !== "" && + numericValue > warningThreshold; + + const warningMessage = + updatedComponent.warningMessage || + `Values above ${warningThreshold} can match unrelated policies. Use with caution.`; + return ( - + + + {showThresholdWarning && {warningMessage}} + ); }); @@ -151,7 +168,7 @@ const CippStandardAccordion = ({ // ALWAYS require an action for any standard to be considered configured // The action field should be an array with at least one element - const actionValue = _.get(values, "action"); + const actionValue = get(values, "action"); if (!actionValue || (Array.isArray(actionValue) && actionValue.length === 0)) return false; // Additional checks for required components @@ -171,7 +188,7 @@ const CippStandardAccordion = ({ // Handle conditional fields if (component.condition) { const conditionField = component.condition.field; - const conditionValue = _.get(values, conditionField); + const conditionValue = get(values, conditionField); const compareType = component.condition.compareType || "is"; const compareValue = component.condition.compareValue; const propertyName = component.condition.propertyName || "value"; @@ -180,10 +197,10 @@ const CippStandardAccordion = ({ if (propertyName === "value") { switch (compareType) { case "is": - conditionMet = _.isEqual(conditionValue, compareValue); + conditionMet = isEqual(conditionValue, compareValue); break; case "isNot": - conditionMet = !_.isEqual(conditionValue, compareValue); + conditionMet = !isEqual(conditionValue, compareValue); break; default: conditionMet = false; @@ -207,7 +224,7 @@ const CippStandardAccordion = ({ if (!isRequired) return true; // Get field value using lodash's get to properly handle nested properties - const fieldValue = _.get(values, component.name); + const fieldValue = get(values, component.name); // Check if field has a value based on its type and multiple property if (component.type === "autoComplete" || component.type === "select") { @@ -246,10 +263,10 @@ const CippStandardAccordion = ({ // For each standard, get its current values and determine if it's configured Object.keys(selectedStandards).forEach((standardName) => { - const currentValues = _.get(watchedValues, standardName); + const currentValues = get(watchedValues, standardName); if (!currentValues) return; - initial[standardName] = _.cloneDeep(currentValues); + initial[standardName] = cloneDeep(currentValues); const baseStandardName = standardName.split("[")[0]; const standard = providedStandards.find((s) => s.name === baseStandardName); @@ -288,9 +305,9 @@ const CippStandardAccordion = ({ const updated = { ...prev }; removedKeys.forEach((k) => delete updated[k]); addedKeys.forEach((k) => { - const currentValues = _.get(watchedValues, k); + const currentValues = get(watchedValues, k); if (currentValues) { - updated[k] = _.cloneDeep(currentValues); + updated[k] = cloneDeep(currentValues); } }); return updated; @@ -302,7 +319,7 @@ const CippStandardAccordion = ({ addedKeys.forEach((k) => { const baseStandardName = k.split("[")[0]; const standard = providedStandards.find((s) => s.name === baseStandardName); - const currentValues = _.get(watchedValues, k); + const currentValues = get(watchedValues, k); if (standard && currentValues) { updated[k] = isStandardConfigured(k, standard, currentValues); } @@ -316,7 +333,7 @@ const CippStandardAccordion = ({ // Save changes for a standard const handleSave = (standardName, standard, current) => { // Clone the current values to avoid reference issues - const newValues = _.cloneDeep(current); + const newValues = cloneDeep(current); // Update saved values setSavedValues((prev) => ({ @@ -352,11 +369,11 @@ const CippStandardAccordion = ({ // Cancel changes for a standard const handleCancel = (standardName) => { // Get the last saved values - const savedValue = _.get(savedValues, standardName); + const savedValue = get(savedValues, standardName); if (!savedValue) return; // Set the entire standard's value at once to ensure proper handling of nested objects and arrays - formControl.setValue(standardName, _.cloneDeep(savedValue)); + formControl.setValue(standardName, cloneDeep(savedValue)); // Find the original standard definition to get the base standard const baseStandardName = standardName.split("[")[0]; @@ -432,9 +449,12 @@ const CippStandardAccordion = ({ (standard.cat && standard.cat.toLowerCase().includes(searchLower)) || (standard.tag && Array.isArray(standard.tag) && - standard.tag.some((tag) => tag.toLowerCase().includes(searchLower))); + standard.tag.some((tag) => tag.toLowerCase().includes(searchLower))) || + (standard.appliesToTest && + Array.isArray(standard.appliesToTest) && + standard.appliesToTest.some((testId) => testId.toLowerCase().includes(searchLower))); - const isConfigured = _.get(configuredState, standardName); + const isConfigured = get(configuredState, standardName); const matchesFilter = filter === "all" || (filter === "configured" && isConfigured) || @@ -596,10 +616,10 @@ const CippStandardAccordion = ({ const isExpanded = expanded === standardName; const hasAddedComponents = standard.addedComponent && standard.addedComponent.length > 0; - const isConfigured = _.get(configuredState, standardName); + const isConfigured = get(configuredState, standardName); const disabledFeatures = standard.disabledFeatures || {}; - let selectedActions = _.get(watchedValues, `${standardName}.action`); + let selectedActions = get(watchedValues, `${standardName}.action`); if (selectedActions && !Array.isArray(selectedActions)) { selectedActions = [selectedActions]; } @@ -608,13 +628,13 @@ const CippStandardAccordion = ({ let templateDisplayName = ""; if (standardName.startsWith("standards.IntuneTemplate")) { // Check for TemplateList selection - const templateList = _.get(watchedValues, `${standardName}.TemplateList`); + const templateList = get(watchedValues, `${standardName}.TemplateList`); if (templateList && templateList.label) { templateDisplayName = templateList.label; } // Check for TemplateList-Tags selection (takes priority) - const templateListTags = _.get(watchedValues, `${standardName}.TemplateList-Tags`); + const templateListTags = get(watchedValues, `${standardName}.TemplateList-Tags`); if (templateListTags && templateListTags.label) { templateDisplayName = templateListTags.label; } @@ -622,21 +642,21 @@ const CippStandardAccordion = ({ // For multiple standards, check the first added component const selectedTemplateName = standard.multiple - ? _.get(watchedValues, `${standardName}.${standard.addedComponent?.[0]?.name}`) + ? get(watchedValues, `${standardName}.${standard.addedComponent?.[0]?.name}`) : ""; // Build accordion title with template name if available const accordionTitle = templateDisplayName ? `${standard.label} - ${templateDisplayName}` - : selectedTemplateName && _.get(selectedTemplateName, "label") - ? `${standard.label} - ${_.get(selectedTemplateName, "label")}` + : selectedTemplateName && get(selectedTemplateName, "label") + ? `${standard.label} - ${get(selectedTemplateName, "label")}` : standard.label; // Get current values and check if they differ from saved values - const current = _.get(watchedValues, standardName); - const saved = _.get(savedValues, standardName) || {}; + const current = get(watchedValues, standardName); + const saved = get(savedValues, standardName) || {}; - const hasUnsaved = !_.isEqual(current, saved); + const hasUnsaved = !isEqual(current, saved); // Check if all required fields are filled const requiredFieldsFilled = current @@ -651,7 +671,7 @@ const CippStandardAccordion = ({ // Handle conditional fields if (component.condition) { const conditionField = component.condition.field; - const conditionValue = _.get(current, conditionField); + const conditionValue = get(current, conditionField); const compareType = component.condition.compareType || "is"; const compareValue = component.condition.compareValue; const propertyName = component.condition.propertyName || "value"; @@ -660,10 +680,10 @@ const CippStandardAccordion = ({ if (propertyName === "value") { switch (compareType) { case "is": - conditionMet = _.isEqual(conditionValue, compareValue); + conditionMet = isEqual(conditionValue, compareValue); break; case "isNot": - conditionMet = !_.isEqual(conditionValue, compareValue); + conditionMet = !isEqual(conditionValue, compareValue); break; default: conditionMet = false; @@ -685,7 +705,7 @@ const CippStandardAccordion = ({ } // Get field value for validation using lodash's get to properly handle nested properties - const fieldValue = _.get(current, component.name); + const fieldValue = get(current, component.name); // Check if required field has a value based on its type and multiple property if (component.type === "autoComplete" || component.type === "select") { @@ -714,12 +734,12 @@ const CippStandardAccordion = ({ ); // Action is always required and must be an array with at least one element - const actionValue = _.get(current, "action"); + const actionValue = get(current, "action"); const hasAction = actionValue && (!Array.isArray(actionValue) || actionValue.length > 0); // Check if this standard has any validation errors - const standardErrors = _.get(formErrors, standardName); + const standardErrors = get(formErrors, standardName); const hasValidationErrors = standardErrors && Object.keys(standardErrors).length > 0; // Allow saving if: @@ -937,6 +957,10 @@ const CippStandardAccordion = ({ standardName={standardName} component={component} formControl={formControl} + currentValue={get( + watchedValues, + `${standardName}.${component.name}`, + )} /> ) : ( @@ -945,6 +969,10 @@ const CippStandardAccordion = ({ standardName={standardName} component={component} formControl={formControl} + currentValue={get( + watchedValues, + `${standardName}.${component.name}`, + )} /> ), )} @@ -995,6 +1023,10 @@ const CippStandardAccordion = ({ standardName={standardName} component={component} formControl={formControl} + currentValue={get( + watchedValues, + `${standardName}.${component.name}`, + )} /> ) : ( @@ -1003,6 +1035,10 @@ const CippStandardAccordion = ({ standardName={standardName} component={component} formControl={formControl} + currentValue={get( + watchedValues, + `${standardName}.${component.name}`, + )} /> ), )} diff --git a/src/components/CippStandards/CippStandardDialog.jsx b/src/components/CippStandards/CippStandardDialog.jsx index 6ebe6362930c..4761ffcab94f 100644 --- a/src/components/CippStandards/CippStandardDialog.jsx +++ b/src/components/CippStandards/CippStandardDialog.jsx @@ -788,7 +788,11 @@ const CippStandardDialog = ({ standard.label.toLowerCase().includes(localSearchQuery.toLowerCase()) || standard.helpText.toLowerCase().includes(localSearchQuery.toLowerCase()) || (standard.tag && - standard.tag.some((tag) => tag.toLowerCase().includes(localSearchQuery.toLowerCase()))); + standard.tag.some((tag) => tag.toLowerCase().includes(localSearchQuery.toLowerCase()))) || + (standard.appliesToTest && + standard.appliesToTest.some((testId) => + testId.toLowerCase().includes(localSearchQuery.toLowerCase()) + )); // Category filter const matchesCategory = diff --git a/src/components/CippStandards/CippStandardsSideBar.jsx b/src/components/CippStandards/CippStandardsSideBar.jsx index f633f9b14ed9..2cab69c42f7e 100644 --- a/src/components/CippStandards/CippStandardsSideBar.jsx +++ b/src/components/CippStandards/CippStandardsSideBar.jsx @@ -29,7 +29,7 @@ import CheckIcon from "@heroicons/react/24/outline/CheckIcon"; import CloseIcon from "@mui/icons-material/Close"; import { useWatch } from "react-hook-form"; import { useEffect, useState } from "react"; -import _ from "lodash"; +import { get } from "lodash"; import CippFormComponent from "../CippComponents/CippFormComponent"; import { CippFormTenantSelector } from "../CippComponents/CippFormTenantSelector"; import { CippApiDialog } from "../CippComponents/CippApiDialog"; @@ -241,14 +241,14 @@ const CippStandardsSideBar = ({ useEffect(() => { const stepsStatus = { - step1: !!_.get(watchForm, "templateName"), - step2: _.get(watchForm, "tenantFilter", []).length > 0, + step1: !!get(watchForm, "templateName"), + step2: get(watchForm, "tenantFilter", []).length > 0, step3: Object.keys(selectedStandards).length > 0, step4: - _.get(watchForm, "standards") && + get(watchForm, "standards") && Object.keys(selectedStandards).length > 0 && Object.keys(selectedStandards).every((standardName) => { - const standardValues = _.get(watchForm, `${standardName}`, {}); + const standardValues = get(watchForm, `${standardName}`, {}); const standard = selectedStandards[standardName]; // Check if this standard requires an action const hasRequiredComponents = @@ -258,7 +258,7 @@ const CippStandardsSideBar = ({ ); const actionRequired = standard?.disabledFeatures !== undefined || hasRequiredComponents; // Always require an action value which should be an array with at least one element - const actionValue = _.get(standardValues, "action"); + const actionValue = get(standardValues, "action"); return actionValue && (!Array.isArray(actionValue) || actionValue.length > 0); }), }; @@ -269,17 +269,17 @@ const CippStandardsSideBar = ({ // Create a local reference to the stepsStatus from the latest effect run const stepsStatus = { - step1: !!_.get(watchForm, "templateName"), - step2: _.get(watchForm, "tenantFilter", []).length > 0, + step1: !!get(watchForm, "templateName"), + step2: get(watchForm, "tenantFilter", []).length > 0, step3: Object.keys(selectedStandards).length > 0, step4: - _.get(watchForm, "standards") && + get(watchForm, "standards") && Object.keys(selectedStandards).length > 0 && Object.keys(selectedStandards).every((standardName) => { - const standardValues = _.get(watchForm, `${standardName}`, {}); + const standardValues = get(watchForm, `${standardName}`, {}); const standard = selectedStandards[standardName]; // Always require an action for all standards (must be an array with at least one element) - const actionValue = _.get(standardValues, "action"); + const actionValue = get(standardValues, "action"); return actionValue && (!Array.isArray(actionValue) || actionValue.length > 0); }), }; diff --git a/src/components/CippTable/CIPPTableToptoolbar.js b/src/components/CippTable/CIPPTableToptoolbar.js index 58d8a180813b..232c752bb2c9 100644 --- a/src/components/CippTable/CIPPTableToptoolbar.js +++ b/src/components/CippTable/CIPPTableToptoolbar.js @@ -1239,7 +1239,7 @@ export const CIPPTableToptoolbar = React.memo( )} {/* Cold start indicator */} - {getRequestData?.data?.pages?.[0].Metadata?.ColdStart === true && ( + {getRequestData?.data?.pages?.[0]?.Metadata?.ColdStart === true && ( diff --git a/src/components/CippTable/CippDataTable.js b/src/components/CippTable/CippDataTable.js index 0fc4f87432b7..22c9bfe66ff2 100644 --- a/src/components/CippTable/CippDataTable.js +++ b/src/components/CippTable/CippDataTable.js @@ -341,6 +341,7 @@ export const CippDataTable = (props) => { }, exportEnabled = true, simpleColumns = [], + dataFilter, actions, title = 'Report', simple = false, @@ -476,7 +477,7 @@ export const CippDataTable = (props) => { const nestedData = getNestedValue(page, api.dataKey) return nestedData !== undefined ? nestedData : [] }) - setUsedData(combinedResults) + setUsedData(dataFilter ? combinedResults.filter(dataFilter) : combinedResults) } }, [ getRequestData.isSuccess, @@ -579,6 +580,9 @@ export const CippDataTable = (props) => { }, [columns.length, usedData, queryKey, settings?.currentTenant, filterTypeMap]) const createDialog = useDialog() + const hasActions = !!actions + const hasOffCanvas = !!offCanvas + const hasOnChange = !!onChange // Compute modeInfo via useMemo so it stays stable but updates when relevant inputs change. const modeInfo = useMemo( @@ -593,7 +597,7 @@ export const CippDataTable = (props) => { maxHeightOffset, settings ), - [simple, !!actions, !!offCanvas, !!onChange, maxHeightOffset, settings?.tablePageSize?.value] + [simple, hasActions, hasOffCanvas, hasOnChange, maxHeightOffset, settings?.tablePageSize?.value] ) // Include updateTrigger in data memo to force re-render when license backfill completes @@ -651,7 +655,15 @@ export const CippDataTable = (props) => { const muiTableBodyRowProps = useMemo(() => { if (offCanvasOnRowClick && offCanvas) { return ({ row }) => ({ - onClick: () => { + onClick: (event) => { + if ( + event.target?.closest?.( + 'button, a, input, textarea, select, [role="button"], [role="menuitem"], [data-no-row-click="true"]' + ) + ) { + return + } + setOffCanvasData(row.original) const filteredRowsArray = table?.getFilteredRowModel?.()?.rows if (filteredRowsArray) { diff --git a/src/components/CippTable/CippDataTableButton.jsx b/src/components/CippTable/CippDataTableButton.jsx index 79eec0f04bc5..86c3c887e1e9 100644 --- a/src/components/CippTable/CippDataTableButton.jsx +++ b/src/components/CippTable/CippDataTableButton.jsx @@ -5,7 +5,9 @@ import { getCippTranslation } from "../../utils/get-cipp-translation"; const CippDataTableButton = ({ data, title, tableTitle = "Data" }) => { const [openDialogs, setOpenDialogs] = useState([]); - const handleOpenDialog = () => { + const handleOpenDialog = (event) => { + event?.stopPropagation(); + let dataArray; if (Array.isArray(data)) { @@ -21,7 +23,8 @@ const CippDataTableButton = ({ data, title, tableTitle = "Data" }) => { setOpenDialogs([...openDialogs, dataArray]); }; - const handleCloseDialog = (index) => { + const handleCloseDialog = (index, event) => { + event?.stopPropagation?.(); setOpenDialogs(openDialogs.filter((_, i) => i !== index)); }; const dataIsNotANullArray = @@ -48,7 +51,9 @@ const CippDataTableButton = ({ data, title, tableTitle = "Data" }) => { handleCloseDialog(index)} + onClose={(event) => handleCloseDialog(index, event)} + onMouseDown={(event) => event.stopPropagation()} + onClick={(event) => event.stopPropagation()} fullWidth maxWidth="lg" > diff --git a/src/components/CippTestDetail/CippTestDetailOffCanvas.jsx b/src/components/CippTestDetail/CippTestDetailOffCanvas.jsx index 64abc9b224e4..990ed7472a08 100644 --- a/src/components/CippTestDetail/CippTestDetailOffCanvas.jsx +++ b/src/components/CippTestDetail/CippTestDetailOffCanvas.jsx @@ -49,21 +49,15 @@ const getImpactColor = (impact) => { } }; -const checkCIPPStandardAvailable = (testName) => { - if (!testName) return "No"; - console.log(testName); - // Check if any standard's tag array contains a reference to this test - const hasStandard = standardsData.some((standard) => { - if (!standard.tag || !Array.isArray(standard.tag)) return false; - // Check if any tag matches the test name or contains it - return standard.tag.some((tag) => { - const tagLower = tag.toLowerCase(); - const testLower = testName.toLowerCase(); - return tagLower.includes(testLower) || testLower.includes(tagLower); - }); - }); - - return hasStandard ? "Yes" : "No"; +// Find every CIPP standard whose appliesToTest array includes this test's RowKey. +// appliesToTest stores TestIds (e.g. "CIS_1_1_1", "ZTNA21772", "SMB1001_2_5"); the +// row's RowKey is the same TestId, so this is an exact lookup. +const getMatchingStandards = (testName) => { + if (!testName) return []; + return standardsData.filter( + (standard) => + Array.isArray(standard.appliesToTest) && standard.appliesToTest.includes(testName) + ); }; // Shared markdown styling for consistent rendering @@ -141,6 +135,8 @@ export const CippTestDetailOffCanvas = ({ row }) => { const shouldRenderCustomJson = hasRawCustomData && row.ReturnType === "JSON" && !row.ResultMarkdown; const shouldRenderCustomMarkdown = hasRawCustomData && !shouldRenderCustomJson && !row.ResultMarkdown; + const matchingStandards = getMatchingStandards(row.RowKey); + return ( @@ -235,8 +231,8 @@ export const CippTestDetailOffCanvas = ({ row }) => { 0 ? `Yes (${matchingStandards.length})` : "No"} + color={matchingStandards.length > 0 ? "success" : "default"} size="small" /> @@ -246,6 +242,30 @@ export const CippTestDetailOffCanvas = ({ row }) => { + {matchingStandards.length > 0 && ( + + + + CIPP Standards that satisfy this test + + + The following CIPP standards can be deployed to remediate or enforce this test. + + + {matchingStandards.map((standard) => ( + + ))} + + + + )} + {(row.ResultMarkdown || shouldRenderCustomJson || shouldRenderCustomMarkdown) && ( diff --git a/src/components/CippWizard/CippAddTenantTypeSelection.jsx b/src/components/CippWizard/CippAddTenantTypeSelection.jsx index f8ba6a384884..520d1b978936 100644 --- a/src/components/CippWizard/CippAddTenantTypeSelection.jsx +++ b/src/components/CippWizard/CippAddTenantTypeSelection.jsx @@ -1,68 +1,82 @@ -import { Avatar, Card, CardContent, Stack, SvgIcon, Typography } from "@mui/material"; -import { useState, useEffect } from "react"; -import { CippWizardStepButtons } from "./CippWizardStepButtons"; -import { BuildingOfficeIcon, CloudIcon } from "@heroicons/react/24/outline"; +import { Avatar, Card, CardContent, Stack, SvgIcon, Typography } from '@mui/material' +import { useState, useEffect } from 'react' +import { CippWizardStepButtons } from './CippWizardStepButtons' +import { BuildingOfficeIcon, CloudIcon, LinkIcon } from '@heroicons/react/24/outline' export const CippAddTenantTypeSelection = (props) => { - const { onNextStep, formControl, currentStep, onPreviousStep } = props; + const { onNextStep, formControl, currentStep, onPreviousStep } = props - const [selectedOption, setSelectedOption] = useState(null); + const [selectedOption, setSelectedOption] = useState(null) // Register the tenantType field in react-hook-form - formControl.register("tenantType", { + formControl.register('tenantType', { required: true, - }); + }) // Restore selection if already set (when navigating back) useEffect(() => { - const currentValue = formControl.getValues("tenantType"); + const currentValue = formControl.getValues('tenantType') if (currentValue) { - setSelectedOption(currentValue); + setSelectedOption(currentValue) } // Restore the form's selectedOption state if navigating back - const selectedOptionValue = formControl.getValues("selectedOption"); + const selectedOptionValue = formControl.getValues('selectedOption') if (selectedOptionValue) { - formControl.setValue("selectedOption", selectedOptionValue); + formControl.setValue('selectedOption', selectedOptionValue) } - }, [formControl]); + }, [formControl]) const handleOptionClick = (value) => { - setSelectedOption(value); - formControl.setValue("tenantType", value); + setSelectedOption(value) + formControl.setValue('tenantType', value) // Clear validation fields from other paths when changing selection // This ensures going back and choosing a different option doesn't keep old validations - if (value === "GDAP") { + if (value === 'GDAP') { // Clear Direct tenant fields - formControl.unregister("DirectTenantAuth"); - } else if (value === "Direct") { + formControl.unregister('DirectTenantAuth') + } else if (value === 'Direct') { // Clear GDAP fields - formControl.unregister("GDAPTemplate"); - formControl.unregister("GDAPInviteAccepted"); - formControl.unregister("GDAPRelationshipId"); - formControl.unregister("GDAPOnboardingComplete"); + formControl.unregister('GDAPTemplate') + formControl.unregister('GDAPInviteAccepted') + formControl.unregister('GDAPRelationshipId') + formControl.unregister('GDAPOnboardingComplete') + } else if (value === 'IndirectReseller') { + // Clear other paths + formControl.unregister('DirectTenantAuth') + formControl.unregister('GDAPTemplate') + formControl.unregister('GDAPInviteAccepted') + formControl.unregister('GDAPRelationshipId') + formControl.unregister('GDAPOnboardingComplete') } // Trigger validation only for the tenantType field - formControl.trigger("tenantType"); - }; + formControl.trigger('tenantType') + } const options = [ { - value: "GDAP", - label: "Add GDAP Tenant", + value: 'GDAP', + label: 'Add GDAP Tenant', description: "Select this option to add a new tenant to your Microsoft Partner center environment. We'll walk you through the steps of setting up GDAP.", icon: , }, { - value: "Direct", - label: "Add Direct Tenant", + value: 'Direct', + label: 'Add Direct Tenant', description: - "Select this option if you are not a Microsoft partner, or want to add a tenant outside of the scope of your partner center.", + 'Select this option if you are not a Microsoft partner, or want to add a tenant outside of the scope of your partner center.', icon: , }, - ]; + { + value: 'IndirectReseller', + label: 'Get Reseller Invite Link', + description: + 'Generate a reseller relationship invite link to send to a customer. This does not add the tenant to CIPP, but may be used by other vendors to populate their customer list.', + icon: , + }, + ] return ( @@ -74,7 +88,7 @@ export const CippAddTenantTypeSelection = (props) => { {options.map((option) => { - const isSelected = selectedOption === option.value; + const isSelected = selectedOption === option.value return ( { onClick={() => handleOptionClick(option.value)} variant="outlined" sx={{ - cursor: "pointer", + cursor: 'pointer', ...(isSelected && { boxShadow: (theme) => `0px 0px 0px 2px ${theme.palette.primary.main}`, }), - "&:hover": { + '&:hover': { ...(isSelected ? {} : { boxShadow: 8 }), }, }} @@ -96,9 +110,9 @@ export const CippAddTenantTypeSelection = (props) => { @@ -111,7 +125,7 @@ export const CippAddTenantTypeSelection = (props) => { - ); + ) })} { formControl={formControl} /> - ); -}; + ) +} -export default CippAddTenantTypeSelection; +export default CippAddTenantTypeSelection diff --git a/src/components/CippWizard/CippIndirectResellerLink.jsx b/src/components/CippWizard/CippIndirectResellerLink.jsx new file mode 100644 index 000000000000..991e18683f34 --- /dev/null +++ b/src/components/CippWizard/CippIndirectResellerLink.jsx @@ -0,0 +1,133 @@ +import { useEffect, useMemo } from 'react' +import { Alert, Box, Skeleton, Stack, TextField, Typography } from '@mui/material' +import { ApiGetCall } from '../../api/ApiCall' +import { CippWizardStepButtons } from './CippWizardStepButtons' +import { CippCopyToClipBoard } from '../CippComponents/CippCopyToClipboard' +import CippFormComponent from '../CippComponents/CippFormComponent' +import { useWatch } from 'react-hook-form' + +export const CippIndirectResellerLink = (props) => { + const { formControl, currentStep, onPreviousStep, onNextStep } = props + + const linkData = ApiGetCall({ + url: '/api/ListResellerRelationshipLink', + queryKey: 'ListResellerRelationshipLink', + }) + + const inviteUrl = linkData.data?.inviteUrl ?? null + const indirectProviders = linkData.data?.indirectProviders ?? [] + const inviteUrlError = linkData.data?.inviteUrlError ?? null + + const noneOption = { label: 'None (no indirect provider)', value: null } + + const providerOptions = useMemo(() => { + const providers = indirectProviders.map((p) => ({ + label: `${p.name} — MPN: ${p.mpnId} (${p.location})`, + value: p.id, + })) + return [noneOption, ...providers] + }, [indirectProviders]) + + useEffect(() => { + if (!linkData.isFetching && providerOptions.length > 0) { + const current = formControl.getValues('indirectProviderId') + if (!current) { + formControl.setValue('indirectProviderId', noneOption) + } + } + }, [linkData.isFetching, providerOptions]) + + const selectedProvider = useWatch({ control: formControl.control, name: 'indirectProviderId' }) + + const finalUrl = useMemo(() => { + if (!inviteUrl) return null + if (!selectedProvider?.value) return inviteUrl + const hashIndex = inviteUrl.indexOf('#') + const base = hashIndex !== -1 ? inviteUrl.slice(0, hashIndex) : inviteUrl + const hash = hashIndex !== -1 ? inviteUrl.slice(hashIndex) : '' + return `${base}&indirectCSPId=${selectedProvider.value}${hash}` + }, [inviteUrl, selectedProvider]) + + return ( + + + + Indirect Reseller Relationship Link + + + Generate an invite link to send to a customer so they can authorize you as their indirect + reseller. This does not add the tenant to CIPP — it only provides the + Microsoft Admin Portal invitation link. + + + + {linkData.isFetching && ( + + + + + + + + + )} + + {linkData.isError && ( + + Failed to load relationship link from the Partner Center API. Ensure your CIPP application + has the required Partner Center permissions. + + )} + + {inviteUrlError && !linkData.isError && {inviteUrlError}} + + {!linkData.isFetching && !linkData.isError && inviteUrl && ( + <> + + + + + Invite Link + + + + + + + Send this link to your customer. When they follow it, they will be linked to your + reseller account in the Microsoft Admin Portal. + + + + + There is no automatic confirmation when the customer accepts this invite. You can verify + the relationship in Partner Center once the customer has completed the process. + + + )} + + + + ) +} diff --git a/src/components/CippWizard/CippIntunePolicy.jsx b/src/components/CippWizard/CippIntunePolicy.jsx index 455c14adf751..10d46a1b7e83 100644 --- a/src/components/CippWizard/CippIntunePolicy.jsx +++ b/src/components/CippWizard/CippIntunePolicy.jsx @@ -1,63 +1,63 @@ -import { Stack } from "@mui/material"; -import { Grid } from "@mui/system"; -import { CippWizardStepButtons } from "./CippWizardStepButtons"; -import CippJsonView from "../CippFormPages/CippJSONView"; -import CippFormComponent from "../CippComponents/CippFormComponent"; -import { ApiGetCall } from "../../api/ApiCall"; -import { useEffect, useState } from "react"; -import { useWatch } from "react-hook-form"; -import { CippFormCondition } from "../CippComponents/CippFormCondition"; -import { useSettings } from "../../hooks/use-settings"; +import { Stack } from '@mui/material' +import { Grid } from '@mui/system' +import { CippWizardStepButtons } from './CippWizardStepButtons' +import CippJsonView from '../CippFormPages/CippJSONView' +import CippFormComponent from '../CippComponents/CippFormComponent' +import { ApiGetCall } from '../../api/ApiCall' +import { useEffect, useState } from 'react' +import { useWatch } from 'react-hook-form' +import { CippFormCondition } from '../CippComponents/CippFormCondition' +import { useSettings } from '../../hooks/use-settings' const assignmentFilterTypeOptions = [ - { label: "Include - Apply policy to devices matching filter", value: "include" }, - { label: "Exclude - Apply policy to devices NOT matching filter", value: "exclude" }, -]; + { label: 'Include - Apply policy to devices matching filter', value: 'include' }, + { label: 'Exclude - Apply policy to devices NOT matching filter', value: 'exclude' }, +] export const CippIntunePolicy = (props) => { - const { formControl, onPreviousStep, onNextStep, currentStep } = props; - const values = formControl.getValues(); - const tenantFilter = useSettings()?.currentTenant; - const CATemplates = ApiGetCall({ url: "/api/ListIntuneTemplates", queryKey: "IntuneTemplates" }); - const [JSONData, setJSONData] = useState(); - const watcher = useWatch({ control: formControl.control, name: "TemplateList" }); - const jsonWatch = useWatch({ control: formControl.control, name: "RAWJson" }); - const selectedTenants = useWatch({ control: formControl.control, name: "tenantFilter" }); + const { formControl, onPreviousStep, onNextStep, currentStep } = props + const values = formControl.getValues() + const tenantFilter = useSettings()?.currentTenant + const CATemplates = ApiGetCall({ url: '/api/ListIntuneTemplates', queryKey: 'IntuneTemplates' }) + const [JSONData, setJSONData] = useState() + const watcher = useWatch({ control: formControl.control, name: 'TemplateList' }) + const jsonWatch = useWatch({ control: formControl.control, name: 'RAWJson' }) + const selectedTenants = useWatch({ control: formControl.control, name: 'tenantFilter' }) // do not provide inputs for reserved placeholders const reservedPlaceholders = [ - "%serial%", - "%systemroot%", - "%systemdrive%", - "%temp%", - "%tenantid%", - "%tenantfilter%", - "%initialdomain%", - "%tenantname%", - "%partnertenantid%", - "%samappid%", - "%userprofile%", - "%username%", - "%userdomain%", - "%windir%", - "%programfiles%", - "%programfiles(x86)%", - "%programdata%", - ]; + '%serial%', + '%systemroot%', + '%systemdrive%', + '%temp%', + '%tenantid%', + '%tenantfilter%', + '%initialdomain%', + '%tenantname%', + '%partnertenantid%', + '%samappid%', + '%userprofile%', + '%username%', + '%userdomain%', + '%windir%', + '%programfiles%', + '%programfiles(x86)%', + '%programdata%', + ] useEffect(() => { if (CATemplates.isSuccess && watcher?.value) { - const template = CATemplates.data.find((template) => template.GUID === watcher.value); + const template = CATemplates.data.find((template) => template.GUID === watcher.value) if (template) { - const jsonTemplate = template.RAWJson ? JSON.parse(template.RAWJson) : null; - setJSONData(jsonTemplate); - formControl.setValue("RAWJson", template.RAWJson); - formControl.setValue("displayName", template.Displayname); - formControl.setValue("description", template.Description); - formControl.setValue("TemplateType", template.Type); + const jsonTemplate = template.RAWJson ? JSON.parse(template.RAWJson) : null + setJSONData(jsonTemplate) + formControl.setValue('RAWJson', template.RAWJson) + formControl.setValue('displayName', template.Displayname) + formControl.setValue('description', template.Description) + formControl.setValue('TemplateType', template.Type) } } - }, [watcher]); + }, [watcher]) return ( @@ -93,11 +93,11 @@ export const CippIntunePolicy = (props) => { type="radio" name="AssignTo" options={[ - { label: "Do not assign", value: "On" }, - { label: "Assign to all users", value: "allLicensedUsers" }, - { label: "Assign to all devices", value: "AllDevices" }, - { label: "Assign to all users and devices", value: "AllDevicesAndUsers" }, - { label: "Assign to Custom Group", value: "customGroup" }, + { label: 'Do not assign', value: 'On' }, + { label: 'Assign to all users', value: 'allLicensedUsers' }, + { label: 'Assign to all devices', value: 'AllDevices' }, + { label: 'Assign to all users and devices', value: 'AllDevicesAndUsers' }, + { label: 'Assign to Custom Group', value: 'customGroup' }, ]} formControl={formControl} /> @@ -114,7 +114,22 @@ export const CippIntunePolicy = (props) => { label="Custom Group Names separated by comma. Wildcards (*) are allowed" name="customGroup" formControl={formControl} - validators={{ required: "Please specify custom group names" }} + validators={{ required: 'Please specify custom group names' }} + /> + + + + + @@ -122,7 +137,7 @@ export const CippIntunePolicy = (props) => { formControl={formControl} field="AssignTo" compareType="isOneOf" - compareValue={["allLicensedUsers", "AllDevices", "AllDevicesAndUsers", "customGroup"]} + compareValue={['allLicensedUsers', 'AllDevices', 'AllDevicesAndUsers', 'customGroup']} > { creatable={false} formControl={formControl} api={{ - url: "/api/ListAssignmentFilters", + url: '/api/ListAssignmentFilters', queryKey: `ListAssignmentFilters-${tenantFilter}`, labelField: (filter) => filter.displayName, - valueField: "displayName", + valueField: 'displayName', }} /> @@ -159,15 +174,15 @@ export const CippIntunePolicy = (props) => { compareValue={/%(\w+)%/} > {(() => { - const rawJson = jsonWatch ? jsonWatch : ""; - const placeholderMatches = [...rawJson.matchAll(/%(\w+)%/g)].map((m) => m[1]); - const uniquePlaceholders = Array.from(new Set(placeholderMatches)); + const rawJson = jsonWatch ? jsonWatch : '' + const placeholderMatches = [...rawJson.matchAll(/%(\w+)%/g)].map((m) => m[1]) + const uniquePlaceholders = Array.from(new Set(placeholderMatches)) // Filter out reserved placeholders const filteredPlaceholders = uniquePlaceholders.filter( (placeholder) => !reservedPlaceholders.includes(`%${placeholder.toLowerCase()}%`) - ); + ) if (filteredPlaceholders.length === 0 || selectedTenants.length === 0) { - return null; + return null } return filteredPlaceholders.map((placeholder) => ( @@ -177,11 +192,11 @@ export const CippIntunePolicy = (props) => { type="textField" defaultValue={ //if the placeholder is tenantid then replace it with tenant.addedFields.customerId, if the placeholder is tenantdomain then replace it with tenant.addedFields.defaultDomainName. - placeholder === "tenantid" + placeholder === 'tenantid' ? tenant?.addedFields?.customerId - : placeholder === "tenantdomain" - ? tenant?.addedFields?.defaultDomainName - : "" + : placeholder === 'tenantdomain' + ? tenant?.addedFields?.defaultDomainName + : '' } name={`replacemap.${tenant.value}.%${placeholder}%`} label={`Value for '${placeholder}' in Tenant '${tenant.addedFields.defaultDomainName}'`} @@ -190,7 +205,7 @@ export const CippIntunePolicy = (props) => { /> ))} - )); + )) })()} @@ -198,10 +213,10 @@ export const CippIntunePolicy = (props) => { currentStep={currentStep} onPreviousStep={onPreviousStep} onNextStep={onNextStep} - noNextButton={values.selectedOption === "UpdateTokens"} + noNextButton={values.selectedOption === 'UpdateTokens'} formControl={formControl} noSubmitButton={true} /> - ); -}; + ) +} diff --git a/src/components/CippWizard/CippWizardCSVImport.jsx b/src/components/CippWizard/CippWizardCSVImport.jsx index 80983ad4f549..9d12eb088874 100644 --- a/src/components/CippWizard/CippWizardCSVImport.jsx +++ b/src/components/CippWizard/CippWizardCSVImport.jsx @@ -31,7 +31,9 @@ export const CippWizardCSVImport = (props) => { const handleRemoveItem = (row) => { if (row === undefined) return false; - const index = tableData?.findIndex((item) => item === row); + const rowKey = JSON.stringify(row); + const index = tableData?.findIndex((item) => JSON.stringify(item) === rowKey); + if (index === -1) return false; const newTableData = [...tableData]; newTableData.splice(index, 1); setTableData(newTableData); @@ -158,4 +160,4 @@ export const CippWizardCSVImport = (props) => { /> ); -}; \ No newline at end of file +}; diff --git a/src/components/CippWizard/CippWizardOffboarding.jsx b/src/components/CippWizard/CippWizardOffboarding.jsx index d1a651e5c3a5..990cb9d35b11 100644 --- a/src/components/CippWizard/CippWizardOffboarding.jsx +++ b/src/components/CippWizard/CippWizardOffboarding.jsx @@ -205,6 +205,13 @@ export const CippWizardOffboarding = (props) => { formControl={formControl} disabled={!!deleteUser} /> + { /> {deleteUser && ( - When a user is deleted, their OneDrive is retained for 30 days by default unless otherwise configured. + When a user is deleted, their OneDrive is retained for 30 days by default unless + otherwise configured. )} { }, }} /> - Email Forwarding diff --git a/src/components/CippWizard/OnboardingWizardPage.jsx b/src/components/CippWizard/OnboardingWizardPage.jsx index c80416dc8622..6b0876ad9a58 100644 --- a/src/components/CippWizard/OnboardingWizardPage.jsx +++ b/src/components/CippWizard/OnboardingWizardPage.jsx @@ -10,6 +10,7 @@ import { CippAlertsStep } from './CippAlertsStep.jsx' import { CippAddTenantTypeSelection } from './CippAddTenantTypeSelection.jsx' import { CippDirectTenantDeploy } from './CippDirectTenantDeploy.jsx' import { CippGDAPTenantSetup } from './CippGDAPTenantSetup.jsx' +import { CippIndirectResellerLink } from './CippIndirectResellerLink.jsx' import { CippGDAPTenantOnboarding } from './CippGDAPTenantOnboarding.jsx' import { BuildingOfficeIcon, CloudIcon, CpuChipIcon } from '@heroicons/react/24/outline' import { useRouter } from 'next/router' @@ -103,6 +104,12 @@ const OnboardingWizardPage = () => { showStepWhen: (values) => values?.selectedOption === 'AddTenant' && values?.tenantType === 'GDAP', }, + { + description: 'Reseller Link', + component: CippIndirectResellerLink, + showStepWhen: (values) => + values?.selectedOption === 'AddTenant' && values?.tenantType === 'IndirectReseller', + }, { description: 'GDAP Onboarding', component: CippGDAPTenantOnboarding, diff --git a/src/components/bulk-actions-menu.js b/src/components/bulk-actions-menu.js index ff9a8613665a..ff9e8e1f36dd 100644 --- a/src/components/bulk-actions-menu.js +++ b/src/components/bulk-actions-menu.js @@ -2,7 +2,7 @@ import PropTypes from "prop-types"; import ChevronDownIcon from "@heroicons/react/24/outline/ChevronDownIcon"; import { Button, Link, ListItemText, Menu, MenuItem, SvgIcon } from "@mui/material"; import { usePopover } from "../hooks/use-popover"; -import { FilePresent, Laptop, Mail, Share, Shield, ShieldMoon, PrecisionManufacturing, BarChart, Group } from "@mui/icons-material"; +import { FilePresent, Laptop, Mail, Share, Shield, ShieldMoon, PrecisionManufacturing, BarChart, Group, Apps } from "@mui/icons-material"; import { GlobeAltIcon, UsersIcon, ServerIcon } from "@heroicons/react/24/outline"; function getIconByName(iconName) { @@ -31,6 +31,8 @@ function getIconByName(iconName) { return ; case "Group": return ; + case "Apps": + return ; default: return null; } diff --git a/src/data/AuditLogTemplates.json b/src/data/AuditLogTemplates.json index 051f0dc16283..1762fb2eb7bb 100644 --- a/src/data/AuditLogTemplates.json +++ b/src/data/AuditLogTemplates.json @@ -420,5 +420,39 @@ } ] } + }, + { + "value": "TAPCreated", + "name": "A Temporary Access Pass has been created for a user", + "template": { + "preset": { + "value": "TAPCreated", + "label": "A Temporary Access Pass has been created for a user" + }, + "logbook": { "value": "Audit.AzureActiveDirectory", "label": "Azure AD" }, + "conditions": [ + { + "Property": { "value": "List:Operation", "label": "Operation" }, + "Operator": { "value": "EQ", "label": "Equals to" }, + "Input": { + "value": "Update user.", + "label": "updated user" + } + }, + { + "Property": { "value": "String", "label": "SecuredAccessPassData" }, + "Operator": { "value": "ne", "label": "Not Equals to" }, + "Input": { + "value": "[]", + "label": "[]" + } + }, + { + "Property": { "value": "String", "label": "SecuredAccessPassData" }, + "Operator": { "value": "like", "label": "Like" }, + "Input": { "value": "*" } + } + ] + } } ] diff --git a/src/data/CIPPDBCacheTypes.json b/src/data/CIPPDBCacheTypes.json index 8742001441cd..0d0588d2b624 100644 --- a/src/data/CIPPDBCacheTypes.json +++ b/src/data/CIPPDBCacheTypes.json @@ -244,6 +244,11 @@ "friendlyName": "Mailboxes", "description": "All Exchange Online mailboxes" }, + { + "type": "HVEAccounts", + "friendlyName": "HVE Accounts", + "description": "High Volume Email accounts" + }, { "type": "CASMailboxes", "friendlyName": "CAS Mailboxes", diff --git a/src/data/ContainerLogPresets.json b/src/data/ContainerLogPresets.json new file mode 100644 index 000000000000..71f3dc5b8e93 --- /dev/null +++ b/src/data/ContainerLogPresets.json @@ -0,0 +1,52 @@ +[ + { + "name": "Recent Errors (Last 1h)", + "id": "cl-preset-errors-1h", + "query": "where Level in (\"ERR\", \"CRT\")\n| where Timestamp > ago(1h)\n| take 500\n| sort by Timestamp desc" + }, + { + "name": "Warnings & Errors (Last 24h)", + "id": "cl-preset-warn-err-24h", + "query": "where Level in (\"ERR\", \"CRT\", \"WRN\")\n| where Timestamp > ago(24h)\n| take 1000\n| sort by Timestamp desc" + }, + { + "name": "All Logs (Last 15 min)", + "id": "cl-preset-all-15m", + "query": "where Timestamp > ago(15m)\n| take 500\n| sort by Timestamp desc" + }, + { + "name": "Startup Logs", + "id": "cl-preset-startup", + "query": "where Message contains \"Starting\"\n| where Message !contains \"heartbeat\"\n| take 200\n| sort by Timestamp desc" + }, + { + "name": "Graph API Errors", + "id": "cl-preset-graph-errors", + "query": "where Level in (\"ERR\", \"CRT\")\n| where Message matches regex \"graph|Graph|GRAPH\"\n| where Timestamp > ago(24h)\n| take 500\n| sort by Timestamp desc" + }, + { + "name": "Token / Auth Issues", + "id": "cl-preset-auth", + "query": "where Message matches regex \"token|auth|unauthorized|forbidden|401|403\"\n| where Timestamp > ago(24h)\n| take 500\n| sort by Timestamp desc" + }, + { + "name": "Timeout Errors", + "id": "cl-preset-timeouts", + "query": "where Message matches regex \"timeout|timed out|TaskCanceled\"\n| where Timestamp > ago(24h)\n| take 500\n| sort by Timestamp desc" + }, + { + "name": "All Errors (Search All Files)", + "id": "cl-preset-all-errors", + "query": "search all files\n| where Level in (\"ERR\", \"CRT\")\n| take 1000\n| sort by Timestamp desc" + }, + { + "name": "Standards Processing", + "id": "cl-preset-standards", + "query": "where Message contains \"Standard\"\n| where Timestamp > ago(24h)\n| take 500\n| sort by Timestamp desc" + }, + { + "name": "Full Log (Last 1h, no heartbeats)", + "id": "cl-preset-full-clean", + "query": "where Timestamp > ago(1h)\n| where Message !contains \"heartbeat\"\n| take 1000\n| sort by Timestamp desc" + } +] diff --git a/src/data/Extensions.json b/src/data/Extensions.json index 52df55dd4726..66ff5b1a482d 100644 --- a/src/data/Extensions.json +++ b/src/data/Extensions.json @@ -938,5 +938,35 @@ } ], "mappingRequired": false + }, + { + "name": "ConnectWise PSA", + "id": "ConnectWisePSA", + "type": "ConnectWisePSA", + "cat": "Ticketing", + "logo": "/assets/integrations/connectwise.png", + "comingSoon": true, + "description": "Enable the ConnectWise PSA integration to send alerts to your ticketing system.", + "mappingRequired": false + }, + { + "name": "Autotask PSA", + "id": "AutotaskPSA", + "type": "AutotaskPSA", + "cat": "Ticketing", + "logo": "/assets/integrations/autotask.png", + "comingSoon": true, + "description": "Enable the Autotask PSA integration to send alerts to your ticketing system.", + "mappingRequired": false + }, + { + "name": "Kaseya BMS", + "id": "KaseyaBMS", + "type": "KaseyaBMS", + "cat": "Ticketing", + "logo": "/assets/integrations/kaseya.svg", + "comingSoon": true, + "description": "Enable the Kaseya BMS integration to send alerts to your ticketing system.", + "mappingRequired": false } ] diff --git a/src/data/alerts.json b/src/data/alerts.json index 041719bf5ca9..9bce965852ab 100644 --- a/src/data/alerts.json +++ b/src/data/alerts.json @@ -602,5 +602,20 @@ "label": "Alert on new Check phishing extension detections", "recommendedRunInterval": "30m", "description": "Monitors for new phishing site detections reported by the Check browser extension. Alerts when a user visits a page that the extension flags as a potential credential phishing or AiTM attack. Requires the Check browser extension to be deployed to users." + }, + { + "name": "UserReportedPhishing", + "label": "Alert on emails reported by users via Outlook Report Phishing", + "recommendedRunInterval": "4h", + "requiresInput": true, + "multipleInput": true, + "inputs": [ + { + "inputType": "number", + "inputLabel": "Hours to look back (default: 24)", + "inputName": "HoursBack" + } + ], + "description": "Monitors for emails reported by users through Outlook's built-in Report Phishing feature. Alerts when new user-reported email threat submissions are found in Microsoft Defender. Requires ThreatSubmission.ReadWrite.All permission." } ] diff --git a/src/data/conditionalAccessSchema.json b/src/data/conditionalAccessSchema.json new file mode 100644 index 000000000000..e6161261854e --- /dev/null +++ b/src/data/conditionalAccessSchema.json @@ -0,0 +1,664 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "microsoft.graph.conditionalAccessPolicy", + "title": "Conditional Access Policy", + "description": "Schema derived from the Microsoft Graph v1.0 conditionalAccessPolicy resource type. Reference: https://learn.microsoft.com/en-us/graph/api/resources/conditionalaccesspolicy?view=graph-rest-1.0", + "type": "object", + "required": ["displayName", "state", "conditions"], + "properties": { + "displayName": { + "type": "string", + "title": "Display Name", + "description": "A display name for the policy.", + "minLength": 1, + "maxLength": 256 + }, + "state": { + "type": "string", + "title": "Policy State", + "description": "The state of the policy.", + "enum": ["enabled", "disabled", "enabledForReportingButNotEnforced"], + "enumLabels": { + "enabled": "Enabled", + "disabled": "Disabled", + "enabledForReportingButNotEnforced": "Report-only" + } + }, + "conditions": { + "$ref": "#/$defs/conditionalAccessConditionSet" + }, + "grantControls": { + "$ref": "#/$defs/conditionalAccessGrantControls" + }, + "sessionControls": { + "$ref": "#/$defs/conditionalAccessSessionControls" + } + }, + "$defs": { + "conditionalAccessConditionSet": { + "type": "object", + "title": "Conditions", + "description": "Rules that must be met for the policy to apply.", + "required": ["users", "applications", "clientAppTypes"], + "properties": { + "users": { + "$ref": "#/$defs/conditionalAccessUsers" + }, + "applications": { + "$ref": "#/$defs/conditionalAccessApplications" + }, + "clientAppTypes": { + "type": "array", + "title": "Client App Types", + "description": "Client application types included in the policy.", + "items": { + "type": "string", + "enum": ["all", "browser", "mobileAppsAndDesktopClients", "exchangeActiveSync", "easSupported", "other"] + }, + "enumLabels": { + "all": "All", + "browser": "Browser", + "mobileAppsAndDesktopClients": "Mobile apps and desktop clients", + "exchangeActiveSync": "Exchange ActiveSync", + "easSupported": "EAS supported", + "other": "Other clients" + } + }, + "platforms": { + "$ref": "#/$defs/conditionalAccessPlatforms" + }, + "locations": { + "$ref": "#/$defs/conditionalAccessLocations" + }, + "devices": { + "$ref": "#/$defs/conditionalAccessDevices" + }, + "clientApplications": { + "$ref": "#/$defs/conditionalAccessClientApplications" + }, + "signInRiskLevels": { + "type": "array", + "title": "Sign-in Risk Levels", + "description": "Sign-in risk levels included in the policy. Requires Entra ID P2.", + "items": { + "type": "string", + "enum": ["low", "medium", "high", "hidden", "none"] + }, + "enumLabels": { + "low": "Low", + "medium": "Medium", + "high": "High", + "hidden": "Hidden", + "none": "No risk" + }, + "requiresLicense": "AAD_PREMIUM_P2" + }, + "userRiskLevels": { + "type": "array", + "title": "User Risk Levels", + "description": "User risk levels included in the policy. Requires Entra ID P2.", + "items": { + "type": "string", + "enum": ["low", "medium", "high", "hidden", "none"] + }, + "enumLabels": { + "low": "Low", + "medium": "Medium", + "high": "High", + "hidden": "Hidden", + "none": "No risk" + }, + "requiresLicense": "AAD_PREMIUM_P2" + }, + "servicePrincipalRiskLevels": { + "type": "array", + "title": "Service Principal Risk Levels", + "description": "Service principal risk levels included in the policy.", + "items": { + "type": "string", + "enum": ["low", "medium", "high", "none"] + }, + "enumLabels": { + "low": "Low", + "medium": "Medium", + "high": "High", + "none": "No risk" + } + }, + "insiderRiskLevels": { + "type": "string", + "title": "Insider Risk Levels", + "description": "Insider risk levels included in the policy.", + "enum": ["minor", "moderate", "elevated"], + "enumLabels": { + "minor": "Minor", + "moderate": "Moderate", + "elevated": "Elevated" + } + }, + "authenticationFlows": { + "$ref": "#/$defs/conditionalAccessAuthenticationFlows" + } + } + }, + "conditionalAccessUsers": { + "type": "object", + "title": "Users and Groups", + "description": "Users, groups, and roles included in and excluded from the policy.", + "properties": { + "includeUsers": { + "type": "array", + "title": "Include Users", + "description": "User IDs in scope, or 'All', 'None', 'GuestsOrExternalUsers'.", + "items": { "type": "string" }, + "specialValues": ["All", "None", "GuestsOrExternalUsers"], + "graphLookup": "users" + }, + "excludeUsers": { + "type": "array", + "title": "Exclude Users", + "description": "User IDs excluded from scope.", + "items": { "type": "string" }, + "specialValues": ["GuestsOrExternalUsers"], + "graphLookup": "users" + }, + "includeGroups": { + "type": "array", + "title": "Include Groups", + "description": "Group IDs in scope of the policy.", + "items": { "type": "string" }, + "graphLookup": "groups" + }, + "excludeGroups": { + "type": "array", + "title": "Exclude Groups", + "description": "Group IDs excluded from the policy.", + "items": { "type": "string" }, + "graphLookup": "groups" + }, + "includeRoles": { + "type": "array", + "title": "Include Roles", + "description": "Directory role IDs in scope of the policy.", + "items": { "type": "string" }, + "graphLookup": "directoryRoles" + }, + "excludeRoles": { + "type": "array", + "title": "Exclude Roles", + "description": "Directory role IDs excluded from the policy.", + "items": { "type": "string" }, + "graphLookup": "directoryRoles" + }, + "includeGuestsOrExternalUsers": { + "$ref": "#/$defs/conditionalAccessGuestsOrExternalUsers" + }, + "excludeGuestsOrExternalUsers": { + "$ref": "#/$defs/conditionalAccessGuestsOrExternalUsers" + } + } + }, + "conditionalAccessGuestsOrExternalUsers": { + "type": "object", + "title": "Guests or External Users", + "description": "Internal guests or external user types.", + "properties": { + "guestOrExternalUserTypes": { + "type": "string", + "title": "Guest or External User Types", + "description": "Multi-valued flags. Combine with commas.", + "flagEnum": ["none", "internalGuest", "b2bCollaborationGuest", "b2bCollaborationMember", "b2bDirectConnectUser", "otherExternalUser", "serviceProvider"], + "flagEnumLabels": { + "none": "None", + "internalGuest": "Internal guest", + "b2bCollaborationGuest": "B2B collaboration guest", + "b2bCollaborationMember": "B2B collaboration member", + "b2bDirectConnectUser": "B2B direct connect user", + "otherExternalUser": "Other external user", + "serviceProvider": "Service provider" + } + }, + "externalTenants": { + "$ref": "#/$defs/conditionalAccessExternalTenants" + } + } + }, + "conditionalAccessExternalTenants": { + "type": "object", + "title": "External Tenants", + "description": "External tenant scope.", + "properties": { + "@odata.type": { + "type": "string", + "title": "Membership Kind", + "description": "Whether to enumerate or specify all tenants.", + "enum": [ + "#microsoft.graph.conditionalAccessAllExternalTenants", + "#microsoft.graph.conditionalAccessEnumeratedExternalTenants" + ], + "enumLabels": { + "#microsoft.graph.conditionalAccessAllExternalTenants": "All external tenants", + "#microsoft.graph.conditionalAccessEnumeratedExternalTenants": "Specific tenants" + } + }, + "members": { + "type": "array", + "title": "Tenant IDs", + "description": "List of tenant IDs when using enumerated membership.", + "items": { "type": "string" }, + "visibleWhen": { + "field": "@odata.type", + "value": "#microsoft.graph.conditionalAccessEnumeratedExternalTenants" + } + } + } + }, + "conditionalAccessApplications": { + "type": "object", + "title": "Cloud Apps or Actions", + "description": "Applications and user actions included in and excluded from the policy.", + "properties": { + "includeApplications": { + "type": "array", + "title": "Include Applications", + "description": "Application client IDs the policy applies to, or 'All', 'Office365', 'MicrosoftAdminPortals'.", + "items": { "type": "string" }, + "specialValues": ["All", "Office365", "MicrosoftAdminPortals"], + "specialValueLabels": { + "All": "All cloud apps", + "Office365": "Office 365", + "MicrosoftAdminPortals": "Microsoft Admin Portals" + }, + "graphLookup": "servicePrincipals" + }, + "excludeApplications": { + "type": "array", + "title": "Exclude Applications", + "description": "Application client IDs explicitly excluded.", + "items": { "type": "string" }, + "graphLookup": "servicePrincipals" + }, + "includeUserActions": { + "type": "array", + "title": "User Actions", + "description": "User actions to include instead of cloud apps.", + "items": { + "type": "string", + "enum": ["urn:user:registersecurityinfo", "urn:user:registerdevice"] + }, + "enumLabels": { + "urn:user:registersecurityinfo": "Register security information", + "urn:user:registerdevice": "Register or join devices" + } + }, + "includeAuthenticationContextClassReferences": { + "type": "array", + "title": "Authentication Context", + "description": "Authentication context class references included.", + "items": { "type": "string" } + }, + "applicationFilter": { + "$ref": "#/$defs/conditionalAccessFilter", + "title": "Application Filter", + "description": "Dynamic filter rule for applications." + } + } + }, + "conditionalAccessPlatforms": { + "type": "object", + "title": "Device Platforms", + "description": "Device platforms included in and excluded from the policy.", + "properties": { + "includePlatforms": { + "type": "array", + "title": "Include Platforms", + "description": "Platforms the policy applies to.", + "items": { + "type": "string", + "enum": ["android", "iOS", "windows", "windowsPhone", "macOS", "linux", "all"] + }, + "enumLabels": { + "android": "Android", + "iOS": "iOS", + "windows": "Windows", + "windowsPhone": "Windows Phone", + "macOS": "macOS", + "linux": "Linux", + "all": "All platforms" + } + }, + "excludePlatforms": { + "type": "array", + "title": "Exclude Platforms", + "description": "Platforms excluded from the policy.", + "items": { + "type": "string", + "enum": ["android", "iOS", "windows", "windowsPhone", "macOS", "linux"] + }, + "enumLabels": { + "android": "Android", + "iOS": "iOS", + "windows": "Windows", + "windowsPhone": "Windows Phone", + "macOS": "macOS", + "linux": "Linux" + } + } + } + }, + "conditionalAccessLocations": { + "type": "object", + "title": "Locations", + "description": "Locations included in and excluded from the policy.", + "properties": { + "includeLocations": { + "type": "array", + "title": "Include Locations", + "description": "Named location IDs or 'All', 'AllTrusted'.", + "items": { "type": "string" }, + "specialValues": ["All", "AllTrusted"], + "specialValueLabels": { + "All": "Any location", + "AllTrusted": "All trusted locations" + }, + "graphLookup": "namedLocations" + }, + "excludeLocations": { + "type": "array", + "title": "Exclude Locations", + "description": "Named location IDs excluded.", + "items": { "type": "string" }, + "specialValues": ["AllTrusted"], + "specialValueLabels": { + "AllTrusted": "All trusted locations" + }, + "graphLookup": "namedLocations" + } + } + }, + "conditionalAccessDevices": { + "type": "object", + "title": "Devices", + "description": "Device filter for the policy.", + "properties": { + "deviceFilter": { + "$ref": "#/$defs/conditionalAccessFilter", + "title": "Device Filter", + "description": "Dynamic filter rule for devices using device properties." + } + } + }, + "conditionalAccessFilter": { + "type": "object", + "title": "Filter", + "description": "Dynamic filter with rule syntax.", + "properties": { + "mode": { + "type": "string", + "title": "Filter Mode", + "description": "Whether to include or exclude matching items.", + "enum": ["include", "exclude"], + "enumLabels": { + "include": "Include filtered items", + "exclude": "Exclude filtered items" + } + }, + "rule": { + "type": "string", + "title": "Filter Rule", + "description": "Dynamic membership rule expression. Syntax matches Entra ID dynamic group rules." + } + }, + "required": ["mode", "rule"] + }, + "conditionalAccessClientApplications": { + "type": "object", + "title": "Workload Identities", + "description": "Service principals and workload identities included in and excluded from the policy.", + "properties": { + "includeServicePrincipals": { + "type": "array", + "title": "Include Service Principals", + "description": "Service principal IDs, or 'ServicePrincipalsInMyTenant'.", + "items": { "type": "string" }, + "specialValues": ["ServicePrincipalsInMyTenant"], + "specialValueLabels": { + "ServicePrincipalsInMyTenant": "All service principals" + } + }, + "excludeServicePrincipals": { + "type": "array", + "title": "Exclude Service Principals", + "description": "Service principal IDs excluded.", + "items": { "type": "string" } + }, + "servicePrincipalFilter": { + "$ref": "#/$defs/conditionalAccessFilter", + "title": "Service Principal Filter", + "description": "Dynamic filter rule for service principals." + } + } + }, + "conditionalAccessAuthenticationFlows": { + "type": "object", + "title": "Authentication Flows", + "description": "Authentication flow types in scope.", + "properties": { + "transferMethods": { + "type": "string", + "title": "Transfer Methods", + "description": "Transfer methods in scope for the policy.", + "enum": ["none", "deviceCodeFlow", "authenticationTransfer"], + "enumLabels": { + "none": "None", + "deviceCodeFlow": "Device code flow", + "authenticationTransfer": "Authentication transfer" + } + } + } + }, + "conditionalAccessGrantControls": { + "type": "object", + "title": "Grant Controls", + "description": "Grant controls that must be fulfilled to pass the policy.", + "properties": { + "operator": { + "type": "string", + "title": "Control Operator", + "description": "How multiple controls relate to each other.", + "enum": ["AND", "OR"], + "enumLabels": { + "AND": "Require all selected controls", + "OR": "Require one of the selected controls" + } + }, + "builtInControls": { + "type": "array", + "title": "Built-in Controls", + "description": "Built-in grant controls required by the policy.", + "items": { + "type": "string", + "enum": ["block", "mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange", "riskRemediation"] + }, + "enumLabels": { + "block": "Block access", + "mfa": "Require multifactor authentication", + "compliantDevice": "Require device to be marked as compliant", + "domainJoinedDevice": "Require Microsoft Entra hybrid joined device", + "approvedApplication": "Require approved client app", + "compliantApplication": "Require app protection policy", + "passwordChange": "Require password change", + "riskRemediation": "Require risk remediation" + }, + "constraints": { + "mutuallyExclusive": [["block"], ["mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange", "riskRemediation"]], + "passwordChangeRequires": ["mfa"], + "riskRemediationExcludes": ["passwordChange"] + } + }, + "customAuthenticationFactors": { + "type": "array", + "title": "Custom Controls", + "description": "Custom control IDs required by the policy.", + "items": { "type": "string" } + }, + "termsOfUse": { + "type": "array", + "title": "Terms of Use", + "description": "Terms of use IDs required by the policy.", + "items": { "type": "string" } + }, + "authenticationStrength": { + "$ref": "#/$defs/authenticationStrengthPolicy" + } + } + }, + "authenticationStrengthPolicy": { + "type": "object", + "title": "Authentication Strength", + "description": "Authentication strength policy required. Use instead of or alongside builtInControls.", + "properties": { + "id": { + "type": "string", + "title": "Authentication Strength Policy", + "description": "ID of the authentication strength policy.", + "graphLookup": "authenticationStrengthPolicies", + "wellKnownValues": { + "00000000-0000-0000-0000-000000000002": "Multifactor authentication", + "00000000-0000-0000-0000-000000000003": "Passwordless MFA", + "00000000-0000-0000-0000-000000000004": "Phishing-resistant MFA" + } + } + } + }, + "conditionalAccessSessionControls": { + "type": "object", + "title": "Session Controls", + "description": "Session controls enforced after sign-in.", + "properties": { + "applicationEnforcedRestrictions": { + "$ref": "#/$defs/applicationEnforcedRestrictionsSessionControl" + }, + "cloudAppSecurity": { + "$ref": "#/$defs/cloudAppSecuritySessionControl" + }, + "signInFrequency": { + "$ref": "#/$defs/signInFrequencySessionControl" + }, + "persistentBrowser": { + "$ref": "#/$defs/persistentBrowserSessionControl" + }, + "disableResilienceDefaults": { + "type": "boolean", + "title": "Disable Resilience Defaults", + "description": "When true, Entra ID will not extend existing sessions based on information collected prior to an outage." + } + } + }, + "applicationEnforcedRestrictionsSessionControl": { + "type": "object", + "title": "App Enforced Restrictions", + "description": "Enforce application restrictions. Only Exchange Online and SharePoint Online support this.", + "properties": { + "isEnabled": { + "type": "boolean", + "title": "Enabled", + "description": "Whether application enforced restrictions are enabled." + } + } + }, + "cloudAppSecuritySessionControl": { + "type": "object", + "title": "Conditional Access App Control", + "description": "Apply Defender for Cloud Apps controls.", + "properties": { + "isEnabled": { + "type": "boolean", + "title": "Enabled", + "description": "Whether cloud app security control is enabled." + }, + "cloudAppSecurityType": { + "type": "string", + "title": "Control Type", + "description": "Type of cloud app security enforcement.", + "enum": ["mcasConfigured", "monitorOnly", "blockDownloads"], + "enumLabels": { + "mcasConfigured": "Use custom policy", + "monitorOnly": "Monitor only", + "blockDownloads": "Block downloads" + } + } + } + }, + "signInFrequencySessionControl": { + "type": "object", + "title": "Sign-in Frequency", + "description": "Enforce periodic reauthentication.", + "properties": { + "isEnabled": { + "type": "boolean", + "title": "Enabled", + "description": "Whether sign-in frequency control is enabled." + }, + "value": { + "type": "integer", + "title": "Frequency Value", + "description": "Number of hours or days.", + "minimum": 1 + }, + "type": { + "type": "string", + "title": "Frequency Unit", + "description": "Unit of the sign-in frequency.", + "enum": ["hours", "days"], + "enumLabels": { + "hours": "Hours", + "days": "Days" + } + }, + "frequencyInterval": { + "type": "string", + "title": "Frequency Interval", + "description": "Whether frequency is time-based or every sign-in.", + "enum": ["timeBased", "everyTime"], + "enumLabels": { + "timeBased": "Time-based (use value/type above)", + "everyTime": "Every time" + } + }, + "authenticationType": { + "type": "string", + "title": "Authentication Type", + "description": "Which authentication types this applies to.", + "enum": ["primaryAndSecondaryAuthentication", "secondaryAuthentication"], + "enumLabels": { + "primaryAndSecondaryAuthentication": "Primary and secondary authentication", + "secondaryAuthentication": "Secondary authentication only" + } + } + } + }, + "persistentBrowserSessionControl": { + "type": "object", + "title": "Persistent Browser Session", + "description": "Whether to persist cookies after browser close.", + "properties": { + "isEnabled": { + "type": "boolean", + "title": "Enabled", + "description": "Whether persistent browser session control is enabled." + }, + "mode": { + "type": "string", + "title": "Mode", + "description": "Whether browser sessions should always or never persist.", + "enum": ["always", "never"], + "enumLabels": { + "always": "Always persistent", + "never": "Never persistent" + } + } + } + } + } +} diff --git a/src/data/portals.json b/src/data/portals.json index 3d9cdb73b85a..a4402305faca 100644 --- a/src/data/portals.json +++ b/src/data/portals.json @@ -81,14 +81,23 @@ "icon": "ShieldMoon" }, { - "label": "Power Platform", - "name": "Power_Platform_Portal", + "label": "Power Platform (Admin)", + "name": "Power_Platform_Portal_Admin", "url": "https://admin.powerplatform.microsoft.com/account/login/customerId", "variable": "customerId", "target": "_blank", "external": true, "icon": "PrecisionManufacturing" }, + { + "label": "Power Platform (Maker)", + "name": "Power_Platform_Portal_Maker", + "url": "https://make.powerapps.com/home?tenant=customerId", + "variable": "customerId", + "target": "_blank", + "external": true, + "icon": "PrecisionManufacturing" + }, { "label": "Power BI", "name": "Power_BI_Portal", diff --git a/src/data/standards.json b/src/data/standards.json index ece980ca1c94..4c61c04cf250 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -129,9 +129,12 @@ "tag": [ "CIS M365 6.0.1 (3.1.1)", "mip_search_auditlog", - "NIST CSF 2.0 (DE.CM-09)", + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ "CISAMSEXO171", - "CISAMSEXO173" + "CISAMSEXO173", + "CIS_3_1_1" ], "helpText": "Enables the Unified Audit Log for tracking and auditing activities. Also runs Enable-OrganizationCustomization if necessary.", "executiveText": "Activates comprehensive activity logging across Microsoft 365 services to track user actions, system changes, and security events. This provides essential audit trails for compliance requirements, security investigations, and regulatory reporting.", @@ -154,6 +157,7 @@ "name": "standards.RestrictThirdPartyStorageServices", "cat": "Global Standards", "tag": ["CIS M365 6.0.1 (1.3.7)"], + "appliesToTest": ["CIS_1_3_7"], "helpText": "Restricts third-party storage services in Microsoft 365 on the web by managing the Microsoft 365 on the web service principal. This disables integrations with services like Dropbox, Google Drive, Box, and other third-party storage providers.", "docsDescription": "Third-party storage can be enabled for users in Microsoft 365, allowing them to store and share documents using services such as Dropbox, alongside OneDrive and team sites. This standard ensures Microsoft 365 on the web third-party storage services are restricted by creating and disabling the Microsoft 365 on the web service principal (appId: c1f33bc0-bdb4-4248-ba9b-096807ddb43e). By using external storage services an organization may increase the risk of data breaches and unauthorized access to confidential information. Additionally, third-party services may not adhere to the same security standards as the organization, making it difficult to maintain data privacy and security. Impact is highly dependent upon current practices - if users do not use other storage providers, then minimal impact is likely. However, if users regularly utilize providers outside of the tenant this will affect their ability to continue to do so.", "executiveText": "Prevents employees from using external cloud storage services like Dropbox, Google Drive, and Box within Microsoft 365, reducing data security risks and ensuring all company data remains within controlled corporate systems. This helps maintain data governance and prevents potential data leaks to unauthorized platforms.", @@ -272,6 +276,7 @@ "name": "standards.EnableCustomerLockbox", "cat": "Global Standards", "tag": ["CIS M365 6.0.1 (1.3.6)", "CustomerLockBoxEnabled"], + "appliesToTest": ["CIS_1_3_6"], "helpText": "**Requires Entra ID P2.** Enables Customer Lockbox that offers an approval process for Microsoft support to access organization data", "docsDescription": "**Requires Entra ID P2.** Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox ensures only authorized requests allow access to your organizations data.", "executiveText": "Requires explicit organizational approval before Microsoft support staff can access company data for service operations. This provides an additional layer of data protection and ensures the organization maintains control over who can access sensitive business information, even during technical support scenarios.", @@ -337,9 +342,16 @@ "EIDSCA.ST08", "EIDSCA.ST09", "NIST CSF 2.0 (PR.AA-05)", + "SMB1001 (2.8)" + ], + "appliesToTest": [ + "CIS_5_1_6_2", "EIDSCAAP07", + "EIDSCAAP14", "EIDSCAST08", - "EIDSCAST09" + "EIDSCAST09", + "SMB1001_2_8", + "ZTNA21792" ], "helpText": "Disables Guest access to enumerate directory objects. This prevents guest users from seeing other users or guests in the directory.", "docsDescription": "Sets it so guests can view only their own user profile. Permission to view other users isn't allowed. Also restricts guest users from seeing the membership of groups they're in. See exactly what get locked down in the [Microsoft documentation.](https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions)", @@ -355,7 +367,12 @@ { "name": "standards.DisableBasicAuthSMTP", "cat": "Global Standards", - "tag": ["CIS M365 6.0.1 (6.5.4)", "NIST CSF 2.0 (PR.IR-01)", "ZTNA21799", "CISAMSEXO51"], + "tag": ["CIS M365 6.0.1 (6.5.4)", "NIST CSF 2.0 (PR.IR-01)"], + "appliesToTest": [ + "CISAMSEXO51", + "CIS_6_5_4", + "ZTNA21799" + ], "helpText": "Disables SMTP AUTH organization-wide, impacting POP and IMAP clients that rely on SMTP for sending emails. Default for new tenants. For more information, see the [Microsoft documentation](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission)", "docsDescription": "Disables tenant-wide SMTP basic authentication, including for all explicitly enabled users, impacting POP and IMAP clients that rely on SMTP for sending emails. For more information, see the [Microsoft documentation](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).", "executiveText": "Disables outdated email authentication methods that are vulnerable to security attacks, forcing applications and devices to use modern, more secure authentication protocols. This reduces the risk of email-based security breaches and credential theft.", @@ -380,7 +397,10 @@ "tag": [ "CIS M365 6.0.1 (1.3.2)", "spo_idle_session_timeout", - "NIST CSF 2.0 (PR.AA-03)", + "NIST CSF 2.0 (PR.AA-03)" + ], + "appliesToTest": [ + "CIS_1_3_2", "ZTNA21813", "ZTNA21814", "ZTNA21815" @@ -413,7 +433,21 @@ { "name": "standards.AuthMethodsSettings", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.2.3.6)", "EIDSCA.AG01", "EIDSCA.AG02", "EIDSCA.AG03", "EIDSCAAG02", "EIDSCAAG03"], + "tag": [ + "CIS M365 6.0.1 (5.2.3.6)", + "EIDSCA.AG01", + "EIDSCA.AG02", + "EIDSCA.AG03", + "SMB1001 (2.8)" + ], + "appliesToTest": [ + "CIS_5_2_3_6", + "EIDSCAAG01", + "EIDSCAAG02", + "EIDSCAAG03", + "SMB1001_2_8", + "ZTNA21841" + ], "helpText": "Configures the report suspicious activity settings and system credential preferences in the authentication methods policy.", "docsDescription": "Controls the authentication methods policy settings for reporting suspicious activity and system credential preferences. These settings help enhance the security of authentication in your organization.", "executiveText": "Configures security settings that allow users to report suspicious login attempts and manages how the system handles authentication credentials. This enhances overall security by enabling early detection of potential security threats and optimizing authentication processes.", @@ -455,7 +489,11 @@ { "name": "standards.AdminSSPR", "cat": "Entra (AAD) Standards", - "tag": ["EIDSCA.AP01", "EIDSCAAP01", "ZTNA21842"], + "tag": ["EIDSCA.AP01"], + "appliesToTest": [ + "EIDSCAAP01", + "ZTNA21842" + ], "helpText": "Controls whether administrators are allowed to use Self-Service Password Reset through the Microsoft Entra authorization policy.", "docsDescription": "Configures the allowedToUseSSPR property on the Microsoft Entra authorization policy. Microsoft documents this property as controlling whether administrators of the tenant can use Self-Service Password Reset. Use this standard to explicitly enable or disable administrator SSPR based on your security policy.", "executiveText": "Controls whether tenant administrators can reset their own passwords through Self-Service Password Reset. Disabling this capability forces privileged accounts through more controlled recovery processes and reduces the risk of self-service recovery being misused on administrative identities.", @@ -482,7 +520,8 @@ { "name": "standards.AuthMethodsPolicyMigration", "cat": "Entra (AAD) Standards", - "tag": ["EIDSCAAG01"], + "tag": [], + "appliesToTest": ["EIDSCAAG01"], "helpText": "Completes the migration of authentication methods policy to the new format", "docsDescription": "Sets the authentication methods policy migration state to complete. This is required when migrating from legacy authentication policies to the new unified authentication methods policy.", "executiveText": "Completes the transition from legacy authentication policies to Microsoft's modern unified authentication methods policy, ensuring the organization benefits from the latest security features and management capabilities. This migration enables enhanced security controls and simplified policy management.", @@ -553,7 +592,14 @@ { "name": "standards.laps", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.1.4.5)", "ZTNA21953", "ZTNA21955", "ZTNA24560"], + "tag": ["CIS M365 6.0.1 (5.1.4.5)", "SMB1001 (2.2)"], + "appliesToTest": [ + "CIS_5_1_4_5", + "SMB1001_2_2", + "ZTNA21953", + "ZTNA21955", + "ZTNA24560" + ], "helpText": "Enables the tenant to use LAPS. You must still create a policy for LAPS to be active on all devices. Use the template standards to deploy this by default.", "docsDescription": "Enables the LAPS functionality on the tenant. Prerequisite for using Windows LAPS via Azure AD.", "executiveText": "Enables Local Administrator Password Solution (LAPS) capability, which automatically manages and rotates local administrator passwords on company computers. This significantly improves security by preventing the use of shared or static administrator passwords that could be exploited by attackers.", @@ -576,7 +622,10 @@ "EIDSCA.AM07", "EIDSCA.AM09", "EIDSCA.AM10", - "NIST CSF 2.0 (PR.AA-03)", + "NIST CSF 2.0 (PR.AA-03)" + ], + "appliesToTest": [ + "CIS_5_2_3_1", "EIDSCAAM01", "EIDSCAAM03", "EIDSCAAM04", @@ -599,7 +648,8 @@ { "name": "standards.allowOTPTokens", "cat": "Entra (AAD) Standards", - "tag": ["EIDSCA.AM02", "EIDSCAAM02"], + "tag": ["EIDSCA.AM02"], + "appliesToTest": ["EIDSCAAM02"], "helpText": "Allows you to use MS authenticator OTP token generator", "docsDescription": "Allows you to use Microsoft Authenticator OTP token generator. Useful for using the NPS extension as MFA on VPN clients.", "executiveText": "Enables one-time password generation through Microsoft Authenticator app, providing an additional secure authentication method for employees. This is particularly useful for secure VPN access and other systems requiring multi-factor authentication.", @@ -615,6 +665,7 @@ "name": "standards.PWcompanionAppAllowedState", "cat": "Entra (AAD) Standards", "tag": ["EIDSCA.AM01"], + "appliesToTest": ["EIDSCAAM01"], "helpText": "Sets the state of Authenticator Lite, Authenticator lite is a companion app for passwordless authentication.", "docsDescription": "Sets the Authenticator Lite state to enabled. This allows users to use the Authenticator Lite built into the Outlook app instead of the full Authenticator app.", "executiveText": "Enables a simplified authentication experience by allowing users to authenticate directly through Outlook without requiring a separate authenticator app. This improves user convenience while maintaining security standards for passwordless authentication.", @@ -650,12 +701,22 @@ "EIDSCA.AF05", "EIDSCA.AF06", "NIST CSF 2.0 (PR.AA-03)", + "SMB1001 (2.5)", + "SMB1001 (2.6)", + "SMB1001 (2.9)" + ], + "appliesToTest": [ "EIDSCAAF01", "EIDSCAAF02", "EIDSCAAF03", "EIDSCAAF04", "EIDSCAAF05", - "EIDSCAAF06" + "EIDSCAAF06", + "SMB1001_2_5", + "SMB1001_2_6", + "SMB1001_2_9", + "ZTNA21838", + "ZTNA21839" ], "helpText": "Enables the FIDO2 authenticationMethod for the tenant", "docsDescription": "Enables FIDO2 capabilities for the tenant. This allows users to use FIDO2 keys like a Yubikey for authentication.", @@ -671,7 +732,12 @@ { "name": "standards.EnableHardwareOAuth", "cat": "Entra (AAD) Standards", - "tag": [], + "tag": ["SMB1001 (2.5)", "SMB1001 (2.6)", "SMB1001 (2.9)"], + "appliesToTest": [ + "SMB1001_2_5", + "SMB1001_2_6", + "SMB1001_2_9" + ], "helpText": "Enables the HardwareOath authenticationMethod for the tenant. This allows you to use hardware tokens for generating 6 digit MFA codes.", "docsDescription": "Enables Hardware OAuth tokens for the tenant. This allows users to use hardware tokens like a Yubikey for authentication.", "executiveText": "Enables physical hardware tokens that generate secure authentication codes, providing an alternative to smartphone-based authentication. This is particularly valuable for employees who cannot use mobile devices or require the highest security standards for accessing sensitive systems.", @@ -687,6 +753,10 @@ "name": "standards.allowOAuthTokens", "cat": "Entra (AAD) Standards", "tag": ["EIDSCA.AT01", "EIDSCA.AT02"], + "appliesToTest": [ + "EIDSCAAT01", + "EIDSCAAT02" + ], "helpText": "Allows you to use any software OAuth token generator", "docsDescription": "Enables OTP Software OAuth tokens for the tenant. This allows users to use OTP codes generated via software, like a password manager to be used as an authentication method.", "executiveText": "Allows employees to use third-party authentication apps and password managers to generate secure login codes, providing flexibility in authentication methods while maintaining security standards. This accommodates diverse user preferences and existing security tools.", @@ -702,6 +772,7 @@ "name": "standards.FormsPhishingProtection", "cat": "Global Standards", "tag": ["CIS M365 6.0.1 (1.3.5)", "Security", "PhishingProtection"], + "appliesToTest": ["CIS_1_3_5"], "helpText": "Enables internal phishing protection for Microsoft Forms to help prevent malicious forms from being created and shared within the organization. This feature scans forms created by internal users for potential phishing content and suspicious patterns.", "docsDescription": "Enables internal phishing protection for Microsoft Forms by setting the isInOrgFormsPhishingScanEnabled property to true. This security feature helps protect organizations from internal phishing attacks through Microsoft Forms by automatically scanning forms created by internal users for potential malicious content, suspicious links, and phishing patterns. When enabled, Forms will analyze form content and block or flag potentially dangerous forms before they can be shared within the organization.", "executiveText": "Automatically scans Microsoft Forms created by employees for malicious content and phishing attempts, preventing the creation and distribution of harmful forms within the organization. This protects against both internal threats and compromised accounts that might be used to distribute malicious content.", @@ -716,7 +787,13 @@ { "name": "standards.TAP", "cat": "Entra (AAD) Standards", - "tag": ["ZTNA21845", "ZTNA21846", "EIDSCAAT01", "EIDSCAAT02"], + "tag": [], + "appliesToTest": [ + "EIDSCAAT01", + "EIDSCAAT02", + "ZTNA21845", + "ZTNA21846" + ], "helpText": "Enables TAP and sets the default TAP lifetime to 1 hour. This configuration also allows you to select if a TAP is single use or multi-logon.", "docsDescription": "Enables Temporary Password generation for the tenant.", "executiveText": "Enables temporary access passwords that IT administrators can generate for employees who are locked out or need emergency access to systems. These time-limited passwords provide a secure way to restore access without compromising long-term security policies.", @@ -744,6 +821,7 @@ "name": "standards.PasswordExpireDisabled", "cat": "Entra (AAD) Standards", "tag": ["CIS M365 6.0.1 (1.3.1)", "PWAgePolicyNew"], + "appliesToTest": ["CIS_1_3_1", "ZTNA21811"], "helpText": "Disables the expiration of passwords for the tenant by setting the password expiration policy to never expire for any user.", "docsDescription": "Sets passwords to never expire for tenant, recommended to use in conjunction with secure password requirements.", "executiveText": "Eliminates mandatory password expiration requirements, allowing employees to keep strong passwords indefinitely rather than forcing frequent changes that often lead to weaker passwords. This modern security approach reduces help desk calls and improves overall password security when combined with multi-factor authentication.", @@ -760,14 +838,19 @@ "cat": "Entra (AAD) Standards", "tag": [ "CIS M365 6.0.1 (5.2.3.2)", - "ZTNA21848", - "ZTNA21849", - "ZTNA21850", + "SMB1001 (2.1)" + ], + "appliesToTest": [ + "CIS_5_2_3_2", "EIDSCAPR01", "EIDSCAPR02", "EIDSCAPR03", "EIDSCAPR05", - "EIDSCAPR06" + "EIDSCAPR06", + "SMB1001_2_1", + "ZTNA21848", + "ZTNA21849", + "ZTNA21850" ], "helpText": "**Requires Entra ID P1.** Updates and enables the Entra ID custom banned password list with the supplied words. Enter words separated by commas or semicolons. Each word must be 4-16 characters long. Maximum 1,000 words allowed.", "docsDescription": "Updates and enables the Entra ID custom banned password list with the supplied words. This supplements the global banned password list maintained by Microsoft. The custom list is limited to 1,000 key base terms of 4-16 characters each. Entra ID will [block variations and common substitutions](https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-configure-custom-password-protection#configure-custom-banned-passwords) of these words in user passwords. [How are passwords evaluated?](https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad#score-calculation)", @@ -791,7 +874,11 @@ { "name": "standards.ExternalMFATrusted", "cat": "Entra (AAD) Standards", - "tag": ["ZTNA21803", "ZTNA21804"], + "tag": [], + "appliesToTest": [ + "ZTNA21803", + "ZTNA21804" + ], "helpText": "Sets the state of the Cross-tenant access setting to trust external MFA. This allows guest users to use their home tenant MFA to access your tenant.", "executiveText": "Allows external partners and vendors to use their own organization's multi-factor authentication when accessing company resources, streamlining collaboration while maintaining security standards. This reduces friction for external users while ensuring they still meet authentication requirements.", "addedComponent": [ @@ -817,7 +904,17 @@ { "name": "standards.DisableTenantCreation", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.1.2.3)", "CISA (MS.AAD.6.1v1)", "ZTNA21772", "ZTNA21787"], + "tag": [ + "CIS M365 6.0.1 (5.1.2.3)", + "CISA (MS.AAD.6.1v1)", + "SMB1001 (2.8)" + ], + "appliesToTest": [ + "CIS_5_1_2_3", + "SMB1001_2_8", + "ZTNA21772", + "ZTNA21787" + ], "helpText": "Restricts creation of M365 tenants to the Global Administrator or Tenant Creator roles.", "docsDescription": "Users by default are allowed to create M365 tenants. This disables that so only admins can create new M365 tenants.", "executiveText": "Prevents regular employees from creating new Microsoft 365 organizations, ensuring all new tenants are properly managed and controlled by IT administrators. This prevents unauthorized shadow IT environments and maintains centralized governance over Microsoft 365 resources.", @@ -841,12 +938,17 @@ "EIDSCA.CR03", "EIDSCA.CR04", "Essential 8 (1507)", - "NIST CSF 2.0 (PR.AA-05)", - "ZTNA21869", + "NIST CSF 2.0 (PR.AA-05)" + ], + "appliesToTest": [ + "CIS_5_1_5_2", + "EIDSCACP04", "EIDSCACR01", "EIDSCACR02", "EIDSCACR03", - "EIDSCACR04" + "EIDSCACR04", + "ZTNA21809", + "ZTNA21869" ], "helpText": "Enables App consent admin requests for the tenant via the GA role. Does not overwrite existing reviewer settings", "docsDescription": "Enables the ability for users to request admin consent for applications. Should be used in conjunction with the \"Require admin consent for applications\" standards", @@ -868,7 +970,11 @@ { "name": "standards.NudgeMFA", "cat": "Entra (AAD) Standards", - "tag": ["ZTNA21889"], + "tag": ["SMB1001 (2.5)"], + "appliesToTest": [ + "SMB1001_2_5", + "ZTNA21889" + ], "helpText": "Sets the state of the registration campaign for the tenant", "docsDescription": "Sets the state of the registration campaign for the tenant. If enabled nudges users to set up the Microsoft Authenticator during sign-in.", "executiveText": "Prompts employees to set up multi-factor authentication during login, gradually improving the organization's security posture by encouraging adoption of stronger authentication methods. This helps achieve better security compliance without forcing immediate mandatory changes.", @@ -905,7 +1011,11 @@ { "name": "standards.DisableM365GroupUsers", "cat": "Entra (AAD) Standards", - "tag": ["CISA (MS.AAD.21.1v1)", "ZTNA21868"], + "tag": ["CISA (MS.AAD.21.1v1)", "SMB1001 (2.8)"], + "appliesToTest": [ + "SMB1001_2_8", + "ZTNA21868" + ], "helpText": "Restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc", "docsDescription": "Users by default are allowed to create M365 groups. This restricts M365 group creation to certain admin roles. This disables the ability to create Teams, SharePoint sites, Planner, etc", "executiveText": "Restricts the creation of Microsoft 365 groups, Teams, and SharePoint sites to authorized administrators, preventing uncontrolled proliferation of collaboration spaces. This ensures proper governance, naming conventions, and resource management while maintaining oversight of all collaborative environments.", @@ -934,7 +1044,12 @@ "EIDSCA.AP10", "Essential 8 (1175)", "NIST CSF 2.0 (PR.AA-05)", - "EIDSCAAP10" + "SMB1001 (2.8)" + ], + "appliesToTest": [ + "CIS_5_1_2_2", + "EIDSCAAP10", + "SMB1001_2_8" ], "helpText": "Disables the ability for users to create App registrations in the tenant.", "docsDescription": "Disables the ability for users to create applications in Entra. Done to prevent breached accounts from creating an app to maintain access to the tenant, even after the breached account has been secured.", @@ -950,7 +1065,11 @@ { "name": "standards.BitLockerKeysForOwnedDevice", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.1.4.6)", "ZTNA21954"], + "tag": ["CIS M365 6.0.1 (5.1.4.6)"], + "appliesToTest": [ + "CIS_5_1_4_6", + "ZTNA21954" + ], "helpText": "Controls whether standard users can recover BitLocker keys for devices they own.", "docsDescription": "Updates the Microsoft Entra authorization policy that controls whether standard users can read BitLocker recovery keys for devices they own. Choose to restrict access for tighter security or allow self-service recovery when operational needs require it.", "executiveText": "Gives administrators centralized control over BitLocker recovery secrets—restrict access to ensure IT-assisted recovery flows, or allow self-service when rapid device unlocks are a priority.", @@ -977,7 +1096,17 @@ { "name": "standards.DisableSecurityGroupUsers", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.1.3.2)", "CISA (MS.AAD.20.1v1)", "NIST CSF 2.0 (PR.AA-05)", "ZTNA21868"], + "tag": [ + "CIS M365 6.0.1 (5.1.3.2)", + "CISA (MS.AAD.20.1v1)", + "NIST CSF 2.0 (PR.AA-05)", + "SMB1001 (2.8)" + ], + "appliesToTest": [ + "CIS_5_1_3_2", + "SMB1001_2_8", + "ZTNA21868" + ], "helpText": "Completely disables the creation of security groups by users. This also breaks the ability to manage groups themselves, or create Teams", "executiveText": "Restricts the creation of security groups to IT administrators only, preventing employees from creating unauthorized access groups that could bypass security controls. This ensures proper governance of access permissions and maintains centralized control over who can access what resources.", "addedComponent": [], @@ -1005,7 +1134,12 @@ { "name": "standards.DisableSelfServiceLicenses", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (1.3.4)"], + "tag": ["CIS M365 6.0.1 (1.3.4)", "SMB1001 (2.8)"], + "appliesToTest": [ + "CIS_1_3_4", + "EIDSCAAP05", + "SMB1001_2_8" + ], "helpText": "**Requires 'Billing Administrator' GDAP role.** This standard disables all self service licenses and enables all exclusions", "executiveText": "Prevents employees from purchasing Microsoft 365 licenses independently, ensuring all software acquisitions go through proper procurement channels. This maintains budget control, prevents unauthorized spending, and ensures compliance with corporate licensing agreements.", "addedComponent": [ @@ -1031,7 +1165,11 @@ { "name": "standards.DisableGuests", "cat": "Entra (AAD) Standards", - "tag": ["ZTNA21858"], + "tag": ["SMB1001 (2.8)"], + "appliesToTest": [ + "SMB1001_2_8", + "ZTNA21858" + ], "helpText": "Blocks login for guest users that have not logged in for a number of days", "executiveText": "Automatically disables external guest accounts that haven't been used for a number of days, reducing security risks from dormant accounts while maintaining access for active external collaborators. This helps maintain a clean user directory and reduces potential attack vectors.", "addedComponent": [ @@ -1060,15 +1198,19 @@ "EIDSCA.AP08", "EIDSCA.AP09", "Essential 8 (1175)", - "NIST CSF 2.0 (PR.AA-05)", - "ZTNA21772", - "ZTNA21774", - "ZTNA21807", + "NIST CSF 2.0 (PR.AA-05)" + ], + "appliesToTest": [ + "CIS_5_1_5_1", "EIDSCAAP08", "EIDSCAAP09", "EIDSCACP01", "EIDSCACP03", - "EIDSCACP04" + "EIDSCACP04", + "ZTNA21772", + "ZTNA21774", + "ZTNA21807", + "ZTNA21810" ], "helpText": "Disables users from being able to consent to applications, except for those specified in the field below", "docsDescription": "Requires users to get administrator consent before sharing data with applications. You can preapprove specific applications.", @@ -1105,7 +1247,19 @@ { "name": "standards.GuestInvite", "cat": "Entra (AAD) Standards", - "tag": ["CISA (MS.AAD.18.1v1)", "EIDSCA.AP04", "EIDSCA.AP07", "EIDSCAAP04"], + "tag": [ + "CISA (MS.AAD.18.1v1)", + "EIDSCA.AP04", + "EIDSCA.AP07", + "SMB1001 (2.8)" + ], + "appliesToTest": [ + "CIS_5_1_6_3", + "EIDSCAAP04", + "EIDSCAAP07", + "SMB1001_2_8", + "ZTNA21791" + ], "helpText": "This setting controls who can invite guests to your directory to collaborate on resources secured by your company, such as SharePoint sites or Azure resources.", "executiveText": "Controls who within the organization can invite external partners and vendors to access company resources, ensuring proper oversight of external access while enabling necessary business collaboration. This helps maintain security while supporting partnership and vendor relationships.", "addedComponent": [ @@ -1177,7 +1331,13 @@ { "name": "standards.SecurityDefaults", "cat": "Entra (AAD) Standards", - "tag": ["CISA (MS.AAD.11.1v1)", "ZTNA21843"], + "tag": ["CISA (MS.AAD.11.1v1)", "SMB1001 (2.5)", "SMB1001 (2.6)", "SMB1001 (2.9)"], + "appliesToTest": [ + "SMB1001_2_5", + "SMB1001_2_6", + "SMB1001_2_9", + "ZTNA21843" + ], "helpText": "Enables security defaults for the tenant, for newer tenants this is enabled by default. Do not enable this feature if you use Conditional Access.", "docsDescription": "Enables SD for the tenant, which disables all forms of basic authentication and enforces users to configure MFA. Users are only prompted for MFA when a logon is considered 'suspect' by Microsoft.", "executiveText": "Activates Microsoft's baseline security configuration that requires multi-factor authentication and blocks legacy authentication methods. This provides essential security protection for organizations without complex conditional access policies, significantly improving security posture with minimal configuration.", @@ -1192,7 +1352,22 @@ { "name": "standards.DisableSMS", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.2.3.5)", "EIDSCA.AS04", "NIST CSF 2.0 (PR.AA-03)", "EIDSCAAS04"], + "tag": [ + "CIS M365 6.0.1 (5.2.3.5)", + "EIDSCA.AS04", + "NIST CSF 2.0 (PR.AA-03)", + "SMB1001 (2.5)", + "SMB1001 (2.6)", + "SMB1001 (2.9)" + ], + "appliesToTest": [ + "CIS_5_2_3_5", + "EIDSCAAS04", + "SMB1001_2_5", + "SMB1001_2_5_L4", + "SMB1001_2_6", + "SMB1001_2_9" + ], "helpText": "This blocks users from using SMS as an MFA method. If a user only has SMS as a MFA method, they will be unable to log in.", "docsDescription": "Disables SMS as an MFA method for the tenant. If a user only has SMS as a MFA method, they will be unable to sign in.", "executiveText": "Disables SMS text messages as a multi-factor authentication method due to security vulnerabilities like SIM swapping attacks. This forces users to adopt more secure authentication methods like authenticator apps or hardware tokens, significantly improving account security.", @@ -1207,7 +1382,22 @@ { "name": "standards.DisableVoice", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.2.3.5)", "EIDSCA.AV01", "NIST CSF 2.0 (PR.AA-03)", "EIDSCAAV01"], + "tag": [ + "CIS M365 6.0.1 (5.2.3.5)", + "EIDSCA.AV01", + "NIST CSF 2.0 (PR.AA-03)", + "SMB1001 (2.5)", + "SMB1001 (2.6)", + "SMB1001 (2.9)" + ], + "appliesToTest": [ + "CIS_5_2_3_5", + "EIDSCAAV01", + "SMB1001_2_5", + "SMB1001_2_5_L4", + "SMB1001_2_6", + "SMB1001_2_9" + ], "helpText": "This blocks users from using Voice call as an MFA method. If a user only has Voice as a MFA method, they will be unable to log in.", "docsDescription": "Disables Voice call as an MFA method for the tenant. If a user only has Voice call as a MFA method, they will be unable to sign in.", "executiveText": "Disables voice call authentication due to security vulnerabilities and social engineering risks. This forces users to adopt more secure authentication methods like authenticator apps, improving overall account security by eliminating phone-based attack vectors.", @@ -1222,7 +1412,20 @@ { "name": "standards.DisableEmail", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.2.3.7)", "NIST CSF 2.0 (PR.AA-03)"], + "tag": [ + "CIS M365 6.0.1 (5.2.3.7)", + "NIST CSF 2.0 (PR.AA-03)", + "SMB1001 (2.5)", + "SMB1001 (2.6)", + "SMB1001 (2.9)" + ], + "appliesToTest": [ + "CIS_5_2_3_7", + "SMB1001_2_5", + "SMB1001_2_5_L4", + "SMB1001_2_6", + "SMB1001_2_9" + ], "helpText": "This blocks users from using email as an MFA method. This disables the email OTP option for guest users, and instead prompts them to create a Microsoft account.", "executiveText": "Disables email-based authentication codes due to security concerns with email interception and account compromise. This forces users to adopt more secure authentication methods, particularly affecting guest users who must use stronger verification methods.", "addedComponent": [], @@ -1273,6 +1476,14 @@ "Essential 8 (1173)", "Essential 8 (1401)", "NIST CSF 2.0 (PR.AA-03)", + "SMB1001 (2.5)", + "SMB1001 (2.6)", + "SMB1001 (2.9)" + ], + "appliesToTest": [ + "SMB1001_2_5", + "SMB1001_2_6", + "SMB1001_2_9", "ZTNA21780", "ZTNA21782", "ZTNA21796" @@ -1360,12 +1571,14 @@ "impactColour": "warning", "addedDate": "2026-03-13", "powershellEquivalent": "Graph API", - "recommendedBy": [] + "recommendedBy": [], + "appliesToTest": ["ZTNA21773", "ZTNA21896", "ZTNA21992"] }, { "name": "standards.OutBoundSpamAlert", "cat": "Exchange Standards", "tag": ["CIS M365 6.0.1 (2.1.6)"], + "appliesToTest": ["CIS_2_1_6"], "helpText": "Set the Outbound Spam Alert e-mail address", "docsDescription": "Sets the e-mail address to which outbound spam alerts are sent.", "addedComponent": [ @@ -1590,7 +1803,8 @@ { "name": "standards.EnableOnlineArchiving", "cat": "Exchange Standards", - "tag": ["Essential 8 (1511)", "NIST CSF 2.0 (PR.DS-11)"], + "tag": ["Essential 8 (1511)", "NIST CSF 2.0 (PR.DS-11)", "SMB1001 (3.1)"], + "appliesToTest": ["SMB1001_3_1"], "helpText": "Enables the In-Place Online Archive for all UserMailboxes with a valid license.", "executiveText": "Automatically enables online email archiving for all licensed employees, providing additional storage for older emails while maintaining easy access. This helps manage mailbox sizes, improves email performance, and supports compliance with data retention requirements.", "addedComponent": [], @@ -1611,7 +1825,8 @@ { "name": "standards.EnableLitigationHold", "cat": "Exchange Standards", - "tag": [], + "tag": ["SMB1001 (3.1)"], + "appliesToTest": ["SMB1001_3_1"], "helpText": "Enables litigation hold for all UserMailboxes with a valid license.", "executiveText": "Preserves all email content for legal and compliance purposes by preventing permanent deletion of emails, even when users attempt to delete them. This is essential for organizations subject to legal discovery requirements or regulatory compliance mandates.", "addedComponent": [ @@ -1640,7 +1855,13 @@ { "name": "standards.SpoofWarn", "cat": "Exchange Standards", - "tag": ["CIS M365 6.0.1 (6.2.3)", "ORCA111", "ORCA240", "CISAMSEXO71"], + "tag": ["CIS M365 6.0.1 (6.2.3)"], + "appliesToTest": [ + "CISAMSEXO71", + "CIS_6_2_3", + "ORCA111", + "ORCA240" + ], "helpText": "Adds or removes indicators to e-mail messages received from external senders in Outlook. Works on all Outlook clients/OWA", "docsDescription": "Adds or removes indicators to e-mail messages received from external senders in Outlook. You can read more about this feature on [Microsoft's Exchange Team Blog.](https://techcommunity.microsoft.com/t5/exchange-team-blog/native-external-sender-callouts-on-email-in-outlook/ba-p/2250098)", "executiveText": "Displays visual warnings in Outlook when emails come from external senders, helping employees identify potentially suspicious messages and reducing the risk of phishing attacks. This security feature makes it easier for staff to distinguish between internal and external communications.", @@ -1682,6 +1903,7 @@ "name": "standards.EnableMailTips", "cat": "Exchange Standards", "tag": ["CIS M365 6.0.1 (6.5.2)", "exo_mailtipsenabled"], + "appliesToTest": ["CIS_6_5_2"], "helpText": "Enables all MailTips in Outlook. MailTips are the notifications Outlook and Outlook on the web shows when an email you create, meets some requirements", "executiveText": "Enables helpful notifications in Outlook that warn users about potential email issues, such as sending to large groups, external recipients, or invalid addresses. This reduces email mistakes and improves communication efficiency by providing real-time guidance to employees.", "addedComponent": [ @@ -1758,7 +1980,11 @@ { "name": "standards.RotateDKIM", "cat": "Exchange Standards", - "tag": ["CIS M365 6.0.1 (2.1.9)"], + "tag": ["CIS M365 6.0.1 (2.1.9)", "SMB1001 (2.12)"], + "appliesToTest": [ + "CIS_2_1_9", + "SMB1001_2_12" + ], "helpText": "Rotate DKIM keys that are 1024 bit to 2048 bit", "executiveText": "Upgrades email security by replacing older 1024-bit encryption keys with stronger 2048-bit keys for email authentication. This improves the organization's email security posture and helps prevent email spoofing and tampering, maintaining trust with email recipients.", "addedComponent": [], @@ -1811,7 +2037,14 @@ { "name": "standards.AddDKIM", "cat": "Exchange Standards", - "tag": ["CIS M365 6.0.1 (2.1.9)", "ORCA108", "CISAMSEXO31"], + "tag": ["CIS M365 6.0.1 (2.1.9)", "SMB1001 (2.12)"], + "appliesToTest": [ + "CISAMSEXO31", + "CIS_2_1_9", + "ORCA108", + "ORCA108_1", + "SMB1001_2_12" + ], "helpText": "Enables DKIM for all domains that currently support it", "executiveText": "Enables email authentication technology that digitally signs outgoing emails to verify they actually came from your organization. This prevents email spoofing, improves email deliverability, and protects the company's reputation by ensuring recipients can trust emails from your domains.", "addedComponent": [], @@ -1832,7 +2065,11 @@ { "name": "standards.AddDMARCToMOERA", "cat": "Global Standards", - "tag": ["CIS M365 6.0.1 (2.1.10)", "Security", "PhishingProtection"], + "tag": ["CIS M365 6.0.1 (2.1.10)", "Security", "PhishingProtection", "SMB1001 (2.12)"], + "appliesToTest": [ + "CIS_2_1_10", + "SMB1001_2_12" + ], "helpText": "** Remediation is not available ** Note: requires 'Domain Name Administrator' GDAP role. This should be enabled even if the MOERA (onmicrosoft.com) domains is not used for sending. Enabling this prevents email spoofing. The default value is 'v=DMARC1; p=reject;' recommended because the domain is only used within M365 and reporting is not needed. Omitting pct tag default to 100%", "docsDescription": "** Remediation is not available ** Note: requires 'Domain Name Administrator' GDAP role. Adds a DMARC record to MOERA (onmicrosoft.com) domains. This should be enabled even if the MOERA (onmicrosoft.com) domains is not used for sending. Enabling this prevents email spoofing. The default record is 'v=DMARC1; p=reject;' recommended because the domain is only used within M365 and reporting is not needed. Omitting pct tag default to 100%", "executiveText": "Implements advanced email security for Microsoft's default domain names (onmicrosoft.com) to prevent criminals from impersonating your organization. This blocks fraudulent emails that could damage your company's reputation and protects partners and customers from phishing attacks using your domain names.", @@ -1868,8 +2105,13 @@ "exo_mailboxaudit", "Essential 8 (1509)", "Essential 8 (1683)", - "NIST CSF 2.0 (DE.CM-09)", - "CISAMSEXO131" + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ + "CISAMSEXO131", + "CIS_6_1_1", + "CIS_6_1_2", + "CIS_6_1_3" ], "helpText": "Enables Mailbox auditing for all mailboxes and on tenant level. Disables audit bypass on all mailboxes. Unified Audit Log needs to be enabled for this standard to function.", "docsDescription": "Enables mailbox auditing on tenant level and for all mailboxes. Disables audit bypass on all mailboxes. By default Microsoft does not enable mailbox auditing for Resource Mailboxes, Public Folder Mailboxes and DiscoverySearch Mailboxes. Unified Audit Log needs to be enabled for this standard to function.", @@ -2072,6 +2314,7 @@ "name": "standards.EXOOutboundSpamLimits", "cat": "Exchange Standards", "tag": ["CIS M365 6.0.1 (2.1.15)"], + "appliesToTest": ["CIS_2_1_15"], "helpText": "Configures the outbound spam recipient limits (external per hour, internal per hour, per day) and the action to take when a limit is reached. The 'Set Outbound Spam Alert e-mail' standard is recommended to configure together with this one. ", "docsDescription": "Configures the Exchange Online outbound spam recipient limits for external per hour, internal per hour, and per day, along with the action to take (e.g., BlockUser, Alert) when these limits are exceeded. This helps prevent abuse and manage email flow. Microsoft's recommendations can be found [here.](https://learn.microsoft.com/en-us/defender-office-365/recommended-settings-for-eop-and-office365#eop-outbound-spam-policy-settings) The 'Set Outbound Spam Alert e-mail' standard is recommended to configure together with this one.", "executiveText": "Sets limits on how many emails employees can send per hour and per day to prevent spam and protect the organization's email reputation. When limits are exceeded, the system can alert administrators or temporarily block the user, helping detect compromised accounts or prevent abuse.", @@ -2139,7 +2382,12 @@ { "name": "standards.DisableExternalCalendarSharing", "cat": "Exchange Standards", - "tag": ["CIS M365 6.0.1 (1.3.3)", "exo_individualsharing", "ZTNA21803", "CISAMSEXO62"], + "tag": ["CIS M365 6.0.1 (1.3.3)", "exo_individualsharing"], + "appliesToTest": [ + "CISAMSEXO62", + "CIS_1_3_3", + "ZTNA21803" + ], "helpText": "Disables the ability for users to share their calendar with external users. Only for the default policy, so exclusions can be made if needed.", "docsDescription": "Disables external calendar sharing for the entire tenant. This is not a widely used feature, and it's therefore unlikely that this will impact users. Only for the default policy, so exclusions can be made if needed by making a new policy and assigning it to users.", "executiveText": "Prevents employees from sharing their calendars with external parties, protecting sensitive meeting information and internal schedules from unauthorized access. This security measure helps maintain confidentiality of business activities while still allowing internal collaboration.", @@ -2172,12 +2420,16 @@ "addedDate": "2025-02-07", "powershellEquivalent": "Set-Mailbox -EmailAddresses @{add=$EmailAddress}", "recommendedBy": [], - "disabledFeatures": { "report": true, "warn": true, "remediate": false } + "disabledFeatures": { "report": false, "warn": true, "remediate": false } }, { "name": "standards.DisableAdditionalStorageProviders", "cat": "Exchange Standards", - "tag": ["CIS M365 6.0.1 (6.5.3)", "exo_storageproviderrestricted", "ZTNA21817"], + "tag": ["CIS M365 6.0.1 (6.5.3)", "exo_storageproviderrestricted"], + "appliesToTest": [ + "CIS_6_5_3", + "ZTNA21817" + ], "helpText": "Disables the ability for users to open files in Outlook on the Web, from other providers such as Box, Dropbox, Facebook, Google Drive, OneDrive Personal, etc.", "docsDescription": "Disables additional storage providers in OWA. This is to prevent users from using personal storage providers like Dropbox, Google Drive, etc. Usually this has little user impact.", "executiveText": "Prevents employees from accessing personal cloud storage services like Dropbox or Google Drive through Outlook on the web, reducing data security risks and ensuring company information stays within approved corporate systems. This helps maintain data governance and prevents accidental data leaks.", @@ -2200,6 +2452,7 @@ "name": "standards.AntiSpamSafeList", "cat": "Defender Standards", "tag": ["CIS M365 6.0.1 (2.1.13)"], + "appliesToTest": ["CIS_2_1_13"], "helpText": "Sets the anti-spam connection filter policy option 'safe list' in Defender.", "docsDescription": "Sets [Microsoft's built-in 'safe list'](https://learn.microsoft.com/en-us/powershell/module/exchange/set-hostedconnectionfilterpolicy?view=exchange-ps#-enablesafelist) in the anti-spam connection filter policy, rather than setting a custom safe/block list of IPs.", "executiveText": "Enables Microsoft's pre-approved list of trusted email servers to improve email delivery from legitimate sources while maintaining spam protection. This reduces false positives where legitimate emails might be blocked while still protecting against spam and malicious emails.", @@ -2281,6 +2534,7 @@ "name": "standards.Bookings", "cat": "Exchange Standards", "tag": ["CIS M365 6.0.1 (1.3.9)"], + "appliesToTest": ["CIS_1_3_9"], "helpText": "Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.", "docsDescription": "", "executiveText": "Controls whether employees can use Microsoft Bookings to create online appointment scheduling pages for internal and external clients. This feature can improve customer service and streamline appointment management, but may need to be controlled for security or business process reasons.", @@ -2314,6 +2568,7 @@ "name": "standards.EXODirectSend", "cat": "Exchange Standards", "tag": ["CIS M365 6.0.1 (6.5.5)"], + "appliesToTest": ["CIS_6_5_5"], "helpText": "Sets the state of Direct Send in Exchange Online. Direct Send allows applications to send emails directly to Exchange Online mailboxes as the tenants domains, without requiring authentication.", "docsDescription": "Controls whether applications can use Direct Send to send emails directly to Exchange Online mailboxes as the tenants domains, without requiring authentication. A detailed explanation from Microsoft can be found [here.](https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365)", "executiveText": "Controls whether business applications and devices (like printers or scanners) can send emails through the company's email system without authentication. While this enables convenient features like scan-to-email, it may pose security risks and should be carefully managed.", @@ -2344,7 +2599,10 @@ "CIS M365 6.0.1 (6.3.1)", "exo_outlookaddins", "NIST CSF 2.0 (PR.AA-05)", - "NIST CSF 2.0 (PR.PS-05)", + "NIST CSF 2.0 (PR.PS-05)" + ], + "appliesToTest": [ + "CIS_6_3_1", "ZTNA21817" ], "helpText": "Disables the ability for users to install add-ins in Outlook. This is to prevent users from installing malicious add-ins.", @@ -2453,6 +2711,7 @@ "name": "standards.UserSubmissions", "cat": "Exchange Standards", "tag": ["CIS M365 6.0.1 (8.6.1)"], + "appliesToTest": ["CIS_8_6_1"], "helpText": "Set the state of the spam submission button in Outlook", "docsDescription": "Set the state of the built-in Report button in Outlook. This gives the users the ability to report emails as spam or phish.", "executiveText": "Enables employees to easily report suspicious emails directly from Outlook, helping improve the organization's spam and phishing detection systems. This crowdsourced approach to security allows users to contribute to threat detection while providing valuable feedback to enhance email security filters.", @@ -2491,7 +2750,16 @@ { "name": "standards.DisableSharedMailbox", "cat": "Exchange Standards", - "tag": ["CIS M365 6.0.1 (1.2.2)", "CISA (MS.AAD.10.1v1)", "NIST CSF 2.0 (PR.AA-01)"], + "tag": [ + "CIS M365 6.0.1 (1.2.2)", + "CISA (MS.AAD.10.1v1)", + "NIST CSF 2.0 (PR.AA-01)", + "SMB1001 (2.3)" + ], + "appliesToTest": [ + "CIS_1_2_2", + "SMB1001_2_3" + ], "helpText": "Blocks login for all accounts that are marked as a shared mailbox. This is Microsoft best practice to prevent direct logons to shared mailboxes.", "docsDescription": "Shared mailboxes can be directly logged into if the password is reset, this presents a security risk as do all shared login credentials. Microsoft's recommendation is to disable the user account for shared mailboxes. It would be a good idea to review the sign-in reports to establish potential impact.", "executiveText": "Prevents direct login to shared mailbox accounts (like info@company.com), ensuring they can only be accessed through authorized users' accounts. This security measure eliminates the risk of shared passwords and unauthorized access while maintaining proper access control and audit trails.", @@ -2506,7 +2774,8 @@ { "name": "standards.DisableResourceMailbox", "cat": "Exchange Standards", - "tag": ["NIST CSF 2.0 (PR.AA-01)"], + "tag": ["NIST CSF 2.0 (PR.AA-01)", "SMB1001 (2.3)"], + "appliesToTest": ["SMB1001_2_3"], "helpText": "Blocks login for all accounts that are marked as a resource mailbox and does not have a license assigned. Accounts that are synced from on-premises AD are excluded, as account state is managed in the on-premises AD.", "docsDescription": "Resource mailboxes can be directly logged into if the password is reset, this presents a security risk as do all shared login credentials. Microsoft's recommendation is to disable the user account for resource mailboxes. Accounts that are synced from on-premises AD are excluded, as account state is managed in the on-premises AD.", "executiveText": "Prevents direct login to resource mailbox accounts (like conference rooms or equipment), ensuring they can only be managed through proper administrative channels. This security measure eliminates potential unauthorized access to resource scheduling systems while maintaining proper booking functionality.", @@ -2535,6 +2804,7 @@ "CISA (MS.EXO.4.1v1)", "NIST CSF 2.0 (PR.DS-02)" ], + "appliesToTest": ["CIS_6_2_1"], "helpText": "Disables the ability for users to automatically forward e-mails to external recipients.", "docsDescription": "Disables the ability for users to automatically forward e-mails to external recipients. This is to prevent data exfiltration. Please check if there are any legitimate use cases for this feature before implementing, like forwarding invoices and such.", "executiveText": "Prevents employees from automatically forwarding company emails to external addresses, protecting against data leaks and unauthorized information sharing. This security measure helps maintain control over sensitive business communications while preventing both accidental and intentional data exfiltration.", @@ -2556,7 +2826,8 @@ { "name": "standards.RetentionPolicyTag", "cat": "Exchange Standards", - "tag": [], + "tag": ["SMB1001 (3.1)"], + "appliesToTest": ["SMB1001_3_1"], "helpText": "Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.", "docsDescription": "Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.", "executiveText": "Automatically and permanently removes deleted emails after a specified number of days, helping manage storage costs and ensuring compliance with data retention policies. This prevents accumulation of unnecessary deleted items while maintaining a reasonable recovery window for accidentally deleted emails.", @@ -2687,7 +2958,13 @@ "CIS M365 6.0.1 (2.1.1)", "mdo_safelinksforemail", "mdo_safelinksforOfficeApps", - "NIST CSF 2.0 (DE.CM-09)", + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ + "CISAMSEXO151", + "CISAMSEXO152", + "CISAMSEXO153", + "CIS_2_1_1", "ORCA105", "ORCA106", "ORCA107", @@ -2698,13 +2975,11 @@ "ORCA119", "ORCA156", "ORCA179", + "ORCA189_2", "ORCA226", "ORCA236", "ORCA237", - "ORCA238", - "CISAMSEXO151", - "CISAMSEXO152", - "CISAMSEXO153" + "ORCA238" ], "helpText": "This creates a Safe Links policy that automatically scans, tracks, and and enables safe links for Email, Office, and Teams for both external and internal senders", "addedComponent": [ @@ -2765,7 +3040,13 @@ "mdo_antiphishingpolicies", "mdo_phishthresholdlevel", "CIS M365 6.0.1 (2.1.7)", - "NIST CSF 2.0 (DE.CM-09)", + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ + "CISAMSEXO111", + "CISAMSEXO112", + "CISAMSEXO113", + "CIS_2_1_7", "ORCA104", "ORCA115", "ORCA180", @@ -2785,10 +3066,7 @@ "ORCA244", "ZTNA21784", "ZTNA21817", - "ZTNA21819", - "CISAMSEXO111", - "CISAMSEXO112", - "CISAMSEXO113" + "ZTNA21819" ], "helpText": "This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mail tips.", "addedComponent": [ @@ -2959,8 +3237,12 @@ "mdo_safedocuments", "mdo_commonattachmentsfilter", "mdo_safeattachmentpolicy", - "NIST CSF 2.0 (DE.CM-09)", + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ + "CIS_2_1_4", "ORCA158", + "ORCA189", "ORCA227" ], "helpText": "This creates a Safe Attachment policy", @@ -3029,6 +3311,7 @@ "name": "standards.AtpPolicyForO365", "cat": "Defender Standards", "tag": ["CIS M365 6.0.1 (2.1.5)", "NIST CSF 2.0 (DE.CM-09)"], + "appliesToTest": ["CIS_2_1_5", "ORCA225"], "helpText": "This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams.", "addedComponent": [ { @@ -3057,7 +3340,11 @@ { "name": "standards.PhishingSimulations", "cat": "Defender Standards", - "tag": [], + "tag": ["SMB1001 (1.11)", "SMB1001 (5.1)"], + "appliesToTest": [ + "SMB1001_1_11", + "SMB1001_5_1" + ], "helpText": "This creates a phishing simulation policy that enables phishing simulations for the entire tenant.", "addedComponent": [ { @@ -3116,16 +3403,23 @@ "mdo_zapspam", "mdo_zapphish", "mdo_zapmalware", - "NIST CSF 2.0 (DE.CM-09)", + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ + "CISAMSEXO101", + "CISAMSEXO102", + "CISAMSEXO103", + "CISAMSEXO95", + "CIS_2_1_11", + "CIS_2_1_2", + "CIS_2_1_3", + "ORCA120_malware", "ORCA121", "ORCA124", + "ORCA205", "ORCA232", "ZTNA21817", - "ZTNA21819", - "CISAMSEXO95", - "CISAMSEXO101", - "CISAMSEXO102", - "CISAMSEXO103" + "ZTNA21819" ], "helpText": "This creates a Malware filter policy that enables the default File filter and Zero-hour auto purge for malware.", "addedComponent": [ @@ -3255,12 +3549,22 @@ { "name": "standards.SpamFilterPolicy", "cat": "Defender Standards", - "tag": [ + "tag": [], + "appliesToTest": [ + "CISAMSEXO141", + "CISAMSEXO142", + "CISAMSEXO143", "ORCA100", "ORCA101", "ORCA102", "ORCA103", "ORCA104", + "ORCA109", + "ORCA110", + "ORCA118_1", + "ORCA118_3", + "ORCA120_phish", + "ORCA120_spam", "ORCA123", "ORCA139", "ORCA140", @@ -3269,10 +3573,7 @@ "ORCA143", "ORCA224", "ORCA231", - "ORCA241", - "CISAMSEXO141", - "CISAMSEXO142", - "CISAMSEXO143" + "ORCA241" ], "helpText": "This standard creates a Spam filter policy similar to the default strict policy.", "docsDescription": "This standard creates a Spam filter policy similar to the default strict policy, the following settings are configured to on by default: IncreaseScoreWithNumericIps, IncreaseScoreWithRedirectToOtherPort, MarkAsSpamEmptyMessages, MarkAsSpamJavaScriptInHtml, MarkAsSpamSpfRecordHardFail, MarkAsSpamFromAddressAuthFail, MarkAsSpamNdrBackscatter, MarkAsSpamBulkMail, InlineSafetyTipsEnabled, PhishZapEnabled, SpamZapEnabled", @@ -3779,6 +4080,7 @@ "name": "standards.IntuneComplianceSettings", "cat": "Intune Standards", "tag": ["CIS M365 6.0.1 (4.1)"], + "appliesToTest": ["CIS_4_1"], "helpText": "Sets the mark devices with no compliance policy assigned as compliance/non compliant and Compliance status validity period.", "executiveText": "Configures how the system treats devices that don't have specific compliance policies and sets how often devices must check in to maintain their compliance status. This ensures proper security oversight of all corporate devices and maintains current compliance information.", "addedComponent": [ @@ -3850,6 +4152,7 @@ "name": "standards.DefaultPlatformRestrictions", "cat": "Intune Standards", "tag": ["CIS M365 6.0.1 (4.2)", "CISA (MS.AAD.19.1v1)"], + "appliesToTest": ["CIS_4_2"], "helpText": "Sets the default platform restrictions for enrolling devices into Intune. Note: Do not block personally owned if platform is blocked.", "executiveText": "Controls which types of devices (iOS, Android, Windows, macOS) and ownership models (corporate vs. personal) can be enrolled in the company's device management system. This helps maintain security standards while supporting necessary business device types and usage scenarios.", "addedComponent": [ @@ -4068,7 +4371,13 @@ { "name": "standards.intuneDeviceReg", "cat": "Intune Standards", - "tag": ["CIS M365 6.0.1 (5.1.4.2)", "CISA (MS.AAD.17.1v1)", "ZTNA21801", "ZTNA21802"], + "tag": ["CIS M365 6.0.1 (5.1.4.2)", "CISA (MS.AAD.17.1v1)"], + "appliesToTest": [ + "CIS_5_1_4_2", + "ZTNA21801", + "ZTNA21802", + "ZTNA21837" + ], "helpText": "Sets the maximum number of devices that can be registered by a user. A value of 0 disables device registration by users", "executiveText": "Limits how many devices each employee can register for corporate access, preventing excessive device proliferation while accommodating legitimate business needs. This helps maintain security oversight and prevents potential abuse of device registration privileges.", "addedComponent": [ @@ -4090,7 +4399,12 @@ { "name": "standards.intuneDeviceRegLocalAdmins", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.1.4.3)", "CIS M365 6.0.1 (5.1.4.4)"], + "tag": ["CIS M365 6.0.1 (5.1.4.3)", "CIS M365 6.0.1 (5.1.4.4)", "SMB1001 (2.2)"], + "appliesToTest": [ + "CIS_5_1_4_3", + "CIS_5_1_4_4", + "SMB1001_2_2" + ], "helpText": "Controls whether users who register Microsoft Entra joined devices are granted local administrator rights on those devices and if Global Administrators are added as local admins.", "docsDescription": "Configures the Device Registration Policy local administrator behavior for registering users. When enabled, users who register devices are not granted local administrator rights, you can also configure if Global Administrators are added as local admins.", "executiveText": "Controls whether employees who enroll devices automatically receive local administrator access. Disabling registering-user admin rights follows least-privilege principles and reduces security risk from over-privileged endpoints.", @@ -4118,7 +4432,11 @@ { "name": "standards.intuneRestrictUserDeviceRegistration", "cat": "Entra (AAD) Standards", - "tag": ["CIS M365 6.0.1 (5.1.4.1)"], + "tag": ["CIS M365 6.0.1 (5.1.4.1)", "SMB1001 (2.8)"], + "appliesToTest": [ + "CIS_5_1_4_1", + "SMB1001_2_8" + ], "helpText": "Controls whether users can register devices with Entra.", "docsDescription": "Configures whether users can register devices with Entra. When disabled, users are unable to register devices with Entra.", "executiveText": "Controls whether employees can register their devices for corporate access. Disabling user device registration prevents unauthorized or unmanaged devices from connecting to company resources, enhancing overall security posture.", @@ -4140,7 +4458,12 @@ { "name": "standards.intuneRequireMFA", "cat": "Intune Standards", - "tag": ["ZTNA21782", "ZTNA21796", "ZTNA21872"], + "tag": [], + "appliesToTest": [ + "ZTNA21782", + "ZTNA21796", + "ZTNA21872" + ], "helpText": "Requires MFA for all users to register devices with Intune. This is useful when not using Conditional Access.", "executiveText": "Requires employees to use multi-factor authentication when registering devices for corporate access, adding an extra security layer to prevent unauthorized device enrollment. This helps ensure only legitimate users can connect their devices to company systems.", "label": "Require Multi-factor Authentication to register or join devices with Microsoft Entra", @@ -4153,7 +4476,8 @@ { "name": "standards.DeletedUserRentention", "cat": "SharePoint Standards", - "tag": [], + "tag": ["SMB1001 (3.1)"], + "appliesToTest": ["SMB1001_3_1"], "helpText": "Sets the retention period for deleted users OneDrive to the specified period of time. The default is 30 days.", "docsDescription": "When a OneDrive user gets deleted, the personal SharePoint site is saved for selected amount of time that data can be retrieved from it.", "executiveText": "Preserves departed employees' OneDrive files for a specified period, allowing time to recover important business documents before permanent deletion. This helps prevent data loss while managing storage costs and maintaining compliance with data retention policies.", @@ -4265,6 +4589,7 @@ "name": "standards.SPAzureB2B", "cat": "SharePoint Standards", "tag": ["CIS M365 6.0.1 (7.2.2)"], + "appliesToTest": ["CIS_7_2_2"], "helpText": "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled", "executiveText": "Enables secure collaboration with external partners through SharePoint and OneDrive by integrating with Azure B2B guest access. This allows controlled sharing with external organizations while maintaining security oversight and proper access management.", "addedComponent": [], @@ -4286,7 +4611,15 @@ { "name": "standards.SPDisallowInfectedFiles", "cat": "SharePoint Standards", - "tag": ["CIS M365 6.0.1 (7.3.1)", "CISA (MS.SPO.3.1v1)", "NIST CSF 2.0 (DE.CM-09)", "ZTNA21817"], + "tag": [ + "CIS M365 6.0.1 (7.3.1)", + "CISA (MS.SPO.3.1v1)", + "NIST CSF 2.0 (DE.CM-09)" + ], + "appliesToTest": [ + "CIS_7_3_1", + "ZTNA21817" + ], "helpText": "Ensure Office 365 SharePoint infected files are disallowed for download", "executiveText": "Prevents employees from downloading files that have been identified as containing malware or viruses from SharePoint and OneDrive. This security measure protects against malware distribution through file sharing while maintaining access to clean, safe documents.", "addedComponent": [], @@ -4352,7 +4685,13 @@ { "name": "standards.SPExternalUserExpiration", "cat": "SharePoint Standards", - "tag": ["CIS M365 6.0.1 (7.2.9)", "CISA (MS.SPO.1.5v1)", "ZTNA21803", "ZTNA21804", "ZTNA21858"], + "tag": ["CIS M365 6.0.1 (7.2.9)", "CISA (MS.SPO.1.5v1)"], + "appliesToTest": [ + "CIS_7_2_9", + "ZTNA21803", + "ZTNA21804", + "ZTNA21858" + ], "helpText": "Ensure guest access to a site or OneDrive will expire automatically", "executiveText": "Automatically expires external user access to SharePoint sites and OneDrive after a specified period, reducing security risks from forgotten or unnecessary guest accounts. This ensures external access is regularly reviewed and maintained only when actively needed.", "addedComponent": [ @@ -4385,7 +4724,12 @@ { "name": "standards.SPEmailAttestation", "cat": "SharePoint Standards", - "tag": ["CIS M365 6.0.1 (7.2.10)", "CISA (MS.SPO.1.6v1)", "ZTNA21803", "ZTNA21804"], + "tag": ["CIS M365 6.0.1 (7.2.10)", "CISA (MS.SPO.1.6v1)"], + "appliesToTest": [ + "CIS_7_2_10", + "ZTNA21803", + "ZTNA21804" + ], "helpText": "Ensure re-authentication with verification code is restricted", "executiveText": "Requires external users to periodically re-verify their identity through email verification codes when accessing SharePoint resources, adding an extra security layer for external collaboration. This helps ensure continued legitimacy of external access over time.", "addedComponent": [ @@ -4421,7 +4765,11 @@ "tag": [ "CIS M365 6.0.1 (7.2.7)", "CIS M365 6.0.1 (7.2.11)", - "CISA (MS.SPO.1.4v1)", + "CISA (MS.SPO.1.4v1)" + ], + "appliesToTest": [ + "CIS_7_2_11", + "CIS_7_2_7", "ZTNA21803", "ZTNA21804" ], @@ -4532,7 +4880,10 @@ "CIS M365 6.0.1 (7.2.1)", "spo_legacy_auth", "CISA (MS.AAD.3.1v1)", - "NIST CSF 2.0 (PR.IR-01)", + "NIST CSF 2.0 (PR.IR-01)" + ], + "appliesToTest": [ + "CIS_7_2_1", "ZTNA21776", "ZTNA21797" ], @@ -4562,7 +4913,11 @@ "CIS M365 6.0.1 (7.2.3)", "CIS M365 6.0.1 (7.2.4)", "CISA (MS.AAD.14.1v1)", - "CISA (MS.SPO.1.1v1)", + "CISA (MS.SPO.1.1v1)" + ], + "appliesToTest": [ + "CIS_7_2_3", + "CIS_7_2_4", "ZTNA21803", "ZTNA21804" ], @@ -4615,7 +4970,10 @@ "tag": [ "CIS M365 6.0.1 (7.2.5)", "CISA (MS.AAD.14.2v1)", - "CISA (MS.SPO.1.2v1)", + "CISA (MS.SPO.1.2v1)" + ], + "appliesToTest": [ + "CIS_7_2_5", "ZTNA21803", "ZTNA21804" ], @@ -4641,7 +4999,8 @@ { "name": "standards.DisableUserSiteCreate", "cat": "SharePoint Standards", - "tag": [], + "tag": ["SMB1001 (2.8)"], + "appliesToTest": ["SMB1001_2_8"], "helpText": "Disables users from creating new SharePoint sites", "docsDescription": "Disables standard users from creating SharePoint sites, also disables the ability to fully create teams", "executiveText": "Restricts the creation of new SharePoint sites to authorized administrators, preventing uncontrolled proliferation of collaboration spaces and ensuring proper governance. This maintains organized information architecture while requiring approval for new collaborative environments.", @@ -4714,7 +5073,15 @@ { "name": "standards.unmanagedSync", "cat": "SharePoint Standards", - "tag": ["CIS M365 6.0.1 (7.3.2)", "CISA (MS.SPO.2.1v1)", "NIST CSF 2.0 (PR.AA-05)", "ZTNA24824"], + "tag": [ + "CIS M365 6.0.1 (7.3.2)", + "CISA (MS.SPO.2.1v1)", + "NIST CSF 2.0 (PR.AA-05)" + ], + "appliesToTest": [ + "CIS_7_3_2", + "ZTNA24824" + ], "helpText": "Entra P1 required. Block or limit access to SharePoint and OneDrive content from unmanaged devices (those not hybrid AD joined or compliant in Intune). These controls rely on Microsoft Entra Conditional Access policies and can take up to 24 hours to take effect.", "docsDescription": "Entra P1 required. Block or limit access to SharePoint and OneDrive content from unmanaged devices (those not hybrid AD joined or compliant in Intune). These controls rely on Microsoft Entra Conditional Access policies and can take up to 24 hours to take effect. 0 = Allow Access, 1 = Allow limited, web-only access, 2 = Block access. All information about this can be found in Microsofts documentation [here.](https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices)", "executiveText": "Restricts access to company files from personal or unmanaged devices, ensuring corporate data can only be accessed from properly secured and monitored devices. This critical security control prevents data leaks while allowing controlled access through web browsers when necessary.", @@ -4746,7 +5113,10 @@ "tag": [ "CIS M365 6.0.1 (7.2.6)", "CISA (MS.AAD.14.3v1)", - "CISA (MS.SPO.1.3v1)", + "CISA (MS.SPO.1.3v1)" + ], + "appliesToTest": [ + "CIS_7_2_6", "ZTNA21803", "ZTNA21804" ], @@ -4800,6 +5170,17 @@ "CIS M365 6.0.1 (8.5.8)", "CIS M365 6.0.1 (8.5.9)" ], + "appliesToTest": [ + "CIS_8_5_1", + "CIS_8_5_2", + "CIS_8_5_3", + "CIS_8_5_4", + "CIS_8_5_5", + "CIS_8_5_6", + "CIS_8_5_7", + "CIS_8_5_8", + "CIS_8_5_9" + ], "helpText": "Defines the CIS recommended global meeting policy for Teams. This includes AllowAnonymousUsersToJoinMeeting, AllowAnonymousUsersToStartMeeting, AutoAdmittedUsers, AllowPSTNUsersToBypassLobby, MeetingChatEnabledType, DesignatedPresenterRoleMode, AllowExternalParticipantGiveRequestControl, AllowParticipantGiveRequestControl", "executiveText": "Establishes security-focused default settings for Teams meetings, controlling who can join meetings, present content, and participate in chats. These policies balance collaboration needs with security requirements, ensuring meetings remain productive while protecting against unauthorized access and disruption.", "addedComponent": [ @@ -4922,6 +5303,7 @@ "name": "standards.TeamsExternalChatWithAnyone", "cat": "Teams Standards", "tag": ["CIS M365 6.0.1 (8.2.3)"], + "appliesToTest": ["CIS_8_2_3"], "helpText": "Controls whether users can start Teams chats with any email address, inviting external recipients as guests via email.", "docsDescription": "Manages the Teams messaging policy setting UseB2BInvitesToAddExternalUsers. When enabled, users can start chats with any email address and recipients receive an invitation to join the chat as guests. Disabling the setting prevents these external email chats from being created, keeping conversations limited to internal users and approved guests.", "executiveText": "Allows organizations to decide if employees can launch Microsoft Teams chats with anyone on the internet using just an email address. Disabling the feature keeps conversations inside trusted boundaries and helps prevent accidental data exposure through unexpected external invitations.", @@ -4965,6 +5347,7 @@ "powershellEquivalent": "Set-CsTeamsClientConfiguration -AllowEmailIntoChannel $false", "recommendedBy": ["CIS"], "tag": ["CIS M365 6.0.1 (8.1.2)"], + "appliesToTest": ["CIS_8_1_2"], "requiredCapabilities": ["MCOSTANDARD", "MCOEV", "MCOIMP", "TEAMS1", "Teams_Room_Standard"] }, { @@ -5024,6 +5407,7 @@ "name": "standards.TeamsExternalFileSharing", "cat": "Teams Standards", "tag": ["CIS M365 6.0.1 (8.1.1)"], + "appliesToTest": ["CIS_8_1_1"], "helpText": "Ensure external file sharing in Teams is enabled for only approved cloud storage services.", "executiveText": "Controls which external cloud storage services (like Google Drive, Dropbox, Box) employees can access through Teams, ensuring file sharing occurs only through approved and secure platforms. This helps maintain data governance while supporting necessary business integrations.", "addedComponent": [ @@ -5094,6 +5478,10 @@ "name": "standards.TeamsExternalAccessPolicy", "cat": "Teams Standards", "tag": ["CIS M365 6.0.1 (8.2.1)", "CIS M365 6.0.1 (8.2.2)"], + "appliesToTest": [ + "CIS_8_2_1", + "CIS_8_2_2" + ], "helpText": "Sets the properties of the Global external access policy.", "docsDescription": "Sets the properties of the Global external access policy. External access policies determine whether or not your users can: 1) communicate with users who have Session Initiation Protocol (SIP) accounts with a federated organization; 2) communicate with users who are using custom applications built with Azure Communication Services; 3) access Skype for Business Server over the Internet, without having to log on to your internal network; 4) communicate with users who have SIP accounts with a public instant messaging (IM) provider such as Skype; and, 5) communicate with people who are using Teams with an account that's not managed by an organization.", "executiveText": "Defines the organization's policy for communicating with external users through Teams, including other organizations, Skype users, and unmanaged accounts. This fundamental setting determines the scope of external collaboration while maintaining security boundaries for business communications.", @@ -5121,6 +5509,7 @@ "name": "standards.TeamsFederationConfiguration", "cat": "Teams Standards", "tag": ["CIS M365 6.0.1 (8.2.1)"], + "appliesToTest": ["CIS_8_2_1", "CIS_8_2_4"], "helpText": "Sets the properties of the Global federation configuration.", "docsDescription": "Sets the properties of the Global federation configuration. Federation configuration settings determine whether or not your users can communicate with users who have SIP accounts with a federated organization.", "executiveText": "Configures how the organization federates with external organizations for Teams communication, controlling whether employees can communicate with specific external domains or all external organizations. This setting enables secure inter-organizational collaboration while maintaining control over external communications.", @@ -5196,6 +5585,7 @@ "name": "standards.TeamsMessagingPolicy", "cat": "Teams Standards", "tag": ["CIS M365 6.0.1 (8.6.1)"], + "appliesToTest": ["CIS_8_6_1"], "helpText": "Sets the properties of the Global messaging policy.", "docsDescription": "Sets the properties of the Global messaging policy. Messaging policies control which chat and channel messaging features are available to users in Teams.", "executiveText": "Defines what messaging capabilities employees have in Teams, including the ability to edit or delete messages, create custom emojis, and report inappropriate content. These policies help maintain professional communication standards while enabling necessary collaboration features.", @@ -5348,7 +5738,8 @@ { "name": "standards.AutopilotProfile", "cat": "Device Management Standards", - "tag": [], + "tag": ["SMB1001 (2.2)"], + "appliesToTest": ["SMB1001_2_2"], "disabledFeatures": { "report": false, "warn": false, "remediate": false }, "helpText": "Assign the appropriate Autopilot profile to streamline device deployment.", "docsDescription": "This standard allows the deployment of Autopilot profiles to devices, including settings such as unique name templates, language options, and local admin privileges.", @@ -5448,6 +5839,50 @@ "disabledFeatures": { "report": false, "warn": false, "remediate": false }, "impact": "High Impact", "addedDate": "2023-12-30", + "tag": [ + "SMB1001 (1.2)", + "SMB1001 (1.3)", + "SMB1001 (1.4)", + "SMB1001 (1.8)", + "SMB1001 (1.9)", + "SMB1001 (1.10)", + "SMB1001 (1.12)", + "SMB1001 (2.2)", + "SMB1001 (4.7)" + ], + "appliesToTest": [ + "SMB1001_1_10", + "SMB1001_1_12", + "SMB1001_1_2", + "SMB1001_1_3", + "SMB1001_1_4", + "SMB1001_1_8", + "SMB1001_1_9", + "SMB1001_2_2", + "SMB1001_4_7", + "ZTNA24540", + "ZTNA24541", + "ZTNA24542", + "ZTNA24543", + "ZTNA24545", + "ZTNA24547", + "ZTNA24548", + "ZTNA24549", + "ZTNA24550", + "ZTNA24552", + "ZTNA24553", + "ZTNA24564", + "ZTNA24568", + "ZTNA24569", + "ZTNA24572", + "ZTNA24574", + "ZTNA24575", + "ZTNA24576", + "ZTNA24784", + "ZTNA24839", + "ZTNA24840", + "ZTNA24870" + ], "helpText": "Deploy and manage Intune templates across devices.", "executiveText": "Deploys standardized device management configurations across all corporate devices, ensuring consistent security policies, application settings, and compliance requirements. This template-based approach streamlines device management while maintaining uniform security standards across the organization.", "addedComponent": [ @@ -5524,6 +5959,18 @@ { "label": "Include - Assign to devices matching the filter", "value": "include" }, { "label": "Exclude - Assign to devices NOT matching the filter", "value": "exclude" } ] + }, + { + "type": "number", + "required": false, + "name": "levenshteinDistance", + "label": "Fuzzy Match Distance (0 = exact name match only, higher values allow replacing policies with similar names based on Levenshtein distance)", + "defaultValue": 0, + "validators": { + "min": { "value": 0, "message": "Minimum value is 0" } + }, + "warningThreshold": 5, + "warningMessage": "Warning: values above 5 can match unrelated policies. Use with caution." } ] }, @@ -5536,6 +5983,30 @@ "impact": "High Impact", "impactColour": "info", "addedDate": "2026-01-02", + "tag": [ + "SMB1001 (1.2)", + "SMB1001 (1.3)", + "SMB1001 (1.4)", + "SMB1001 (1.8)", + "SMB1001 (1.9)", + "SMB1001 (1.10)", + "SMB1001 (1.12)" + ], + "appliesToTest": [ + "SMB1001_1_10", + "SMB1001_1_12", + "SMB1001_1_2", + "SMB1001_1_3", + "SMB1001_1_4", + "SMB1001_1_8", + "SMB1001_1_9", + "ZTNA24540", + "ZTNA24550", + "ZTNA24552", + "ZTNA24574", + "ZTNA24575", + "ZTNA24784" + ], "helpText": "Deploy and maintain Intune reusable settings templates that can be referenced by multiple policies.", "executiveText": "Creates and keeps reusable Intune settings templates consistent so common firewall and configuration blocks can be reused across many policies.", "addedComponent": [ @@ -5615,7 +6086,41 @@ "CIS M365 6.0.1 (5.2.2.9)", "CIS M365 6.0.1 (5.2.2.10)", "CIS M365 6.0.1 (5.2.2.11)", - "CIS M365 6.0.1 (5.2.2.12)" + "CIS M365 6.0.1 (5.2.2.12)", + "SMB1001 (2.5)", + "SMB1001 (2.6)", + "SMB1001 (2.8)", + "SMB1001 (2.9)" + ], + "appliesToTest": [ + "CIS_5_2_2_1", + "CIS_5_2_2_10", + "CIS_5_2_2_11", + "CIS_5_2_2_12", + "CIS_5_2_2_2", + "CIS_5_2_2_3", + "CIS_5_2_2_4", + "CIS_5_2_2_5", + "CIS_5_2_2_6", + "CIS_5_2_2_7", + "CIS_5_2_2_8", + "CIS_5_2_2_9", + "SMB1001_2_5", + "SMB1001_2_6", + "SMB1001_2_8", + "SMB1001_2_9", + "ZTNA21783", + "ZTNA21786", + "ZTNA21806", + "ZTNA21808", + "ZTNA21824", + "ZTNA21825", + "ZTNA21828", + "ZTNA21830", + "ZTNA21883", + "ZTNA21892", + "ZTNA21941", + "ZTNA24827" ], "helpText": "Manage conditional access policies for better security.", "executiveText": "Deploys standardized conditional access policies that automatically enforce security requirements based on user location, device compliance, and risk factors. These templates ensure consistent security controls across the organization while enabling secure access to business resources.", @@ -5624,6 +6129,8 @@ "type": "autoComplete", "name": "TemplateList", "multiple": false, + "required": false, + "creatable": false, "label": "Select Conditional Access Template", "api": { "url": "/api/ListCATemplates", @@ -5634,6 +6141,23 @@ "templateView": { "title": "Conditional Access Policy" } } }, + { + "type": "autoComplete", + "multiple": false, + "required": false, + "creatable": false, + "name": "TemplateList-Tags", + "label": "Or select a package of CA Templates", + "api": { + "queryKey": "ListCATemplates-tag-autocomplete", + "url": "/api/ListCATemplates?mode=Tag", + "labelField": "label", + "valueField": "value", + "addedField": { + "templates": "templates" + } + } + }, { "name": "state", "label": "What state should we deploy this template in?", @@ -5689,6 +6213,8 @@ "label": "Group Template", "multi": true, "cat": "Templates", + "tag": ["CIS M365 6.0.1 (5.1.3.1)"], + "appliesToTest": ["CIS_5_1_3_1"], "disabledFeatures": { "report": true, "warn": true, "remediate": false }, "impact": "Medium Impact", "addedDate": "2023-12-30", @@ -5710,6 +6236,110 @@ ], "requiredCapabilities": ["EXCHANGE_S_STANDARD", "EXCHANGE_S_ENTERPRISE", "EXCHANGE_LITE"] }, + { + "name": "standards.DlpCompliancePolicyTemplate", + "label": "DLP Compliance Policy Template", + "multi": true, + "cat": "Templates", + "disabledFeatures": { "report": false, "warn": false, "remediate": false }, + "impact": "Medium Impact", + "addedDate": "2026-05-10", + "helpText": "Deploy Microsoft Purview DLP compliance policies from CIPP templates.", + "executiveText": "Deploys Data Loss Prevention policies from a standardized template library. Ensures consistent DLP coverage across tenants for sensitive data such as financial, identity, and regulated content.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": true, + "creatable": false, + "name": "dlpCompliancePolicyTemplate", + "label": "Select DLP Compliance Policy Templates", + "api": { + "url": "/api/ListDlpCompliancePolicyTemplates", + "labelField": "name", + "valueField": "GUID", + "queryKey": "ListDlpCompliancePolicyTemplates" + } + } + ] + }, + { + "name": "standards.RetentionCompliancePolicyTemplate", + "label": "Retention Compliance Policy Template", + "multi": true, + "cat": "Templates", + "disabledFeatures": { "report": false, "warn": false, "remediate": false }, + "impact": "Medium Impact", + "addedDate": "2026-05-10", + "helpText": "Deploy Microsoft Purview retention compliance policies from CIPP templates.", + "executiveText": "Deploys retention policies that govern how long content is preserved in Exchange, SharePoint, OneDrive, and Teams. Enforces consistent compliance retention across tenants for regulatory and legal hold needs.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": true, + "creatable": false, + "name": "retentionCompliancePolicyTemplate", + "label": "Select Retention Compliance Policy Templates", + "api": { + "url": "/api/ListRetentionCompliancePolicyTemplates", + "labelField": "name", + "valueField": "GUID", + "queryKey": "ListRetentionCompliancePolicyTemplates" + } + } + ] + }, + { + "name": "standards.SensitivityLabelTemplate", + "label": "Sensitivity Label Template", + "multi": true, + "cat": "Templates", + "disabledFeatures": { "report": false, "warn": false, "remediate": false }, + "impact": "Medium Impact", + "addedDate": "2026-05-10", + "helpText": "Deploy Microsoft Purview sensitivity labels from CIPP templates.", + "executiveText": "Deploys sensitivity labels for classification and protection of files, emails, and Microsoft 365 group content. Ensures consistent classification taxonomy and encryption settings across tenants.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": true, + "creatable": false, + "name": "sensitivityLabelTemplate", + "label": "Select Sensitivity Label Templates", + "api": { + "url": "/api/ListSensitivityLabelTemplates", + "labelField": "name", + "valueField": "GUID", + "queryKey": "ListSensitivityLabelTemplates" + } + } + ] + }, + { + "name": "standards.SensitiveInfoTypeTemplate", + "label": "Sensitive Information Type Template", + "multi": true, + "cat": "Templates", + "disabledFeatures": { "report": false, "warn": false, "remediate": false }, + "impact": "Low Impact", + "addedDate": "2026-05-10", + "helpText": "Deploy custom Microsoft Purview Sensitive Information Types from CIPP templates.", + "executiveText": "Deploys custom Sensitive Information Types so DLP policies can detect organization-specific identifiers — employee IDs, project codenames, internal account numbers — across tenants consistently.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": true, + "creatable": false, + "name": "sensitiveInfoTypeTemplate", + "label": "Select Sensitive Information Type Templates", + "api": { + "url": "/api/ListSensitiveInfoTypeTemplates", + "labelField": "name", + "valueField": "GUID", + "queryKey": "ListSensitiveInfoTypeTemplates" + } + } + ] + }, { "name": "standards.AssignmentFilterTemplate", "label": "Assignment Filter Template", @@ -6510,5 +7140,109 @@ "EXCHANGE_S_ENTERPRISE_GOV", "EXCHANGE_LITE" ] + }, + { + "name": "standards.EnforcePrivateGroups", + "cat": "Entra (AAD) Standards", + "tag": ["CIS M365 6.0.1 (1.2.1)"], + "appliesToTest": ["CIS_1_2_1"], + "helpText": "Sets all public Microsoft 365 groups to private automatically. Groups can be excluded by display name keyword.", + "docsDescription": "Ensures only organisation-managed or approved public groups exist by automatically switching public Microsoft 365 (Unified) groups to private visibility. Groups whose display name matches any of the configured exclusion keywords are left unchanged. This aligns with CIS M365 6.0.1 benchmark control 1.2.1.", + "executiveText": "Enforces private visibility on all Microsoft 365 groups to prevent unauthorised external access to group resources such as Teams, SharePoint sites, and Planner boards. Approved public groups can be excluded by name, ensuring governance while retaining flexibility for intentionally public collaboration spaces.", + "addedComponent": [ + { + "type": "autoComplete", + "multiple": true, + "creatable": true, + "required": false, + "label": "Exclude groups by display name keyword", + "name": "standards.EnforcePrivateGroups.ExcludedGroupNames" + } + ], + "label": "Enforce Private M365 Groups", + "impact": "Medium Impact", + "impactColour": "warning", + "addedDate": "2026-05-06", + "powershellEquivalent": "Update-MgGroup -GroupId -Visibility Private", + "recommendedBy": ["CIS"], + "requiredCapabilities": [ + "SHAREPOINTWAC", + "SHAREPOINTSTANDARD", + "SHAREPOINTENTERPRISE", + "SHAREPOINTENTERPRISE_EDU", + "SHAREPOINTENTERPRISE_GOV", + "ONEDRIVE_BASIC", + "ONEDRIVE_ENTERPRISE" + ] + }, + { + "name": "standards.EmptyFilterIPAllowList", + "cat": "Defender Standards", + "tag": ["CIS M365 6.0.1 (2.1.12)"], + "appliesToTest": ["CIS_2_1_12"], + "helpText": "Ensures the connection filter IP allow list is not used. IPs on this list bypass spam, spoof, and authentication checks.", + "docsDescription": "IPs on the connection filter allow list bypass spam, spoof, and authentication checks. CIS recommends keeping this list empty to ensure all inbound email is properly scanned. This standard checks that the IPAllowList on the Default hosted connection filter policy is empty and can remediate by clearing it.", + "executiveText": "Ensures the Exchange Online connection filter IP allow list is empty, preventing any IP addresses from bypassing spam filtering, spoofing checks, and sender authentication. Keeping this list empty ensures all inbound email undergoes full security scanning, reducing the risk of phishing and malware delivery through trusted-but-compromised sources.", + "addedComponent": [], + "label": "Ensure connection filter IP allow list is empty", + "impact": "Medium Impact", + "impactColour": "warning", + "addedDate": "2026-05-06", + "powershellEquivalent": "Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList @()", + "recommendedBy": ["CIS"], + "requiredCapabilities": [ + "EXCHANGE_S_STANDARD", + "EXCHANGE_S_ENTERPRISE", + "EXCHANGE_S_STANDARD_GOV", + "EXCHANGE_S_ENTERPRISE_GOV", + "EXCHANGE_LITE" + ] + }, + { + "name": "standards.TeamsZAP", + "cat": "Defender Standards", + "tag": ["CIS M365 6.0.1 (2.4.4)"], + "appliesToTest": ["CIS_2_4_4"], + "helpText": "Ensures Zero-hour auto purge (ZAP) is enabled for Microsoft Teams, automatically removing malicious messages after delivery.", + "docsDescription": "Zero-hour auto purge (ZAP) for Microsoft Teams retroactively detects and neutralises malicious messages that have already been delivered in Teams chats. Enabling ZAP ensures that phishing, malware, and high confidence phishing messages are automatically purged even after initial delivery, aligning with CIS M365 6.0.1 benchmark control 2.4.4.", + "executiveText": "Enables Zero-hour auto purge for Microsoft Teams to automatically detect and remove malicious messages after delivery. This provides an additional layer of protection against phishing and malware that may bypass initial scanning, ensuring threats are neutralised even after they reach users.", + "addedComponent": [], + "label": "Ensure Zero-hour auto purge for Microsoft Teams is on", + "impact": "Low Impact", + "impactColour": "info", + "addedDate": "2026-05-06", + "powershellEquivalent": "Set-TeamsProtectionPolicy -Identity 'Teams Protection Policy' -ZapEnabled $true", + "recommendedBy": ["CIS"], + "requiredCapabilities": [ + "EXCHANGE_S_STANDARD", + "EXCHANGE_S_ENTERPRISE", + "EXCHANGE_S_STANDARD_GOV", + "EXCHANGE_S_ENTERPRISE_GOV", + "EXCHANGE_LITE" + ] + }, + { + "name": "standards.CollaborationDomainRestriction", + "cat": "Entra (AAD) Standards", + "tag": ["CIS M365 6.0.1 (5.1.6.1)"], + "appliesToTest": ["CIS_5_1_6_1"], + "helpText": "Restricts B2B collaboration invitations to a specified list of allowed domains. If no domains are provided, the standard will alert and report on whether any domain restrictions are currently configured.", + "docsDescription": "By default, Microsoft Entra ID allows collaboration invitations to be sent to any external domain. CIS recommends restricting B2B collaboration invitations to only approved domains to reduce the risk of data exfiltration and unauthorized access. This standard checks the B2B management policy for an allow list of domains and can remediate by setting the allowed domains list.", + "executiveText": "Restricts external collaboration invitations to approved domains only, preventing users from sharing data with unapproved external organizations. This reduces the risk of data exfiltration and ensures that collaboration occurs only with trusted business partners.", + "addedComponent": [ + { + "type": "textField", + "name": "standards.CollaborationDomainRestriction.allowedDomains", + "label": "Allowed domains (comma separated)", + "required": false, + "placeholder": "contoso.com, fabrikam.com" + } + ], + "label": "Restrict collaboration invitations to allowed domains only", + "impact": "Medium Impact", + "impactColour": "warning", + "addedDate": "2026-05-06", + "powershellEquivalent": "Graph API PATCH https://graph.microsoft.com/beta/policies/b2bManagementPolicies/default", + "recommendedBy": ["CIS"] } -] \ No newline at end of file +] diff --git a/src/hooks/use-admin-template-definitions.js b/src/hooks/use-admin-template-definitions.js new file mode 100644 index 000000000000..8b129daeae27 --- /dev/null +++ b/src/hooks/use-admin-template-definitions.js @@ -0,0 +1,82 @@ +// Resolves groupPolicyDefinitions metadata per-tenant. Can't be a static JSON: +// tenants can import custom ADMX files, so the available definitions are +// tenant-specific. +import { useMemo } from 'react' +import { ApiGetCall } from '../api/ApiCall' +import { useSettings } from './use-settings' +import { definitionBindPattern, extractBindGuid } from '../utils/intune-bind-helpers' + +export const useAdminTemplateDefinitions = ({ added = [], manualTenant = null, waiting = true } = {}) => { + const tenantFilter = useSettings().currentTenant + const activeTenant = manualTenant || tenantFilter + + const definitionIds = useMemo(() => { + if (!Array.isArray(added)) { + return [] + } + + const ids = new Set() + added.forEach((item) => { + const definitionId = extractBindGuid(item?.['definition@odata.bind'], definitionBindPattern) + if (definitionId) { + ids.add(definitionId) + } + }) + + return Array.from(ids).sort() + }, [added]) + + const canResolveDefinitions = + waiting && Boolean(activeTenant) && activeTenant !== 'AllTenants' && definitionIds.length > 0 + + const definitionsRequest = ApiGetCall({ + url: '/api/ListIntunePolicy', + queryKey: `AdminTemplateDefinitions-${activeTenant}-${definitionIds.join(',') || 'none'}`, + data: { + TenantFilter: activeTenant, + URLName: 'GroupPolicyDefinitions', + DefinitionIds: definitionIds.join(','), + }, + waiting: canResolveDefinitions, + retry: 1, + refetchOnWindowFocus: false, + refetchOnMount: false, + toast: false, + staleTime: 15 * 60 * 1000, + }) + + const definitions = useMemo(() => { + if (Array.isArray(definitionsRequest.data)) { + return definitionsRequest.data + } + + if (Array.isArray(definitionsRequest.data?.Results)) { + return definitionsRequest.data.Results + } + + if (Array.isArray(definitionsRequest.data?.value)) { + return definitionsRequest.data.value + } + + return [] + }, [definitionsRequest.data]) + + const definitionsMap = useMemo(() => { + const mapping = {} + + definitions.forEach((definition) => { + if (definition?.id) { + mapping[String(definition.id).toLowerCase()] = definition + } + }) + + return mapping + }, [definitions]) + + return { + definitionsMap, + isLoadingDefinitions: + canResolveDefinitions && (definitionsRequest.isLoading || definitionsRequest.isFetching), + isDefinitionsError: canResolveDefinitions && definitionsRequest.isError, + } +} diff --git a/src/layouts/TabbedLayout.jsx b/src/layouts/TabbedLayout.jsx index a085b528b45c..031f363c4dac 100644 --- a/src/layouts/TabbedLayout.jsx +++ b/src/layouts/TabbedLayout.jsx @@ -1,6 +1,8 @@ +import { useMemo } from 'react' import { usePathname, useRouter } from 'next/navigation' import { Box, Divider, Stack, Tab, Tabs } from '@mui/material' import { useSearchParams } from 'next/navigation' +import { ApiGetCall } from '../api/ApiCall' export const TabbedLayout = (props) => { const { tabOptions, children } = props @@ -8,6 +10,25 @@ export const TabbedLayout = (props) => { const pathname = usePathname() const searchParams = useSearchParams() + const featureFlags = ApiGetCall({ + url: '/api/ListFeatureFlags', + queryKey: 'featureFlags', + staleTime: 600000, + }) + + const visibleTabs = useMemo(() => { + if (!featureFlags.isSuccess || !Array.isArray(featureFlags.data)) return tabOptions + + const disabledPages = featureFlags.data + .filter((flag) => flag.Enabled === false || flag.enabled === false) + .flatMap((flag) => flag.Pages || flag.pages || []) + .filter((page) => typeof page === 'string') + + if (disabledPages.length === 0) return tabOptions + + return tabOptions.filter((option) => !disabledPages.includes(option.path)) + }, [tabOptions, featureFlags.isSuccess, featureFlags.data]) + const handleTabsChange = (event, value) => { // Preserve existing query parameters when changing tabs const currentParams = new URLSearchParams(searchParams.toString()) @@ -16,7 +37,7 @@ export const TabbedLayout = (props) => { router.push(newPath) } - const currentTab = tabOptions.find((option) => option.path === pathname) + const currentTab = visibleTabs.find((option) => option.path === pathname) return ( { }, }} > - {tabOptions.map((option) => ( + {visibleTabs.map((option) => ( ))} diff --git a/src/layouts/config.js b/src/layouts/config.js index ec6a017bf71b..a9df0957241d 100644 --- a/src/layouts/config.js +++ b/src/layouts/config.js @@ -301,6 +301,10 @@ export const nativeMenuItems = [ 'Security.Alert.*', 'Tenant.DeviceCompliance.*', 'Security.SafeLinksPolicy.*', + 'Security.DlpCompliancePolicy.*', + 'Security.RetentionCompliancePolicy.*', + 'Security.SensitivityLabel.*', + 'Security.SensitiveInfoType.*', ], items: [ { @@ -383,6 +387,61 @@ export const nativeMenuItems = [ }, ], }, + { + title: 'Purview Compliance', + permissions: [ + 'Security.DlpCompliancePolicy.*', + 'Security.RetentionCompliancePolicy.*', + 'Security.SensitivityLabel.*', + 'Security.SensitiveInfoType.*', + ], + items: [ + { + title: 'DLP Policies', + path: '/security/compliance/dlp', + permissions: ['Security.DlpCompliancePolicy.*'], + }, + { + title: 'DLP Policy Templates', + path: '/security/compliance/dlp-templates', + permissions: ['Security.DlpCompliancePolicy.*'], + scope: 'global', + }, + { + title: 'Retention Policies', + path: '/security/compliance/retention', + permissions: ['Security.RetentionCompliancePolicy.*'], + }, + { + title: 'Retention Policy Templates', + path: '/security/compliance/retention-templates', + permissions: ['Security.RetentionCompliancePolicy.*'], + scope: 'global', + }, + { + title: 'Sensitivity Labels', + path: '/security/compliance/labels', + permissions: ['Security.SensitivityLabel.*'], + }, + { + title: 'Sensitivity Label Templates', + path: '/security/compliance/labels-templates', + permissions: ['Security.SensitivityLabel.*'], + scope: 'global', + }, + { + title: 'Sensitive Information Types', + path: '/security/compliance/sit', + permissions: ['Security.SensitiveInfoType.*'], + }, + { + title: 'Sensitive Info Type Templates', + path: '/security/compliance/sit-templates', + permissions: ['Security.SensitiveInfoType.*'], + scope: 'global', + }, + ], + }, ], }, { @@ -615,6 +674,11 @@ export const nativeMenuItems = [ path: '/email/administration/mailboxes', permissions: ['Exchange.Mailbox.*'], }, + { + title: 'HVE Accounts', + path: '/email/administration/hve-accounts', + permissions: ['Exchange.Mailbox.*'], + }, { title: 'Deleted Mailboxes', path: '/email/administration/deleted-mailboxes', @@ -1045,6 +1109,13 @@ export const nativeMenuItems = [ permissions: ['CIPP.SuperAdmin.*'], scope: 'global', }, + { + title: 'Container Logs', + path: '/cipp/advanced/container-logs', + roles: ['superadmin'], + permissions: ['CIPP.SuperAdmin.*'], + scope: 'global', + }, ], }, ], diff --git a/src/layouts/index.js b/src/layouts/index.js index b741d5bd0ea4..d00dc338a82d 100644 --- a/src/layouts/index.js +++ b/src/layouts/index.js @@ -27,6 +27,8 @@ import { CippImageCard } from '../components/CippCards/CippImageCard' import { useDialog } from '../hooks/use-dialog' import { nativeMenuItems } from './config' import { CippBreadcrumbNav } from '../components/CippComponents/CippBreadcrumbNav' +import { SsoMigrationDialog } from '../components/CippComponents/SsoMigrationDialog' +import { ForcedSsoMigrationDialog } from '../components/CippComponents/ForcedSsoMigrationDialog' const OnboardingWizardPage = dynamic( () => import('../components/CippWizard/OnboardingWizardPage.jsx'), @@ -335,6 +337,8 @@ export const Layout = (props) => { + + {!setupCompleted && ( diff --git a/src/layouts/side-nav.js b/src/layouts/side-nav.js index ec43e9fb857f..5b01ee107331 100644 --- a/src/layouts/side-nav.js +++ b/src/layouts/side-nav.js @@ -1,64 +1,64 @@ -import { useState, useRef, useEffect } from "react"; -import { usePathname } from "next/navigation"; -import PropTypes from "prop-types"; -import { Box, Divider, Drawer, Stack } from "@mui/material"; -import { SideNavItem } from "./side-nav-item"; -import { SideNavBookmarks } from "./side-nav-bookmarks"; -import { ApiGetCall } from "../api/ApiCall.jsx"; -import { CippSponsor } from "../components/CippComponents/CippSponsor"; -import { useSettings } from "../hooks/use-settings"; - -const SIDE_NAV_WIDTH = 270; -const SIDE_NAV_COLLAPSED_WIDTH = 73; // icon size + padding + border right -const TOP_NAV_HEIGHT = 64; +import { useState, useRef, useEffect } from 'react' +import { usePathname } from 'next/navigation' +import PropTypes from 'prop-types' +import { Box, Divider, Drawer, Stack } from '@mui/material' +import { SideNavItem } from './side-nav-item' +import { SideNavBookmarks } from './side-nav-bookmarks' +import { ApiGetCall } from '../api/ApiCall.jsx' +import { CippSponsor } from '../components/CippComponents/CippSponsor' +import { useSettings } from '../hooks/use-settings' + +const SIDE_NAV_WIDTH = 290 +const SIDE_NAV_COLLAPSED_WIDTH = 73 // icon size + padding + border right +const TOP_NAV_HEIGHT = 64 const isPathPrefix = (pathname, itemPath) => { - if (!pathname || !itemPath) return false; - if (pathname === itemPath) return true; + if (!pathname || !itemPath) return false + if (pathname === itemPath) return true // Root "/" maps to /dashboardv2 under the hood - if (itemPath === "/") return pathname.startsWith("/dashboardv2"); - return pathname.startsWith(itemPath + "/") || pathname.startsWith(itemPath + "?"); -}; + if (itemPath === '/') return pathname.startsWith('/dashboardv2') + return pathname.startsWith(itemPath + '/') || pathname.startsWith(itemPath + '?') +} const markOpenItems = (items, pathname) => { return items.map((item) => { - const checkPath = !!(item.path && pathname); - const exactMatch = checkPath ? pathname === item.path : false; - const partialMatch = checkPath ? isPathPrefix(pathname, item.path) : false; + const checkPath = !!(item.path && pathname) + const exactMatch = checkPath ? pathname === item.path : false + const partialMatch = checkPath ? isPathPrefix(pathname, item.path) : false - let openImmediately = exactMatch; - let newItems = item.items || []; + let openImmediately = exactMatch + let newItems = item.items || [] if (newItems.length > 0) { - newItems = markOpenItems(newItems, pathname); - const childOpen = newItems.some((child) => child.openImmediately); - openImmediately = openImmediately || childOpen || exactMatch; // Ensure parent opens if child is open + newItems = markOpenItems(newItems, pathname) + const childOpen = newItems.some((child) => child.openImmediately) + openImmediately = openImmediately || childOpen || exactMatch // Ensure parent opens if child is open } else { - openImmediately = openImmediately || partialMatch; // Leaf items open on partial match + openImmediately = openImmediately || partialMatch // Leaf items open on partial match } return { ...item, items: newItems, openImmediately, - }; - }); -}; + } + }) +} -const renderItems = ({ collapse = false, depth = 0, items, pathname, category = "" }) => +const renderItems = ({ collapse = false, depth = 0, items, pathname, category = '' }) => items.reduce( (acc, item) => reduceChildRoutes({ acc, collapse, depth, item, pathname, category }), [] - ); + ) const reduceChildRoutes = ({ acc, collapse, depth, item, pathname, category }) => { - const checkPath = !!(item.path && pathname); - const exactMatch = checkPath && pathname === item.path; - const partialMatch = checkPath ? isPathPrefix(pathname, item.path) : false; + const checkPath = !!(item.path && pathname) + const exactMatch = checkPath && pathname === item.path + const partialMatch = checkPath ? isPathPrefix(pathname, item.path) : false - const hasChildren = item.items && item.items.length > 0; - const isActive = exactMatch || (partialMatch && !hasChildren); - const currentCategory = depth === 0 && item.type === "header" ? item.title : category; + const hasChildren = item.items && item.items.length > 0 + const isActive = exactMatch || (partialMatch && !hasChildren) + const currentCategory = depth === 0 && item.type === 'header' ? item.title : category if (hasChildren) { acc.push( @@ -80,7 +80,7 @@ const reduceChildRoutes = ({ acc, collapse, depth, item, pathname, category }) = component="ul" spacing={0.5} sx={{ - listStyle: "none", + listStyle: 'none', m: 0, p: 0, }} @@ -94,7 +94,7 @@ const reduceChildRoutes = ({ acc, collapse, depth, item, pathname, category }) = })} - ); + ) } else { acc.push( - ); + ) } - return acc; -}; + return acc +} export const SideNav = (props) => { - const { items, onPin, pinned = false } = props; - const pathname = usePathname(); - const [hovered, setHovered] = useState(false); - const collapse = !(pinned || hovered); - const { data: profile } = ApiGetCall({ url: "/api/me", queryKey: "authmecipp" }); - const settings = useSettings(); - const showSidebarBookmarks = settings.bookmarkSidebar !== false; - const paperRef = useRef(null); + const { items, onPin, pinned = false } = props + const pathname = usePathname() + const [hovered, setHovered] = useState(false) + const collapse = !(pinned || hovered) + const { data: profile } = ApiGetCall({ url: '/api/me', queryKey: 'authmecipp' }) + const settings = useSettings() + const showSidebarBookmarks = settings.bookmarkSidebar !== false + const paperRef = useRef(null) // Intercept wheel events on the side nav to fully isolate scroll. // preventDefault stops wheel events from reaching the main content, // and manual scrollTop has no momentum so it stops instantly when the cursor leaves. // Uses RAF-based easing to smooth out discrete mouse wheel jumps. useEffect(() => { - const el = paperRef.current; - if (!el) return; + const el = paperRef.current + if (!el) return - let targetScrollTop = el.scrollTop; - let animating = false; + let targetScrollTop = el.scrollTop + let animating = false const animate = () => { - const diff = targetScrollTop - el.scrollTop; + const diff = targetScrollTop - el.scrollTop if (Math.abs(diff) < 0.5) { - el.scrollTop = targetScrollTop; - animating = false; - return; + el.scrollTop = targetScrollTop + animating = false + return } - el.scrollTop += diff * 0.25; - requestAnimationFrame(animate); - }; + el.scrollTop += diff * 0.25 + requestAnimationFrame(animate) + } const handleWheel = (e) => { - e.preventDefault(); - const maxScroll = el.scrollHeight - el.clientHeight; - targetScrollTop = Math.max(0, Math.min(maxScroll, targetScrollTop + e.deltaY)); + e.preventDefault() + const maxScroll = el.scrollHeight - el.clientHeight + targetScrollTop = Math.max(0, Math.min(maxScroll, targetScrollTop + e.deltaY)) if (!animating) { - animating = true; - requestAnimationFrame(animate); + animating = true + requestAnimationFrame(animate) } - }; + } - el.addEventListener("wheel", handleWheel, { passive: false }); - return () => el.removeEventListener("wheel", handleWheel); - }, []); + el.addEventListener('wheel', handleWheel, { passive: false }) + return () => el.removeEventListener('wheel', handleWheel) + }, []) // Preprocess items to mark which should be open - const processedItems = markOpenItems(items, pathname); + const processedItems = markOpenItems(items, pathname) return ( <> {profile?.clientPrincipal && profile?.clientPrincipal?.userRoles?.length > 2 && ( @@ -174,13 +174,13 @@ export const SideNav = (props) => { onMouseEnter: () => setHovered(true), onMouseLeave: () => setHovered(false), sx: { - backgroundColor: "background.default", + backgroundColor: 'background.default', height: `calc(100% - ${TOP_NAV_HEIGHT}px)`, - overflowX: "hidden", - overflowY: "auto", - scrollbarGutter: "stable", + overflowX: 'hidden', + overflowY: 'auto', + scrollbarGutter: 'stable', top: TOP_NAV_HEIGHT, - transition: "width 250ms ease-in-out", + transition: 'width 250ms ease-in-out', width: collapse ? SIDE_NAV_COLLAPSED_WIDTH : SIDE_NAV_WIDTH, zIndex: (theme) => theme.zIndex.appBar - 100, }, @@ -189,9 +189,9 @@ export const SideNav = (props) => { @@ -199,7 +199,7 @@ export const SideNav = (props) => { component="ul" sx={{ flexGrow: 1, - listStyle: "none", + listStyle: 'none', m: 0, p: 0, }} @@ -218,24 +218,24 @@ export const SideNav = (props) => { items: processedItems, pathname, })} - {" "} + {' '} {/* Add this closing tag */} {profile?.clientPrincipal && ( )} - {" "} + {' '} {/* Closing tag for the parent Box */} )} - ); -}; + ) +} SideNav.propTypes = { onPin: PropTypes.func, pinned: PropTypes.bool, -}; +} diff --git a/src/pages/_app.js b/src/pages/_app.js index f924bd5f626e..aa387f0417fa 100644 --- a/src/pages/_app.js +++ b/src/pages/_app.js @@ -80,6 +80,11 @@ const App = (props) => { useEffect(() => { if (typeof window === 'undefined') return + // Register minimal service worker for Chrome installability + if ('serviceWorker' in navigator) { + navigator.serviceWorker.register('/sw.js').catch(() => {}) + } + const language = navigator.language || navigator.userLanguage || 'en-US' const baseLang = language.split('-')[0] diff --git a/src/pages/_document.js b/src/pages/_document.js index c764cde02995..4cceb2676ef2 100644 --- a/src/pages/_document.js +++ b/src/pages/_document.js @@ -8,6 +8,12 @@ class CustomDocument extends Document { return ( + + + + + + { + switch (level) { + case "CRT": + return "error"; + case "ERR": + return "error"; + case "WRN": + return "warning"; + case "INF": + return "info"; + case "DBG": + return "default"; + default: + return "default"; + } +}; + +const getLevelLabel = (level) => { + switch (level) { + case "CRT": + return "Critical"; + case "ERR": + return "Error"; + case "WRN": + return "Warning"; + case "INF": + return "Info"; + case "DBG": + return "Debug"; + case "TRC": + return "Trace"; + default: + return level || "Unknown"; + } +}; + +const ContainerLogsFilter = ({ onSubmitFilter }) => { + const [expanded, setExpanded] = useState(true); + const [tabValue, setTabValue] = useState(0); // 0 = Query, 1 = Guided + const [selectedPreset, setSelectedPreset] = useState(null); + + // Query mode form + const queryForm = useForm({ + mode: "onChange", + defaultValues: { + queryPreset: null, + query: 'where Timestamp > ago(1h)\n| take 500\n| sort by Timestamp desc', + }, + }); + + const queryValue = useWatch({ control: queryForm.control, name: "query" }); + const queryPreset = useWatch({ control: queryForm.control, name: "queryPreset" }); + + // Guided mode form + const guidedForm = useForm({ + mode: "onChange", + defaultValues: { + timeRange: "60", + level: "", + search: "", + exclude: "", + regex: "", + file: "", + tail: "500", + searchAll: false, + sortDesc: true, + fromDate: "", + toDate: "", + }, + }); + + const timeRange = useWatch({ control: guidedForm.control, name: "timeRange" }); + + // Preset options (built-in only — no API save/load for container log presets) + const presetOptions = useMemo( + () => + defaultPresets.map((preset) => ({ + label: preset.name, + value: preset.id, + query: preset.query, + isBuiltin: true, + })), + [] + ); + + // Load preset when selected + useEffect(() => { + if (queryPreset) { + const preset = Array.isArray(queryPreset) ? queryPreset[0] : queryPreset; + if (preset?.query) { + queryForm.setValue("query", preset.query); + setSelectedPreset(preset); + queryForm.setValue("queryPreset", null); + } + } + }, [queryPreset, queryForm]); + + const fileListQuery = ApiGetCall({ + url: "/api/ListContainerLogs", + data: { Action: "ListFiles" }, + queryKey: "ContainerLogFiles", + }); + + const fileOptions = useMemo(() => { + const opts = [{ label: "Current Log", value: "" }]; + if (fileListQuery.isSuccess && fileListQuery.data?.Results) { + fileListQuery.data.Results.forEach((f) => { + if (!f.IsCurrent) { + opts.push({ + label: `${f.Name} (${f.SizeFormatted})`, + value: f.Name, + }); + } + }); + } + return opts; + }, [fileListQuery.isSuccess, fileListQuery.data]); + + // Submit query mode + const handleQuerySubmit = queryForm.handleSubmit((values) => { + if (values.query && values.query.trim()) { + onSubmitFilter({ + Action: "Query", + Query: values.query.trim(), + }); + setExpanded(false); + } + }); + + // Submit guided mode + const handleGuidedSubmit = guidedForm.handleSubmit((values) => { + const params = { + Action: values.searchAll ? "SearchAll" : "ReadLog", + Tail: values.tail || "500", + }; + + if (values.sortDesc) params.SortDesc = "true"; + + // Level filter + const levelVal = Array.isArray(values.level) ? values.level[0]?.value : values.level; + if (levelVal) params.Level = levelVal; + + // Search text + if (values.search) params.Search = values.search; + + // Exclude text + if (values.exclude) params.Exclude = values.exclude; + + // Regex pattern + if (values.regex) params.Regex = values.regex; + + // File selection + const fileVal = Array.isArray(values.file) ? values.file[0]?.value : values.file; + if (fileVal && !values.searchAll) params.File = fileVal; + + // Time range + const rangeVal = Array.isArray(values.timeRange) + ? values.timeRange[0]?.value + : values.timeRange; + if (rangeVal === "custom") { + if (values.fromDate) params.From = new Date(values.fromDate).toISOString(); + if (values.toDate) params.To = new Date(values.toDate).toISOString(); + } else if (rangeVal && rangeVal !== "") { + const minutes = parseInt(rangeVal, 10); + if (!isNaN(minutes)) { + params.From = new Date(Date.now() - minutes * 60 * 1000).toISOString(); + } + } + + onSubmitFilter(params); + setExpanded(false); + }); + + const handleClear = () => { + if (tabValue === 0) { + queryForm.reset(); + setSelectedPreset(null); + } else { + guidedForm.reset(); + } + onSubmitFilter(null); + setExpanded(true); + }; + + return ( + setExpanded(!expanded)}> + }> + Log Query + + + + setTabValue(v)} + sx={{ borderBottom: 1, borderColor: "divider" }} + > + + + + + {/* ── Tab 0: Query Editor ── */} + {tabValue === 0 && ( + + + + Query Syntax + + Use a KQL-inspired pipe syntax to filter container logs. Separate clauses with{" "} + |. Supported operators: + + + where Level == "ERR" — exact level +
    + where Level in ("ERR", "CRT") — multiple + levels +
    + where Level != "DBG" — exclude level +
    + where Message contains "text" — search +
    + where Message !contains "text" — exclude +
    + where Message matches regex "err|fail" — regex +
    + where Timestamp > ago(1h) — relative time (s/m/h/d/w) +
    + where Timestamp between (ago(2h) .. ago(1h)) — range +
    + take 500 — limit results +
    + sort by Timestamp desc — newest first +
    + search all files — include rotated logs +     +     + + + + + + + + ago(1h)\n| take 500\n| sort by Timestamp desc`} + sx={{ + "& textarea": { + fontFamily: "monospace", + fontSize: "0.875rem", + }, + }} + /> + + + + + +     +     + )} + + {/* ── Tab 1: Guided Filter ── */} + {tabValue === 1 && ( + + + + Search the local container log files directly. Logs are rotated by size and + retained on disk. Use “Search All Files” to search across rotated log + files. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + {(Array.isArray(timeRange) ? timeRange[0]?.value : timeRange) === "custom" && ( + + + + + + + + + )} + + + + + + + + + + + + + + + + + )} +     +     +     + ); +}; + +const Page = () => { + const [apiFilter, setApiFilter] = useState(null); + const queryKey = JSON.stringify(apiFilter); + + return ( + + + + + + } + clearOnError={true} + offCanvas={{ + size: "lg", + children: (row) => { + const levelColor = getLevelColor(row.Level); + return ( + + + + + + + {row.Timestamp} + + + + + + Message + + + + {row.Message} + + + + {row.Raw && row.Raw !== row.Message && ( + + + Raw Log Line + + + + {row.Raw} + + + + )} + + + ); + }, + }} + title="Container Logs" + tenantInTitle={false} + apiDataKey="Results" + apiUrl={apiFilter ? "/api/ListContainerLogs" : "/api/ListEmptyResults"} + apiData={apiFilter} + queryKey={queryKey} + simpleColumns={["Timestamp", "Level", "Message"]} + actions={[]} + /> + ); +}; + +Page.getLayout = (page) => {page}; + +export default Page; diff --git a/src/pages/cipp/advanced/super-admin/cipp-users.js b/src/pages/cipp/advanced/super-admin/cipp-users.js new file mode 100644 index 000000000000..8fe35569ef16 --- /dev/null +++ b/src/pages/cipp/advanced/super-admin/cipp-users.js @@ -0,0 +1,33 @@ +import { TabbedLayout } from "../../../../layouts/TabbedLayout"; +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import tabOptions from "./tabOptions"; +import CippPageCard from "../../../../components/CippCards/CippPageCard"; +import { CippUserManagement } from "../../../../components/CippSettings/CippUserManagement"; +import { CardContent, Stack, Alert } from "@mui/material"; + +const Page = () => { + return ( + + + + + Manage users who can access CIPP. Add users by their email address (UPN) and assign + them built-in or custom roles. Users not in this list will still be able to log in if + "Allow All Tenant Users" is enabled, but they will only receive default + (authenticated) permissions. Role resolution also considers Entra group mappings + configured on the CIPP Roles page. + + + + + + ); +}; + +Page.getLayout = (page) => ( + + {page} + +); + +export default Page; diff --git a/src/pages/cipp/advanced/super-admin/container.js b/src/pages/cipp/advanced/super-admin/container.js new file mode 100644 index 000000000000..9fb8a701174b --- /dev/null +++ b/src/pages/cipp/advanced/super-admin/container.js @@ -0,0 +1,21 @@ +import { Container } from "@mui/material"; +import { TabbedLayout } from "../../../../layouts/TabbedLayout"; +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import tabOptions from "./tabOptions"; +import { CippContainerManagement } from "../../../../components/CippSettings/CippContainerManagement"; + +const Page = () => { + return ( + + + + ); +}; + +Page.getLayout = (page) => ( + + {page} + +); + +export default Page; diff --git a/src/pages/cipp/advanced/super-admin/sso.js b/src/pages/cipp/advanced/super-admin/sso.js new file mode 100644 index 000000000000..fc5b112f3f1c --- /dev/null +++ b/src/pages/cipp/advanced/super-admin/sso.js @@ -0,0 +1,26 @@ +import { Container } from "@mui/material"; +import { Grid } from "@mui/system"; +import { TabbedLayout } from "../../../../layouts/TabbedLayout"; +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import tabOptions from "./tabOptions"; +import { CippSSOSettings } from "../../../../components/CippSettings/CippSSOSettings"; + +const Page = () => { + return ( + + + + + + + + ); +}; + +Page.getLayout = (page) => ( + + {page} + +); + +export default Page; diff --git a/src/pages/cipp/advanced/super-admin/tabOptions.json b/src/pages/cipp/advanced/super-admin/tabOptions.json index 672df76996c6..fbccb6b73c55 100644 --- a/src/pages/cipp/advanced/super-admin/tabOptions.json +++ b/src/pages/cipp/advanced/super-admin/tabOptions.json @@ -22,5 +22,17 @@ { "label": "SAM App Permissions", "path": "/cipp/advanced/super-admin/sam-app-permissions" + }, + { + "label": "CIPP Users", + "path": "/cipp/advanced/super-admin/cipp-users" + }, + { + "label": "SSO", + "path": "/cipp/advanced/super-admin/sso" + }, + { + "label": "Container Management", + "path": "/cipp/advanced/super-admin/container" } ] diff --git a/src/pages/cipp/integrations/index.js b/src/pages/cipp/integrations/index.js index 60ee764853b4..6d3f24f86ee4 100644 --- a/src/pages/cipp/integrations/index.js +++ b/src/pages/cipp/integrations/index.js @@ -68,45 +68,83 @@ const Page = () => { status = 'Enabled' } - return ( - - - + {extension.comingSoon && ( + + Coming Soon + + )} + + - - {extension?.logo && ( + {extension?.logo && ( + + )} + + + {extension.description} + + +
    + + + {extension.comingSoon ? ( + <> - )} - - {extension.description} - - -
    - - + Coming Soon + + ) : ( + <> {integrations.isSuccess ? ( { {integrations.isSuccess ? status : 'Loading'} - - - - + + )} + + + + ) + + return ( + + {extension.comingSoon ? ( + cardContent + ) : ( + + {cardContent} + + )} ) })} diff --git a/src/pages/cipp/settings/features.js b/src/pages/cipp/settings/features.js index 15b6fd3a111e..d630e93eb2ba 100644 --- a/src/pages/cipp/settings/features.js +++ b/src/pages/cipp/settings/features.js @@ -59,6 +59,7 @@ const Page = () => { offCanvas={offCanvas} simpleColumns={simpleColumns} tenantInTitle={false} + dataFilter={(row) => !row.Hidden} /> ); }; diff --git a/src/pages/email/administration/hve-accounts/index.js b/src/pages/email/administration/hve-accounts/index.js new file mode 100644 index 000000000000..265884d44650 --- /dev/null +++ b/src/pages/email/administration/hve-accounts/index.js @@ -0,0 +1,204 @@ +import { Layout as DashboardLayout } from '../../../../layouts/index.js' +import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' +import { CippHVEUserDrawer } from '../../../../components/CippComponents/CippHVEUserDrawer.jsx' +import { useCippReportDB } from '../../../../components/CippComponents/CippReportDBControls' +import { Stack } from '@mui/system' +import { TrashIcon } from '@heroicons/react/24/outline' +import { + Edit, + AlternateEmail, + Receipt, + RemoveCircleOutline, + Reply, +} from '@mui/icons-material' + +const Page = () => { + const pageTitle = 'HVE Accounts' + + const reportDB = useCippReportDB({ + apiUrl: '/api/ListHVEAccounts', + queryKey: 'ListHVEAccounts', + cacheName: 'HVEAccounts', + syncTitle: 'Sync HVE Accounts', + allowToggle: true, + defaultCached: true, + }) + + const actions = [ + { + label: 'Edit Display Name', + type: 'POST', + url: '/api/ExecHVEUser', + icon: , + data: { Identity: 'primarySmtpAddress', Action: 'Edit' }, + fields: [ + { + type: 'textField', + name: 'DisplayName', + label: 'Display Name', + }, + ], + confirmText: 'Update display name for [primarySmtpAddress]', + hideBulk: true, + }, + { + label: 'Set Reply-To Address', + type: 'POST', + url: '/api/ExecHVEUser', + icon: , + data: { Identity: 'primarySmtpAddress', Action: 'Edit' }, + fields: [ + { + type: 'textField', + name: 'ReplyTo', + label: 'Reply-To Address', + placeholder: 'e.g. replies@contoso.com (leave empty to clear)', + }, + ], + confirmText: 'Update reply-to address for [primarySmtpAddress]', + hideBulk: true, + }, + { + label: 'Change Primary SMTP Address', + type: 'POST', + url: '/api/ExecHVEUser', + icon: , + data: { Identity: 'primarySmtpAddress', Action: 'Edit' }, + fields: [ + { + type: 'textField', + name: 'username', + label: 'Username (local part)', + placeholder: 'e.g. hveaccount01', + }, + { + type: 'autoComplete', + name: 'domain', + label: 'Domain', + api: { + url: '/api/ListGraphRequest', + dataKey: 'Results', + queryKey: 'listDomains-hve', + labelField: (option) => option.id, + valueField: 'id', + addedField: { + isDefault: 'isDefault', + isVerified: 'isVerified', + }, + data: { + Endpoint: 'domains', + manualPagination: true, + $count: true, + $top: 99, + }, + dataFilter: (domains) => + domains + .filter((d) => d?.addedFields?.isVerified === true) + .sort((a, b) => { + if (a.addedFields?.isDefault === true) return -1 + if (b.addedFields?.isDefault === true) return 1 + return 0 + }), + }, + }, + ], + confirmText: 'Change primary SMTP address for [primarySmtpAddress]', + hideBulk: true, + }, + { + label: 'Assign Billing Policy', + type: 'POST', + url: '/api/ExecHVEUser', + icon: , + data: { Identity: 'primarySmtpAddress', Action: 'AssignBillingPolicy' }, + fields: [ + { + type: 'autoComplete', + name: 'BillingPolicyId', + label: 'Billing Policy', + multiple: false, + api: { + url: '/api/ListHVEAccounts', + queryKey: 'ListHVEBillingPolicies', + labelField: (option) => + `${option.Name || option.BillingPolicyName || option.BillingPolicyId} (${option.BillingPolicyId || option.Guid || option.Identity})`, + valueField: (option) => option.BillingPolicyId || option.Guid || option.Identity, + data: { + ListBillingPolicies: true, + }, + }, + }, + ], + confirmText: 'Assign billing policy to [primarySmtpAddress]. Current policy: [BillingPolicyName]', + hideBulk: true, + }, + { + label: 'Remove Billing Policy', + type: 'POST', + url: '/api/ExecHVEUser', + icon: , + data: { Identity: 'primarySmtpAddress', Action: 'RemoveBillingPolicy' }, + confirmText: + 'Remove billing policy [BillingPolicyName] from [primarySmtpAddress]?', + condition: (row) => row.BillingPolicyName && row.BillingPolicyName !== 'None', + hideBulk: true, + }, + { + label: 'Delete HVE Account', + type: 'POST', + icon: , + url: '/api/ExecHVEUser', + data: { Identity: 'primarySmtpAddress', Action: 'Remove' }, + confirmText: 'Are you sure you want to delete HVE account [primarySmtpAddress]?', + multiPost: false, + }, + ] + + const offCanvas = { + extendedInfoFields: [ + 'displayName', + 'primarySmtpAddress', + 'Alias', + 'AdditionalEmailAddresses', + 'BillingPolicyName', + 'BillingPolicyId', + 'WhenCreated', + 'ExternalDirectoryObjectId', + ], + actions: actions, + } + + const simpleColumns = [ + ...reportDB.cacheColumns.filter((c) => c === 'Tenant'), + 'displayName', + 'primarySmtpAddress', + 'Alias', + 'WhenCreated', + 'AdditionalEmailAddresses', + ...reportDB.cacheColumns.filter((c) => c !== 'Tenant'), + ] + + return ( + <> + + + {reportDB.controls} + + } + /> + {reportDB.syncDialog} + + ) +} + +Page.getLayout = (page) => {page} + +export default Page diff --git a/src/pages/email/administration/mailbox-rules/index.js b/src/pages/email/administration/mailbox-rules/index.js index 4b9a9ece88cb..98f0d076caff 100644 --- a/src/pages/email/administration/mailbox-rules/index.js +++ b/src/pages/email/administration/mailbox-rules/index.js @@ -1,90 +1,97 @@ -import { Layout as DashboardLayout } from "../../../../layouts/index.js"; -import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; -import { getCippTranslation } from "../../../../utils/get-cipp-translation"; -import { getCippFormatting } from "../../../../utils/get-cipp-formatting"; -import { CippPropertyListCard } from "../../../../components/CippCards/CippPropertyListCard"; -import { Block, PlayArrow, DeleteForever } from "@mui/icons-material"; -import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; +import { Layout as DashboardLayout } from '../../../../layouts/index.js' +import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' +import { getCippTranslation } from '../../../../utils/get-cipp-translation' +import { getCippFormatting } from '../../../../utils/get-cipp-formatting' +import { CippPropertyListCard } from '../../../../components/CippCards/CippPropertyListCard' +import { Block, PlayArrow, DeleteForever } from '@mui/icons-material' +import { useCippReportDB } from '../../../../components/CippComponents/CippReportDBControls' const Page = () => { - const pageTitle = "Mailbox Rules"; + const pageTitle = 'Mailbox Rules' const reportDB = useCippReportDB({ - apiUrl: "/api/ListMailboxRules", - queryKey: "ListMailboxRules", - cacheName: "Mailboxes", - syncTitle: "Sync Mailbox Rules", - syncData: { Types: "Rules" }, + apiUrl: '/api/ListMailboxRules', + queryKey: 'ListMailboxRules', + cacheName: 'Mailboxes', + syncTitle: 'Sync Mailbox Rules', + syncData: { Types: 'Rules' }, allowToggle: false, defaultCached: true, - }); + }) const simpleColumns = [ - ...reportDB.cacheColumns.filter((c) => c === "Tenant"), - "UserPrincipalName", - "Name", - "Priority", - "Enabled", - "From", - ...reportDB.cacheColumns.filter((c) => c !== "Tenant"), - ]; + ...reportDB.cacheColumns.filter((c) => c === 'Tenant'), + 'UserPrincipalName', + 'Name', + 'Priority', + 'Enabled', + 'From', + ...reportDB.cacheColumns.filter((c) => c !== 'Tenant'), + ] const actions = [ { - label: "Enable Mailbox Rule", - type: "POST", + label: 'Enable Mailbox Rule', + type: 'POST', icon: , - url: "/api/ExecSetMailboxRule", + url: '/api/ExecSetMailboxRule', data: { - ruleId: "Identity", - userPrincipalName: "OperationGuid", - ruleName: "Name", + ruleId: 'Identity', + userPrincipalName: 'OperationGuid', + ruleName: 'Name', Enable: true, + tenantFilter: 'Tenant', }, condition: (row) => !row.Enabled, - confirmText: "Are you sure you want to enable this mailbox rule?", + confirmText: 'Are you sure you want to enable this mailbox rule?', multiPost: false, }, { - label: "Disable Mailbox Rule", - type: "POST", + label: 'Disable Mailbox Rule', + type: 'POST', icon: , - url: "/api/ExecSetMailboxRule", + url: '/api/ExecSetMailboxRule', data: { - ruleId: "Identity", - userPrincipalName: "OperationGuid", - ruleName: "Name", + ruleId: 'Identity', + userPrincipalName: 'OperationGuid', + ruleName: 'Name', Disable: true, + tenantFilter: 'Tenant', }, condition: (row) => row.Enabled, - confirmText: "Are you sure you want to disable this mailbox rule?", + confirmText: 'Are you sure you want to disable this mailbox rule?', multiPost: false, }, { - label: "Remove Mailbox Rule", - type: "POST", + label: 'Remove Mailbox Rule', + type: 'POST', icon: , - url: "/api/ExecRemoveMailboxRule", - data: { ruleId: "Identity", userPrincipalName: "OperationGuid", ruleName: "Name" }, - confirmText: "Are you sure you want to remove this mailbox rule?", + url: '/api/ExecRemoveMailboxRule', + data: { + ruleId: 'Identity', + userPrincipalName: 'OperationGuid', + ruleName: 'Name', + tenantFilter: 'Tenant', + }, + confirmText: 'Are you sure you want to remove this mailbox rule?', multiPost: false, }, - ]; + ] const offCanvas = { children: (data) => { const keys = Object.keys(data).filter( - (key) => !key.includes("@odata") && !key.includes("@data"), - ); - const properties = []; + (key) => !key.includes('@odata') && !key.includes('@data') + ) + const properties = [] keys.forEach((key) => { if (data[key] && data[key].length > 0) { properties.push({ label: getCippTranslation(key), value: getCippFormatting(data[key], key), - }); + }) } - }); + }) return ( { actionItems={actions} data={data} /> - ); + ) }, - }; + } return ( <> @@ -111,8 +118,8 @@ const Page = () => { /> {reportDB.syncDialog} - ); -}; + ) +} -Page.getLayout = (page) => {page}; -export default Page; +Page.getLayout = (page) => {page} +export default Page diff --git a/src/pages/email/administration/mailboxes/index.js b/src/pages/email/administration/mailboxes/index.js index f0187d414983..01bc84afae65 100644 --- a/src/pages/email/administration/mailboxes/index.js +++ b/src/pages/email/administration/mailboxes/index.js @@ -1,7 +1,6 @@ import { Layout as DashboardLayout } from '../../../../layouts/index.js' import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' import CippExchangeActions from '../../../../components/CippComponents/CippExchangeActions' -import { CippHVEUserDrawer } from '../../../../components/CippComponents/CippHVEUserDrawer.jsx' import { CippSharedMailboxDrawer } from '../../../../components/CippComponents/CippSharedMailboxDrawer.jsx' import { useCippReportDB } from '../../../../components/CippComponents/CippReportDBControls' import { Stack } from '@mui/system' @@ -71,7 +70,6 @@ const Page = () => { cardButton={ - {reportDB.controls} } diff --git a/src/pages/email/administration/tenant-allow-block-list-templates/index.js b/src/pages/email/administration/tenant-allow-block-list-templates/index.js index 85de23ce2ec4..4e945b486c4d 100644 --- a/src/pages/email/administration/tenant-allow-block-list-templates/index.js +++ b/src/pages/email/administration/tenant-allow-block-list-templates/index.js @@ -1,13 +1,26 @@ +import { useState } from 'react' import { Layout as DashboardLayout } from '../../../../layouts/index.js' import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' -import { Delete } from '@mui/icons-material' +import { Delete, Edit } from '@mui/icons-material' import CippJsonView from '../../../../components/CippFormPages/CippJSONView' import { CippTenantAllowBlockListTemplateDrawer } from '../../../../components/CippComponents/CippTenantAllowBlockListTemplateDrawer.jsx' const Page = () => { const pageTitle = 'Tenant Allow/Block List Templates' + const [editDrawerVisible, setEditDrawerVisible] = useState(false) + const [editData, setEditData] = useState(null) const actions = [ + { + label: 'Edit Template', + noConfirm: true, + customFunction: (row) => { + setEditData(row) + setEditDrawerVisible(true) + }, + icon: , + color: 'primary', + }, { label: 'Delete Template', type: 'POST', @@ -36,18 +49,26 @@ const Page = () => { ] return ( - - } - /> + <> + } + /> + { + setEditDrawerVisible(visible) + if (!visible) setEditData(null) + }} + /> + ) } diff --git a/src/pages/email/tools/message-trace/index.js b/src/pages/email/tools/message-trace/index.js index 56ccf9bcd20a..d5876859b182 100644 --- a/src/pages/email/tools/message-trace/index.js +++ b/src/pages/email/tools/message-trace/index.js @@ -347,6 +347,5 @@ const Page = () => { ); }; -Page.getLayout = (page) => {page}; - +Page.getLayout = (page) => {page}; export default Page; diff --git a/src/pages/endpoint/MEM/assignment-filters/index.js b/src/pages/endpoint/MEM/assignment-filters/index.js index 462647494c98..bedf0ef1ada4 100644 --- a/src/pages/endpoint/MEM/assignment-filters/index.js +++ b/src/pages/endpoint/MEM/assignment-filters/index.js @@ -5,11 +5,19 @@ import Link from "next/link"; import { TrashIcon } from "@heroicons/react/24/outline"; import { Edit, Add, Book } from "@mui/icons-material"; import { Stack } from "@mui/system"; -import { useSettings } from "../../../../hooks/use-settings"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; const Page = () => { const pageTitle = "Assignment Filters"; - const { currentTenant } = useSettings(); + + const reportDB = useCippReportDB({ + apiUrl: "/api/ListAssignmentFilters", + queryKey: "assignment-filters", + cacheName: "IntuneAssignmentFilters", + syncTitle: "Sync Assignment Filters Report", + allowToggle: true, + defaultCached: false, + }); const actions = [ { @@ -62,28 +70,35 @@ const Page = () => { actions: actions, }; + const simpleColumns = [ + ...reportDB.cacheColumns, + "displayName", + "description", + "platform", + "assignmentFilterManagementType", + "rule", + ]; + return ( - - - - } - apiUrl="/api/ListAssignmentFilters" - queryKey={`assignment-filters-${currentTenant}`} - actions={actions} - offCanvas={offCanvas} - simpleColumns={[ - "displayName", - "description", - "platform", - "assignmentFilterManagementType", - "rule", - ]} - /> + <> + + + {reportDB.controls} + + } + apiUrl={reportDB.resolvedApiUrl} + queryKey={reportDB.resolvedQueryKey} + actions={actions} + offCanvas={offCanvas} + simpleColumns={simpleColumns} + /> + {reportDB.syncDialog} + ); }; diff --git a/src/pages/endpoint/MEM/compare-policies/index.js b/src/pages/endpoint/MEM/compare-policies/index.js index da74c739462b..80b660e666a1 100644 --- a/src/pages/endpoint/MEM/compare-policies/index.js +++ b/src/pages/endpoint/MEM/compare-policies/index.js @@ -4,7 +4,7 @@ import { ApiPostCall } from "../../../../api/ApiCall"; import { CippFormComponent } from "../../../../components/CippComponents/CippFormComponent"; import { CippFormCondition } from "../../../../components/CippComponents/CippFormCondition"; import { CippFormTenantSelector } from "../../../../components/CippComponents/CippFormTenantSelector"; -import { CippCodeBlock } from "../../../../components/CippComponents/CippCodeBlock"; +import CippJsonView from "../../../../components/CippFormPages/CippJSONView"; import { Box, Button, @@ -19,16 +19,12 @@ import { TableHead, TableRow, Paper, - Accordion, - AccordionSummary, - AccordionDetails, Alert, Stack, Chip, Skeleton, } from "@mui/material"; import { - ExpandMore as ExpandMoreIcon, CompareArrows as CompareArrowsIcon, CheckCircle as CheckCircleIcon, Error as ErrorIcon, @@ -359,14 +355,10 @@ const Page = () => { return errData?.Results || compareApi.error?.message || "An error occurred"; }, [compareApi.isError, compareApi.error]); - const sourceAJson = useMemo( - () => (results?.sourceAData ? JSON.stringify(results.sourceAData, null, 2) : ""), - [results?.sourceAData], - ); - const sourceBJson = useMemo( - () => (results?.sourceBData ? JSON.stringify(results.sourceBData, null, 2) : ""), - [results?.sourceBData], - ); + const comparisonRows = useMemo(() => { + if (!Array.isArray(results?.Results)) return []; + return results.Results.filter(Boolean); + }, [results?.Results]); return ( @@ -418,14 +410,14 @@ const Page = () => { > {results.identical ? "Policies are identical - no differences found." - : `${results.Results?.length || 0} difference${results.Results?.length === 1 ? "" : "s"} found between policies.`} + : `${comparisonRows.length} difference${comparisonRows.length === 1 ? "" : "s"} found between policies.`} A: {results.sourceALabel} — B:{" "} {results.sourceBLabel} - {!results.identical && results.Results?.length > 0 && ( + {!results.identical && comparisonRows.length > 0 && ( @@ -437,7 +429,7 @@ const Page = () => { - {results.Results.map((row, index) => ( + {comparisonRows.map((row, index) => ( ({ @@ -457,23 +449,17 @@ const Page = () => { )} - - }> - Source A Raw JSON — {results.sourceALabel} - - - - - - - - }> - Source B Raw JSON — {results.sourceBLabel} - - - - - + + + )} diff --git a/src/pages/endpoint/MEM/devices/index.js b/src/pages/endpoint/MEM/devices/index.js index e8e34e9338d5..087052560120 100644 --- a/src/pages/endpoint/MEM/devices/index.js +++ b/src/pages/endpoint/MEM/devices/index.js @@ -4,7 +4,8 @@ import { CippApiDialog } from "../../../../components/CippComponents/CippApiDial import { useSettings } from "../../../../hooks/use-settings"; import { useDialog } from "../../../../hooks/use-dialog.js"; import { EyeIcon } from "@heroicons/react/24/outline"; -import { Box, Button } from "@mui/material"; +import { Button } from "@mui/material"; +import { Stack } from "@mui/system"; import { Sync, RestartAlt, @@ -412,11 +413,11 @@ const Page = () => { offCanvas={offCanvas} simpleColumns={simpleColumns} cardButton={ - + - + } /> { const pageTitle = 'App Protection & Configuration Policies' const cardButtonPermissions = ['Endpoint.MEM.ReadWrite'] const tenant = useSettings().currentTenant + const reportDB = useCippReportDB({ + apiUrl: '/api/ListAppProtectionPolicies', + queryKey: 'ListAppProtectionPolicies', + cacheName: 'IntuneAppProtectionPolicies', + syncTitle: 'Sync App Protection Policies Report', + allowToggle: true, + defaultCached: false, + }) + const actions = useCippIntunePolicyActions(tenant, 'URLName', { templateData: { ID: 'id', @@ -31,6 +42,7 @@ const Page = () => { } const simpleColumns = [ + ...reportDB.cacheColumns, 'displayName', 'PolicyTypeName', 'PolicyAssignment', @@ -39,20 +51,27 @@ const Page = () => { ] return ( - - } - /> + <> + + + {reportDB.controls} + + } + /> + {reportDB.syncDialog} + ) } diff --git a/src/pages/endpoint/MEM/list-compliance-policies/index.js b/src/pages/endpoint/MEM/list-compliance-policies/index.js index b3394023c492..32574567a0ff 100644 --- a/src/pages/endpoint/MEM/list-compliance-policies/index.js +++ b/src/pages/endpoint/MEM/list-compliance-policies/index.js @@ -4,12 +4,23 @@ import { PermissionButton } from "../../../../utils/permissions.js"; import { CippPolicyDeployDrawer } from "../../../../components/CippComponents/CippPolicyDeployDrawer.jsx"; import { useSettings } from "../../../../hooks/use-settings.js"; import { useCippIntunePolicyActions } from "../../../../components/CippComponents/CippIntunePolicyActions.jsx"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; +import { Stack } from "@mui/system"; const Page = () => { const pageTitle = "Intune Compliance Policies"; const cardButtonPermissions = ["Endpoint.MEM.ReadWrite"]; const tenant = useSettings().currentTenant; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListCompliancePolicies", + queryKey: "ListCompliancePolicies", + cacheName: "IntuneCompliancePolicies", + syncTitle: "Sync Compliance Policies Report", + allowToggle: true, + defaultCached: false, + }); + const actions = useCippIntunePolicyActions(tenant, "deviceCompliancePolicies", { templateData: { ID: "id", @@ -29,6 +40,7 @@ const Page = () => { }; const simpleColumns = [ + ...reportDB.cacheColumns, "displayName", "PolicyTypeName", "PolicyAssignment", @@ -38,20 +50,27 @@ const Page = () => { ]; return ( - - } - /> + <> + + + {reportDB.controls} + + } + /> + {reportDB.syncDialog} + ); }; diff --git a/src/pages/endpoint/MEM/list-policies/index.js b/src/pages/endpoint/MEM/list-policies/index.js index dd241aa91016..22559f99097c 100644 --- a/src/pages/endpoint/MEM/list-policies/index.js +++ b/src/pages/endpoint/MEM/list-policies/index.js @@ -52,6 +52,7 @@ const Page = () => { 'lastModifiedDateTime', ] + return ( <> { const [codeContentChanged, setCodeContentChanged] = useState(false); const [warnOpen, setWarnOpen] = useState(false); const [currentScript, setCurrentScript] = useState(null); + const [scriptTenant, setScriptTenant] = useState(null); + + const tenantFilter = useSettings().currentTenant; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListIntuneScript", + queryKey: "ListIntuneScript", + cacheName: "IntuneScripts", + syncTitle: "Sync Intune Scripts Report", + allowToggle: true, + defaultCached: false, + }); const dispatch = useDispatch(); @@ -48,17 +60,16 @@ const Page = () => { : "powershell"; }, [currentScript?.scriptType]); - const tenantFilter = useSettings().currentTenant; const { isLoading: scriptIsLoading, isRefetching: scriptIsFetching, refetch: scriptRefetch, data, } = useQuery({ - queryKey: ["script", { scriptId }], + queryKey: ["script", { scriptId, scriptTenant }], queryFn: async () => { const response = await fetch( - `/api/EditIntuneScript?TenantFilter=${tenantFilter}&ScriptId=${scriptId}` + `/api/EditIntuneScript?TenantFilter=${scriptTenant || tenantFilter}&ScriptId=${scriptId}` ); return response.json(); }, @@ -79,6 +90,7 @@ const Page = () => { const handleScriptEdit = async (row, action) => { setScriptId(row.id); + setScriptTenant(row?.Tenant || tenantFilter); setCodeOpen(!codeOpen); }; @@ -94,6 +106,7 @@ const Page = () => { setCodeOpen(!codeOpen); setCodeContentChanged(false); setScriptId(null); + setScriptTenant(null); setCodeContent(""); } }; @@ -114,7 +127,7 @@ const Page = () => { scriptType, } = currentScript; const patchData = { - TenantFilter: tenantFilter, + TenantFilter: scriptTenant || tenantFilter, ScriptId: id, ScriptType: scriptType, IntuneScript: JSON.stringify({ @@ -197,7 +210,7 @@ const Page = () => { ], confirmText: 'Are you sure you want to assign "[displayName]" to all users?', customDataformatter: (row, action, formData) => ({ - tenantFilter: tenantFilter, + tenantFilter: tenantFilter === "AllTenants" && row?.Tenant ? row.Tenant : tenantFilter, ID: row?.id, Type: getScriptEndpoint(row?.scriptType), AssignTo: "allLicensedUsers", @@ -223,7 +236,7 @@ const Page = () => { ], confirmText: 'Are you sure you want to assign "[displayName]" to all devices?', customDataformatter: (row, action, formData) => ({ - tenantFilter: tenantFilter, + tenantFilter: tenantFilter === "AllTenants" && row?.Tenant ? row.Tenant : tenantFilter, ID: row?.id, Type: getScriptEndpoint(row?.scriptType), AssignTo: "AllDevices", @@ -249,7 +262,7 @@ const Page = () => { ], confirmText: 'Are you sure you want to assign "[displayName]" to all users and devices?', customDataformatter: (row, action, formData) => ({ - tenantFilter: tenantFilter, + tenantFilter: tenantFilter === "AllTenants" && row?.Tenant ? row.Tenant : tenantFilter, ID: row?.id, Type: getScriptEndpoint(row?.scriptType), AssignTo: "AllDevicesAndUsers", @@ -305,7 +318,7 @@ const Page = () => { customDataformatter: (row, action, formData) => { const selectedGroups = Array.isArray(formData?.groupTargets) ? formData.groupTargets : []; return { - tenantFilter: tenantFilter, + tenantFilter: tenantFilter === "AllTenants" && row?.Tenant ? row.Tenant : tenantFilter, ID: row?.id, Type: getScriptEndpoint(row?.scriptType), GroupIds: selectedGroups.map((group) => group.value).filter(Boolean), @@ -354,6 +367,7 @@ const Page = () => { }; const simpleColumns = [ + ...reportDB.cacheColumns, "scriptType", "displayName", "ScriptAssignment", @@ -367,10 +381,12 @@ const Page = () => { <> @@ -427,6 +443,7 @@ const Page = () => { setWarnOpen(false); setCodeContent(""); setScriptId(null); + setScriptTenant(null); setCodeContentChanged(false); }} > @@ -434,9 +451,10 @@ const Page = () => { + {reportDB.syncDialog} ); }; -Page.getLayout = (page) => {page}; +Page.getLayout = (page) => {page}; export default Page; diff --git a/src/pages/endpoint/MEM/list-templates/index.js b/src/pages/endpoint/MEM/list-templates/index.js index fcfc8aa81e5a..c1c81670d8b7 100644 --- a/src/pages/endpoint/MEM/list-templates/index.js +++ b/src/pages/endpoint/MEM/list-templates/index.js @@ -1,161 +1,251 @@ -import { Layout as DashboardLayout } from "../../../../layouts/index.js"; -import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; -import { PencilIcon, TrashIcon } from "@heroicons/react/24/outline"; -import { Edit, GitHub, LocalOffer, LocalOfferOutlined, CopyAll } from "@mui/icons-material"; -import CippJsonView from "../../../../components/CippFormPages/CippJSONView"; -import { ApiGetCall } from "../../../../api/ApiCall"; -import { CippPolicyImportDrawer } from "../../../../components/CippComponents/CippPolicyImportDrawer.jsx"; -import { PermissionButton } from "../../../../utils/permissions.js"; +import { Layout as DashboardLayout } from '../../../../layouts/index.js' +import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' +import { PencilIcon, TrashIcon } from '@heroicons/react/24/outline' +import { Edit, GitHub, LocalOffer, LocalOfferOutlined, CopyAll } from '@mui/icons-material' +import CippJsonView from '../../../../components/CippFormPages/CippJSONView' +import { ApiGetCall } from '../../../../api/ApiCall' +import { CippPolicyImportDrawer } from '../../../../components/CippComponents/CippPolicyImportDrawer.jsx' +import { PermissionButton } from '../../../../utils/permissions.js' +import { + Box, + Chip, + Link, + Stack, + Table, + TableBody, + TableCell, + TableHead, + TableRow, + Tooltip, + Typography, +} from '@mui/material' +import NextLink from 'next/link' const Page = () => { - const pageTitle = "Available Endpoint Manager Templates"; - const cardButtonPermissions = ["Endpoint.MEM.ReadWrite"]; + const pageTitle = 'Available Endpoint Manager Templates' + const cardButtonPermissions = ['Endpoint.MEM.ReadWrite'] const integrations = ApiGetCall({ - url: "/api/ListExtensionsConfig", - queryKey: "Integrations", + url: '/api/ListExtensionsConfig', + queryKey: 'Integrations', refetchOnMount: false, refetchOnReconnect: false, - }); + }) const actions = [ { - label: "Edit Template", + label: 'Edit Template', link: `/endpoint/MEM/list-templates/edit?id=[GUID]`, icon: , - color: "info", + color: 'info', condition: (row) => row.isSynced === false, }, { - label: "Edit Template Name and Description", - type: "POST", - url: "/api/ExecEditTemplate", + label: 'Edit Template Name and Description', + type: 'POST', + url: '/api/ExecEditTemplate', fields: [ { - type: "textField", - name: "displayName", - label: "Display Name", + type: 'textField', + name: 'displayName', + label: 'Display Name', }, { - type: "textField", - name: "description", - label: "Description", + type: 'textField', + name: 'description', + label: 'Description', }, ], - data: { GUID: "GUID", Type: "!IntuneTemplate" }, + data: { GUID: 'GUID', Type: '!IntuneTemplate' }, defaultvalues: (row) => ({ displayName: row.displayName, description: row.description, }), confirmText: - "Enter the new name and description for the template. Warning: This will disconnect the template from a template library if applied.", + 'Enter the new name and description for the template. Warning: This will disconnect the template from a template library if applied.', multiPost: false, icon: , - color: "info", + color: 'info', }, { - label: "Clone Template", - type: "POST", - url: "/api/ExecCloneTemplate", - data: { GUID: "GUID", Type: "!IntuneTemplate" }, + label: 'Clone Template', + type: 'POST', + url: '/api/ExecCloneTemplate', + data: { GUID: 'GUID', Type: '!IntuneTemplate' }, confirmText: - "Are you sure you want to clone [displayName]? Cloned template are no longer synced with a template library.", + 'Are you sure you want to clone [displayName]? Cloned template are no longer synced with a template library.', multiPost: false, icon: , - color: "info", + color: 'info', }, { - label: "Add to package", - type: "POST", - url: "/api/ExecSetPackageTag", - data: { GUID: "GUID" }, + label: 'Add to package', + type: 'POST', + url: '/api/ExecSetPackageTag', + data: { GUID: 'GUID' }, fields: [ { - type: "textField", - name: "Package", - label: "Package Name", + type: 'textField', + name: 'Package', + label: 'Package Name', required: true, validators: { - required: { value: true, message: "Package name is required" }, + required: { value: true, message: 'Package name is required' }, }, }, ], - confirmText: "Enter the package name to assign to the selected template(s).", + confirmText: 'Enter the package name to assign to the selected template(s).', multiPost: true, icon: , - color: "info", + color: 'info', }, { - label: "Remove from package", - type: "POST", - url: "/api/ExecSetPackageTag", - data: { GUID: "GUID", Remove: true }, - confirmText: "Are you sure you want to remove the selected template(s) from their package?", + label: 'Remove from package', + type: 'POST', + url: '/api/ExecSetPackageTag', + data: { GUID: 'GUID', Remove: true }, + confirmText: 'Are you sure you want to remove the selected template(s) from their package?', multiPost: true, icon: , - color: "warning", + color: 'warning', }, { - label: "Save to GitHub", - type: "POST", - url: "/api/ExecCommunityRepo", + label: 'Save to GitHub', + type: 'POST', + url: '/api/ExecCommunityRepo', icon: , data: { - Action: "UploadTemplate", - GUID: "GUID", + Action: 'UploadTemplate', + GUID: 'GUID', }, fields: [ { - label: "Repository", - name: "FullName", - type: "select", + label: 'Repository', + name: 'FullName', + type: 'select', api: { - url: "/api/ListCommunityRepos", + url: '/api/ListCommunityRepos', data: { WriteAccess: true, }, - queryKey: "CommunityRepos-Write", - dataKey: "Results", - valueField: "FullName", - labelField: "FullName", + queryKey: 'CommunityRepos-Write', + dataKey: 'Results', + valueField: 'FullName', + labelField: 'FullName', }, multiple: false, creatable: false, required: true, validators: { - required: { value: true, message: "This field is required" }, + required: { value: true, message: 'This field is required' }, }, }, { - label: "Commit Message", - placeholder: "Enter a commit message for adding this file to GitHub", - name: "Message", - type: "textField", + label: 'Commit Message', + placeholder: 'Enter a commit message for adding this file to GitHub', + name: 'Message', + type: 'textField', multiline: true, required: true, rows: 4, }, ], - confirmText: "Are you sure you want to save this template to the selected repository?", + confirmText: 'Are you sure you want to save this template to the selected repository?', condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, }, { - label: "Delete Template", - type: "POST", - url: "/api/RemoveIntuneTemplate", - data: { ID: "GUID" }, - confirmText: "Do you want to delete the template?", + label: 'Delete Template', + type: 'POST', + url: '/api/RemoveIntuneTemplate', + data: { ID: 'GUID' }, + confirmText: 'Do you want to delete the template?', multiPost: false, icon: , - color: "danger", + color: 'danger', }, - ]; + ] const offCanvas = { - children: (row) => , - size: "lg", - }; + children: (row) => ( + + {Array.isArray(row.usage) && row.usage.length > 0 && ( + + + Used in Standards Templates + +
    + + + Template Name + Included In + + + + {row.usage.map((u, i) => ( + + + + {u.templateName ?? u.templateId} + + + + {u.matchType === 'package' ? ( + + } + /> + + ) : ( + + + + )} + + + ))} + +
    + + )} + + + ), + size: 'lg', + } - const simpleColumns = ["displayName", "isSynced", "package", "description", "Type"]; + const simpleColumns = ['displayName', 'isSynced', 'package', 'description', 'Type', 'usage'] + + const filterList = [ + { + filterName: 'Synced Templates', + value: [{ id: 'isSynced', value: 'Yes' }], + type: 'column', + }, + { + filterName: 'Custom Templates', + value: [{ id: 'isSynced', value: 'No' }], + type: 'column', + }, + ] return ( <> @@ -166,6 +256,7 @@ const Page = () => { actions={actions} offCanvas={offCanvas} simpleColumns={simpleColumns} + filters={filterList} queryKey="ListIntuneTemplates-table" cardButton={ { } /> - ); -}; + ) +} -Page.getLayout = (page) => {page}; -export default Page; +Page.getLayout = (page) => {page} +export default Page diff --git a/src/pages/endpoint/MEM/reusable-settings/index.js b/src/pages/endpoint/MEM/reusable-settings/index.js index c301082ea1f0..75219f0d4136 100644 --- a/src/pages/endpoint/MEM/reusable-settings/index.js +++ b/src/pages/endpoint/MEM/reusable-settings/index.js @@ -4,15 +4,29 @@ import { CippTablePage } from "../../../../components/CippComponents/CippTablePa import { Layout as DashboardLayout } from "../../../../layouts/index.js"; import { useSettings } from "../../../../hooks/use-settings"; import CippJsonView from "../../../../components/CippFormPages/CippJSONView"; +import { Stack } from "@mui/system"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; const Page = () => { const { currentTenant } = useSettings(); const pageTitle = "Reusable Settings"; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListIntuneReusableSettings", + queryKey: "ListIntuneReusableSettings", + cacheName: "IntuneReusableSettings", + syncTitle: "Sync Reusable Settings Report", + allowToggle: true, + defaultCached: false, + }); + const isAllTenants = reportDB.isAllTenants; + const actions = [ { label: "Edit Reusable Setting", - link: `/endpoint/MEM/reusable-settings/edit?id=[id]&tenant=${currentTenant}&tenantFilter=${currentTenant}`, + link: isAllTenants + ? "/endpoint/MEM/reusable-settings/edit?id=[id]&tenant=[Tenant]&tenantFilter=[Tenant]" + : `/endpoint/MEM/reusable-settings/edit?id=[id]&tenant=${currentTenant}&tenantFilter=${currentTenant}`, }, { label: "Delete Reusable Setting", @@ -47,18 +61,32 @@ const Page = () => { size: "lg", }; + const simpleColumns = [ + ...reportDB.cacheColumns, + "displayName", + "description", + "id", + "version", + ]; + return ( - - } - apiUrl="/api/ListIntuneReusableSettings" - queryKey={`ListIntuneReusableSettings-${currentTenant}`} - actions={actions} - offCanvas={offCanvas} - simpleColumns={["displayName", "description", "id", "version"]} - /> + <> + + + {reportDB.controls} + + } + apiUrl={reportDB.resolvedApiUrl} + queryKey={reportDB.resolvedQueryKey} + actions={actions} + offCanvas={offCanvas} + simpleColumns={simpleColumns} + /> + {reportDB.syncDialog} + ); }; diff --git a/src/pages/endpoint/applications/list/index.js b/src/pages/endpoint/applications/list/index.js index 41671638cfce..fec79a4cf7f9 100644 --- a/src/pages/endpoint/applications/list/index.js +++ b/src/pages/endpoint/applications/list/index.js @@ -4,9 +4,11 @@ import { CippApiDialog } from "../../../../components/CippComponents/CippApiDial import { GlobeAltIcon, TrashIcon, UserIcon, UserGroupIcon } from "@heroicons/react/24/outline"; import { LaptopMac, Sync, BookmarkAdd } from "@mui/icons-material"; import { CippApplicationDeployDrawer } from "../../../../components/CippComponents/CippApplicationDeployDrawer"; -import { Button, Box } from "@mui/material"; +import { Button } from "@mui/material"; +import { Stack } from "@mui/system"; import { useSettings } from "../../../../hooks/use-settings.js"; import { useDialog } from "../../../../hooks/use-dialog.js"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; const assignmentIntentOptions = [ { label: "Required", value: "Required" }, @@ -44,9 +46,18 @@ const mapOdataToAppType = (odataType) => { const Page = () => { const pageTitle = "Applications"; - const syncDialog = useDialog(); + const vppSyncDialog = useDialog(); const tenant = useSettings().currentTenant; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListApps", + queryKey: "ListApps", + cacheName: "IntuneApplications", + syncTitle: "Sync Intune Applications Report", + allowToggle: true, + defaultCached: false, + }); + const getAssignmentFilterFields = () => [ { type: "autoComplete", @@ -291,6 +302,7 @@ const Page = () => { }; const simpleColumns = [ + ...reportDB.cacheColumns, "displayName", "AppAssignment", "AppExclude", @@ -303,22 +315,24 @@ const Page = () => { <> + - - + {reportDB.controls} + } /> { confirmText: `Are you sure you want to sync Apple Volume Purchase Program (VPP) tokens? This will sync all VPP tokens for ${tenant}.`, }} /> + {reportDB.syncDialog} ); }; -Page.getLayout = (page) => {page}; +Page.getLayout = (page) => {page}; export default Page; diff --git a/src/pages/endpoint/applications/templates/index.js b/src/pages/endpoint/applications/templates/index.js index 6c4a0eb53285..b4a2a2bd1e28 100644 --- a/src/pages/endpoint/applications/templates/index.js +++ b/src/pages/endpoint/applications/templates/index.js @@ -1,122 +1,127 @@ -import { useState } from "react"; -import { Layout as DashboardLayout } from "../../../../layouts/index.js"; -import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; -import { TrashIcon } from "@heroicons/react/24/outline"; -import { Edit, RocketLaunch } from "@mui/icons-material"; -import { CippAppTemplateDrawer } from "../../../../components/CippComponents/CippAppTemplateDrawer"; -import CippJsonView from "../../../../components/CippFormPages/CippJSONView"; -import { Box } from "@mui/material"; -import { ApiGetCall } from "../../../../api/ApiCall"; -import { GitHub } from "@mui/icons-material"; +import { useState } from 'react' +import { Layout as DashboardLayout } from '../../../../layouts/index.js' +import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' +import { TrashIcon } from '@heroicons/react/24/outline' +import { Edit, RocketLaunch } from '@mui/icons-material' +import { CippAppTemplateDrawer } from '../../../../components/CippComponents/CippAppTemplateDrawer' +import CippJsonView from '../../../../components/CippFormPages/CippJSONView' +import { Box } from '@mui/material' +import { ApiGetCall } from '../../../../api/ApiCall' +import { GitHub } from '@mui/icons-material' const Page = () => { - const pageTitle = "Application Templates"; - const [editDrawerOpen, setEditDrawerOpen] = useState(false); - const [editTemplate, setEditTemplate] = useState(null); + const pageTitle = 'Application Templates' + const [editDrawerOpen, setEditDrawerOpen] = useState(false) + const [editTemplate, setEditTemplate] = useState(null) const integrations = ApiGetCall({ - url: "/api/ListExtensionsConfig", - queryKey: "Integrations", + url: '/api/ListExtensionsConfig', + queryKey: 'Integrations', refetchOnMount: false, refetchOnReconnect: false, - }); + }) const actions = [ { - label: "Edit Template", + label: 'Edit Template', icon: , - color: "info", + color: 'info', noConfirm: true, customFunction: (row) => { - setEditTemplate({ ...row }); - setEditDrawerOpen(true); + setEditTemplate({ ...row }) + setEditDrawerOpen(true) }, }, { - label: "Save to GitHub", - type: "POST", - url: "/api/ExecCommunityRepo", + label: 'Save to GitHub', + type: 'POST', + url: '/api/ExecCommunityRepo', icon: , data: { - Action: "UploadTemplate", - GUID: "GUID", + Action: 'UploadTemplate', + GUID: 'GUID', }, fields: [ { - label: "Repository", - name: "FullName", - type: "select", + label: 'Repository', + name: 'FullName', + type: 'select', api: { - url: "/api/ListCommunityRepos", + url: '/api/ListCommunityRepos', data: { WriteAccess: true, }, - queryKey: "CommunityRepos-Write", - dataKey: "Results", - valueField: "FullName", - labelField: "FullName", + queryKey: 'CommunityRepos-Write', + dataKey: 'Results', + valueField: 'FullName', + labelField: 'FullName', }, multiple: false, creatable: false, required: true, validators: { - required: { value: true, message: "This field is required" }, + required: { value: true, message: 'This field is required' }, }, }, { - label: "Commit Message", - placeholder: "Enter a commit message for adding this file to GitHub", - name: "Message", - type: "textField", + label: 'Commit Message', + placeholder: 'Enter a commit message for adding this file to GitHub', + name: 'Message', + type: 'textField', multiline: true, required: true, rows: 4, }, ], - confirmText: "Are you sure you want to save this template to the selected repository?", + confirmText: 'Are you sure you want to save this template to the selected repository?', condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, }, { - label: "Deploy Template", - type: "POST", - url: "/api/ExecDeployAppTemplate", + label: 'Deploy Template', + type: 'POST', + url: '/api/ExecDeployAppTemplate', icon: , - color: "info", + color: 'info', fields: [ { - type: "autoComplete", - name: "selectedTenants", - label: "Select Tenants", + type: 'autoComplete', + name: 'selectedTenants', + label: 'Select Tenants', multiple: true, creatable: false, api: { - url: "/api/ListTenants?AllTenantSelector=true", - queryKey: "ListTenants-AppTemplateDeploy", + url: '/api/ListTenants?AllTenantSelector=true', + queryKey: 'ListTenants-AppTemplateDeploy', labelField: (tenant) => `${tenant.displayName} (${tenant.defaultDomainName})`, - valueField: "defaultDomainName", + valueField: 'defaultDomainName', addedField: { - customerId: "customerId", - defaultDomainName: "defaultDomainName", + customerId: 'customerId', + defaultDomainName: 'defaultDomainName', }, }, - validators: { required: "Please select at least one tenant" }, + validators: { required: 'Please select at least one tenant' }, }, { - type: "radio", - name: "AssignTo", - label: "Override Assignment (optional)", + type: 'radio', + name: 'AssignTo', + label: 'Override Assignment (optional)', options: [ - { label: "Keep template assignment", value: "" }, - { label: "Do not assign", value: "On" }, - { label: "Assign to all users", value: "allLicensedUsers" }, - { label: "Assign to all devices", value: "AllDevices" }, - { label: "Assign to all users and devices", value: "AllDevicesAndUsers" }, - { label: "Assign to Custom Group", value: "customGroup" }, + { label: 'Keep template assignment', value: '' }, + { label: 'Do not assign', value: 'On' }, + { label: 'Assign to all users', value: 'allLicensedUsers' }, + { label: 'Assign to all devices', value: 'AllDevices' }, + { label: 'Assign to all users and devices', value: 'AllDevicesAndUsers' }, + { label: 'Assign to Custom Group', value: 'customGroup' }, ], }, { - type: "textField", - name: "customGroup", - label: "Custom Group Names (comma separated, wildcards allowed)", + type: 'textField', + name: 'customGroup', + label: 'Custom Group Names (comma separated, wildcards allowed)', + }, + { + type: 'textField', + name: 'excludeGroup', + label: 'Exclude Group Names (comma separated, wildcards allowed)', }, ], customDataformatter: (row, action, formData) => ({ @@ -125,26 +130,27 @@ const Page = () => { defaultDomainName: t.value, customerId: t.addedFields?.customerId, })), - AssignTo: formData?.AssignTo || "", - customGroup: formData?.customGroup || "", + AssignTo: formData?.AssignTo || '', + customGroup: formData?.customGroup || '', + excludeGroup: formData?.excludeGroup || '', }), confirmText: 'Deploy "[displayName]" ([appCount] apps) to the selected tenants?', }, { - label: "Delete Template", - type: "POST", - url: "/api/RemoveAppTemplate", - data: { ID: "GUID" }, + label: 'Delete Template', + type: 'POST', + url: '/api/RemoveAppTemplate', + data: { ID: 'GUID' }, confirmText: 'Delete the template "[displayName]"?', icon: , - color: "danger", + color: 'danger', }, - ]; + ] const offCanvas = { children: (row) => , - size: "lg", - }; + size: 'lg', + } return ( <> @@ -154,10 +160,10 @@ const Page = () => { apiUrl="/api/ListAppTemplates" actions={actions} offCanvas={offCanvas} - simpleColumns={["displayName", "description", "appCount", "appTypes", "appNames"]} + simpleColumns={['displayName', 'description', 'appCount', 'appTypes', 'appNames']} queryKey="ListAppTemplates" cardButton={ - + } @@ -166,13 +172,13 @@ const Page = () => { editData={editTemplate} open={editDrawerOpen} onClose={() => { - setEditDrawerOpen(false); - setEditTemplate(null); + setEditDrawerOpen(false) + setEditTemplate(null) }} /> - ); -}; + ) +} -Page.getLayout = (page) => {page}; -export default Page; +Page.getLayout = (page) => {page} +export default Page diff --git a/src/pages/identity/administration/jit-admin-templates/add.jsx b/src/pages/identity/administration/jit-admin-templates/add.jsx index 986e7ea378d1..0a57a8b33882 100644 --- a/src/pages/identity/administration/jit-admin-templates/add.jsx +++ b/src/pages/identity/administration/jit-admin-templates/add.jsx @@ -9,6 +9,7 @@ import { CippFormDomainSelector } from "../../../../components/CippComponents/Ci import { CippFormUserSelector } from "../../../../components/CippComponents/CippFormUserSelector"; import { CippFormGroupSelector } from "../../../../components/CippComponents/CippFormGroupSelector"; import gdaproles from "../../../../data/GDAPRoles.json"; +import countryList from "../../../../data/countryList.json"; import { useSettings } from "../../../../hooks/use-settings"; import { useEffect } from "react"; @@ -352,6 +353,19 @@ const Page = () => { /> )} + + ({ + label: Name, + value: Code, + }))} + formControl={formControl} + /> + { /> )} + + ({ + label: Name, + value: Code, + }))} + formControl={formControl} + /> + { const watcher = useWatch({ control: formControl.control }); const useTAP = useWatch({ control: formControl.control, name: "UseTAP" }); + const startDate = useWatch({ control: formControl.control, name: "startDate" }); + const endDate = useWatch({ control: formControl.control, name: "endDate" }); + const tapLifetimeInMinutes = useWatch({ + control: formControl.control, + name: "tapLifetimeInMinutes", + }); const tapPolicy = ApiGetCall({ url: selectedTenant @@ -46,6 +53,22 @@ const Page = () => { const useRoles = useWatch({ control: formControl.control, name: "useRoles" }); const useGroups = useWatch({ control: formControl.control, name: "useGroups" }); + useEffect(() => { + if (!useTAP || !startDate || !endDate) { + formControl.setValue("tapLifetimeInMinutes", null); + return; + } + + const requestedMinutes = Math.max(1, Math.round((endDate - startDate) / 60)); + const tapPolicyConfig = tapPolicy.data?.Results?.[0]; + const policyMax = tapPolicyConfig?.maximumLifetimeInMinutes ?? 1440; + const policyMin = Math.min(tapPolicyConfig?.minimumLifetimeInMinutes ?? 1, policyMax); + formControl.setValue( + "tapLifetimeInMinutes", + Math.min(Math.max(requestedMinutes, policyMin), policyMax) + ); + }, [useTAP, startDate, endDate, tapPolicy.data, formControl]); + // Clear fields when switches are toggled off useEffect(() => { if (!useRoles) { @@ -205,6 +228,9 @@ const Page = () => { if (template.defaultExistingUser) { formControl.setValue("existingUser", template.defaultExistingUser, { shouldDirty: true }); } + if (template.defaultUsageLocation) { + formControl.setValue("usageLocation", template.defaultUsageLocation, { shouldDirty: true }); + } // Dates if (template.defaultDuration) { @@ -343,6 +369,19 @@ const Page = () => { validators={{ required: "Domain is required" }} /> + + ({ + label: Name, + value: Code, + }))} + formControl={formControl} + /> + @@ -484,6 +523,11 @@ const Page = () => { /> + { TAP is not enabled in this tenant. TAP generation will fail. )} + {useTAP && tapLifetimeInMinutes && ( + + TAP will be valid for {tapLifetimeInMinutes} minutes. + + )} { // Get unique tenant domains from users const tenantDomains = [...new Set(users?.map((user) => user.Tenant || user.tenantFilter).filter(Boolean))] || [] + const firstTenantDomain = tenantDomains[0] + const hasManagerSelected = selectedProperties.includes('manager') + const hasSponsorSelected = selectedProperties.includes('sponsor') + const hasRelationshipSelected = hasManagerSelected || hasSponsorSelected + + useEffect(() => { + if (!hasRelationshipSelected || !firstTenantDomain) { + return + } + + const currentTenantFilter = formControl.getValues('tenantFilter') + if (currentTenantFilter?.value !== firstTenantDomain) { + formControl.setValue('tenantFilter', { value: firstTenantDomain }) + } + }, [firstTenantDomain, formControl, hasRelationshipSelected]) // Fetch custom data mappings for all tenants const customDataMappings = ApiGetCall({ @@ -248,6 +275,21 @@ const PropertySelectionStep = (props) => { ) } + if (property?.type === 'userSelector') { + return ( + + ) + } + // Default to text input for string types with consistent styling return ( { Properties to update + {hasRelationshipSelected && tenantDomains.length > 1 && ( + + The user picker is scoped to {firstTenantDomain}. Cross-tenant manager or sponsor + assignment is not supported, so the selected user must exist in each target tenant. + + )} {selectedProperties.map(renderPropertyInput)} @@ -455,7 +503,14 @@ const ConfirmationStep = (props) => { } selectedProperties.forEach((propName) => { - if (propertyValues[propName] !== undefined && propertyValues[propName] !== '') { + const propertyValue = propertyValues[propName] + + if (propertyValue !== undefined && propertyValue !== '' && propertyValue !== null) { + if (propName === 'manager' || propName === 'sponsor') { + if (propertyValue?.value) userData[propName] = propertyValue.value + return + } + // Handle dot notation properties (e.g., "extension_abc123.customField") if (propName.includes('.')) { const parts = propName.split('.') @@ -470,10 +525,10 @@ const ConfirmationStep = (props) => { } // Set the final property value - current[parts[parts.length - 1]] = propertyValues[propName] + current[parts[parts.length - 1]] = propertyValue } else { // Handle regular properties - userData[propName] = propertyValues[propName] + userData[propName] = propertyValue } } }) @@ -522,8 +577,13 @@ const ConfirmationStep = (props) => { {selectedProperties.map((propName) => { const property = allProperties.find((p) => p.property === propName) const value = propertyValues[propName] - const displayValue = - property?.type === 'boolean' ? (value ? 'Yes' : 'No') : value || 'Not set' + let displayValue = value || 'Not set' + + if (propName === 'manager' || propName === 'sponsor') { + displayValue = value?.label || value?.value || 'Not set' + } else if (property?.type === 'boolean') { + displayValue = value ? 'Yes' : 'No' + } return ( diff --git a/src/pages/identity/administration/users/user/exchange.jsx b/src/pages/identity/administration/users/user/exchange.jsx index 1d01f699c5a7..1336a740612d 100644 --- a/src/pages/identity/administration/users/user/exchange.jsx +++ b/src/pages/identity/administration/users/user/exchange.jsx @@ -947,13 +947,15 @@ const Page = () => { icon: , url: "/api/ExecSetMailboxRule", customDataformatter: (row, action, formData) => { - return { - ruleId: row?.Identity, + const rows = Array.isArray(row) ? row : [row]; + const result = rows.map((r) => ({ + ruleId: r?.Identity, userPrincipalName: graphUserRequest.data?.[0]?.userPrincipalName, - ruleName: row?.Name, + ruleName: r?.Name, Enable: true, tenantFilter: userSettingsDefaults.currentTenant, - }; + })); + return Array.isArray(row) ? result : result[0]; }, condition: (row) => row && !row.Enabled, confirmText: "Are you sure you want to enable this mailbox rule?", @@ -965,13 +967,15 @@ const Page = () => { icon: , url: "/api/ExecSetMailboxRule", customDataformatter: (row, action, formData) => { - return { - ruleId: row?.Identity, + const rows = Array.isArray(row) ? row : [row]; + const result = rows.map((r) => ({ + ruleId: r?.Identity, userPrincipalName: graphUserRequest.data?.[0]?.userPrincipalName, - ruleName: row?.Name, + ruleName: r?.Name, Disable: true, tenantFilter: userSettingsDefaults.currentTenant, - }; + })); + return Array.isArray(row) ? result : result[0]; }, condition: (row) => row && row.Enabled, confirmText: "Are you sure you want to disable this mailbox rule?", @@ -983,12 +987,14 @@ const Page = () => { icon: , url: "/api/ExecRemoveMailboxRule", customDataformatter: (row, action, formData) => { - return { - ruleId: row?.Identity, - ruleName: row?.Name, + const rows = Array.isArray(row) ? row : [row]; + const result = rows.map((r) => ({ + ruleId: r?.Identity, + ruleName: r?.Name, userPrincipalName: graphUserRequest.data?.[0]?.userPrincipalName, tenantFilter: userSettingsDefaults.currentTenant, - }; + })); + return Array.isArray(row) ? result : result[0]; }, confirmText: "Are you sure you want to remove this mailbox rule?", multiPost: false, diff --git a/src/pages/security/compliance/dlp-templates/index.js b/src/pages/security/compliance/dlp-templates/index.js new file mode 100644 index 000000000000..99e949f700d1 --- /dev/null +++ b/src/pages/security/compliance/dlp-templates/index.js @@ -0,0 +1,108 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { GitHub } from "@mui/icons-material"; +import { ApiGetCall } from "../../../../api/ApiCall"; +import { CippPolicyImportDrawer } from "../../../../components/CippComponents/CippPolicyImportDrawer.jsx"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "DLP Compliance Policy Templates"; + const cardButtonPermissions = ["Security.DlpCompliancePolicy.ReadWrite"]; + + const integrations = ApiGetCall({ + url: "/api/ListExtensionsConfig", + queryKey: "Integrations", + refetchOnMount: false, + refetchOnReconnect: false, + }); + + const actions = [ + { + label: "Save to GitHub", + type: "POST", + url: "/api/ExecCommunityRepo", + icon: , + data: { + Action: "UploadTemplate", + GUID: "GUID", + }, + fields: [ + { + label: "Repository", + name: "FullName", + type: "select", + api: { + url: "/api/ListCommunityRepos", + data: { WriteAccess: true }, + queryKey: "CommunityRepos-Write", + dataKey: "Results", + valueField: "FullName", + labelField: "FullName", + }, + multiple: false, + creatable: false, + required: true, + validators: { required: { value: true, message: "This field is required" } }, + }, + { + label: "Commit Message", + placeholder: "Enter a commit message for adding this file to GitHub", + name: "Message", + type: "textField", + multiline: true, + required: true, + rows: 4, + }, + ], + confirmText: "Are you sure you want to save this template to the selected repository?", + condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, + }, + { + label: "Delete Template", + type: "POST", + url: "/api/RemoveDlpCompliancePolicyTemplate", + data: { ID: "GUID" }, + confirmText: "Do you want to delete the template?", + icon: , + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: ["name", "comments", "Mode", "Workload", "Enabled", "GUID"], + actions: actions, + }; + + const simpleColumns = ["name", "comments", "Mode", "Workload", "Enabled", "GUID"]; + + return ( + + + + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/dlp/index.js b/src/pages/security/compliance/dlp/index.js new file mode 100644 index 000000000000..750cfe6ade53 --- /dev/null +++ b/src/pages/security/compliance/dlp/index.js @@ -0,0 +1,112 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { Book, Block, Check } from "@mui/icons-material"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "DLP Compliance Policies"; + const apiUrl = "/api/ListDlpCompliancePolicy"; + const cardButtonPermissions = ["Security.DlpCompliancePolicy.ReadWrite"]; + + const actions = [ + { + label: "Create template based on policy", + type: "POST", + icon: , + url: "/api/AddDlpCompliancePolicyTemplate", + dataFunction: (data) => { + return { ...data }; + }, + confirmText: "Are you sure you want to create a template based on this DLP policy?", + }, + { + label: "Enable Policy", + type: "POST", + icon: , + url: "/api/EditDlpCompliancePolicy", + data: { + State: "!enable", + Identity: "Name", + }, + confirmText: "Are you sure you want to enable this DLP policy?", + condition: (row) => row.Enabled === false, + }, + { + label: "Disable Policy", + type: "POST", + icon: , + url: "/api/EditDlpCompliancePolicy", + data: { + State: "!disable", + Identity: "Name", + }, + confirmText: "Are you sure you want to disable this DLP policy?", + condition: (row) => row.Enabled === true, + }, + { + label: "Delete Policy", + type: "POST", + icon: , + url: "/api/RemoveDlpCompliancePolicy", + data: { + Identity: "Name", + }, + confirmText: "Are you sure you want to delete this DLP policy?", + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: [ + "Name", + "Comment", + "Mode", + "Enabled", + "Workload", + "ExchangeLocation", + "SharePointLocation", + "OneDriveLocation", + "TeamsLocation", + "EndpointDlpLocation", + "RuleCount", + "CreatedBy", + "WhenCreatedUTC", + "WhenChangedUTC", + ], + actions: actions, + }; + + const simpleColumns = [ + "Name", + "Mode", + "Enabled", + "Workload", + "RuleCount", + "CreatedBy", + "WhenCreatedUTC", + "WhenChangedUTC", + ]; + + return ( + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/labels-templates/index.js b/src/pages/security/compliance/labels-templates/index.js new file mode 100644 index 000000000000..78477f7735b5 --- /dev/null +++ b/src/pages/security/compliance/labels-templates/index.js @@ -0,0 +1,115 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { GitHub } from "@mui/icons-material"; +import { ApiGetCall } from "../../../../api/ApiCall"; +import { CippPolicyImportDrawer } from "../../../../components/CippComponents/CippPolicyImportDrawer.jsx"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "Sensitivity Label Templates"; + const cardButtonPermissions = ["Security.SensitivityLabel.ReadWrite"]; + + const integrations = ApiGetCall({ + url: "/api/ListExtensionsConfig", + queryKey: "Integrations", + refetchOnMount: false, + refetchOnReconnect: false, + }); + + const actions = [ + { + label: "Save to GitHub", + type: "POST", + url: "/api/ExecCommunityRepo", + icon: , + data: { + Action: "UploadTemplate", + GUID: "GUID", + }, + fields: [ + { + label: "Repository", + name: "FullName", + type: "select", + api: { + url: "/api/ListCommunityRepos", + data: { WriteAccess: true }, + queryKey: "CommunityRepos-Write", + dataKey: "Results", + valueField: "FullName", + labelField: "FullName", + }, + multiple: false, + creatable: false, + required: true, + validators: { required: { value: true, message: "This field is required" } }, + }, + { + label: "Commit Message", + placeholder: "Enter a commit message for adding this file to GitHub", + name: "Message", + type: "textField", + multiline: true, + required: true, + rows: 4, + }, + ], + confirmText: "Are you sure you want to save this template to the selected repository?", + condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, + }, + { + label: "Delete Template", + type: "POST", + url: "/api/RemoveSensitivityLabelTemplate", + data: { ID: "GUID" }, + confirmText: "Do you want to delete the template?", + icon: , + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: [ + "name", + "DisplayName", + "comments", + "ContentType", + "EncryptionEnabled", + "GUID", + ], + actions: actions, + }; + + const simpleColumns = ["name", "DisplayName", "comments", "ContentType", "EncryptionEnabled", "GUID"]; + + return ( + + + + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/labels/index.js b/src/pages/security/compliance/labels/index.js new file mode 100644 index 000000000000..e35ff5942b0f --- /dev/null +++ b/src/pages/security/compliance/labels/index.js @@ -0,0 +1,91 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { Book } from "@mui/icons-material"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "Sensitivity Labels"; + const apiUrl = "/api/ListSensitivityLabel"; + const cardButtonPermissions = ["Security.SensitivityLabel.ReadWrite"]; + + const actions = [ + { + label: "Create template based on label", + type: "POST", + icon: , + url: "/api/AddSensitivityLabelTemplate", + dataFunction: (data) => { + return { ...data }; + }, + confirmText: "Are you sure you want to create a template based on this sensitivity label?", + }, + { + label: "Delete Label", + type: "POST", + icon: , + url: "/api/RemoveSensitivityLabel", + data: { + Identity: "Guid", + }, + confirmText: + "Are you sure you want to delete this sensitivity label? Labels currently published to users will be removed from policies.", + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: [ + "DisplayName", + "Name", + "Comment", + "Tooltip", + "ParentId", + "ContentType", + "EncryptionEnabled", + "EncryptionProtectionType", + "ContentMarkingHeaderEnabled", + "ContentMarkingFooterEnabled", + "ContentMarkingWatermarkEnabled", + "SiteAndGroupProtectionEnabled", + "Priority", + "Disabled", + "PublishedInPolicies", + ], + actions: actions, + }; + + const simpleColumns = [ + "DisplayName", + "Name", + "ContentType", + "EncryptionEnabled", + "ContentMarkingHeaderEnabled", + "ContentMarkingWatermarkEnabled", + "SiteAndGroupProtectionEnabled", + "Priority", + "Disabled", + ]; + + return ( + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/retention-templates/index.js b/src/pages/security/compliance/retention-templates/index.js new file mode 100644 index 000000000000..291c989c35ec --- /dev/null +++ b/src/pages/security/compliance/retention-templates/index.js @@ -0,0 +1,108 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { GitHub } from "@mui/icons-material"; +import { ApiGetCall } from "../../../../api/ApiCall"; +import { CippPolicyImportDrawer } from "../../../../components/CippComponents/CippPolicyImportDrawer.jsx"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "Retention Policy Templates"; + const cardButtonPermissions = ["Security.RetentionCompliancePolicy.ReadWrite"]; + + const integrations = ApiGetCall({ + url: "/api/ListExtensionsConfig", + queryKey: "Integrations", + refetchOnMount: false, + refetchOnReconnect: false, + }); + + const actions = [ + { + label: "Save to GitHub", + type: "POST", + url: "/api/ExecCommunityRepo", + icon: , + data: { + Action: "UploadTemplate", + GUID: "GUID", + }, + fields: [ + { + label: "Repository", + name: "FullName", + type: "select", + api: { + url: "/api/ListCommunityRepos", + data: { WriteAccess: true }, + queryKey: "CommunityRepos-Write", + dataKey: "Results", + valueField: "FullName", + labelField: "FullName", + }, + multiple: false, + creatable: false, + required: true, + validators: { required: { value: true, message: "This field is required" } }, + }, + { + label: "Commit Message", + placeholder: "Enter a commit message for adding this file to GitHub", + name: "Message", + type: "textField", + multiline: true, + required: true, + rows: 4, + }, + ], + confirmText: "Are you sure you want to save this template to the selected repository?", + condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, + }, + { + label: "Delete Template", + type: "POST", + url: "/api/RemoveRetentionCompliancePolicyTemplate", + data: { ID: "GUID" }, + confirmText: "Do you want to delete the template?", + icon: , + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: ["name", "comments", "Enabled", "RestrictiveRetention", "GUID"], + actions: actions, + }; + + const simpleColumns = ["name", "comments", "Enabled", "RestrictiveRetention", "GUID"]; + + return ( + + + + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/retention/index.js b/src/pages/security/compliance/retention/index.js new file mode 100644 index 000000000000..962301013f29 --- /dev/null +++ b/src/pages/security/compliance/retention/index.js @@ -0,0 +1,111 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { Book, Block, Check } from "@mui/icons-material"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "Purview Retention Policies"; + const apiUrl = "/api/ListRetentionCompliancePolicy"; + const cardButtonPermissions = ["Security.RetentionCompliancePolicy.ReadWrite"]; + + const actions = [ + { + label: "Create template based on policy", + type: "POST", + icon: , + url: "/api/AddRetentionCompliancePolicyTemplate", + data: { Identity: "Name" }, + confirmText: "Are you sure you want to create a template based on this retention policy?", + }, + { + label: "Enable Policy", + type: "POST", + icon: , + url: "/api/EditRetentionCompliancePolicy", + data: { + State: "!enable", + Identity: "Name", + }, + confirmText: "Are you sure you want to enable this retention policy?", + condition: (row) => row.Enabled === false, + }, + { + label: "Disable Policy", + type: "POST", + icon: , + url: "/api/EditRetentionCompliancePolicy", + data: { + State: "!disable", + Identity: "Name", + }, + confirmText: "Are you sure you want to disable this retention policy?", + condition: (row) => row.Enabled === true, + }, + { + label: "Delete Policy", + type: "POST", + icon: , + url: "/api/RemoveRetentionCompliancePolicy", + data: { + Identity: "Name", + }, + confirmText: "Are you sure you want to delete this retention policy?", + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: [ + "Name", + "Comment", + "Enabled", + "Workload", + "RestrictiveRetention", + "ExchangeLocation", + "SharePointLocation", + "OneDriveLocation", + "ModernGroupLocation", + "TeamsChannelLocation", + "TeamsChatLocation", + "RuleCount", + "CreatedBy", + "WhenCreatedUTC", + "WhenChangedUTC", + ], + actions: actions, + }; + + const simpleColumns = [ + "Name", + "Enabled", + "Workload", + "RuleCount", + "RestrictiveRetention", + "CreatedBy", + "WhenCreatedUTC", + "WhenChangedUTC", + ]; + + return ( + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/sit-templates/index.js b/src/pages/security/compliance/sit-templates/index.js new file mode 100644 index 000000000000..3b6bf4b87121 --- /dev/null +++ b/src/pages/security/compliance/sit-templates/index.js @@ -0,0 +1,108 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { GitHub } from "@mui/icons-material"; +import { ApiGetCall } from "../../../../api/ApiCall"; +import { CippPolicyImportDrawer } from "../../../../components/CippComponents/CippPolicyImportDrawer.jsx"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "Sensitive Information Type Templates"; + const cardButtonPermissions = ["Security.SensitiveInfoType.ReadWrite"]; + + const integrations = ApiGetCall({ + url: "/api/ListExtensionsConfig", + queryKey: "Integrations", + refetchOnMount: false, + refetchOnReconnect: false, + }); + + const actions = [ + { + label: "Save to GitHub", + type: "POST", + url: "/api/ExecCommunityRepo", + icon: , + data: { + Action: "UploadTemplate", + GUID: "GUID", + }, + fields: [ + { + label: "Repository", + name: "FullName", + type: "select", + api: { + url: "/api/ListCommunityRepos", + data: { WriteAccess: true }, + queryKey: "CommunityRepos-Write", + dataKey: "Results", + valueField: "FullName", + labelField: "FullName", + }, + multiple: false, + creatable: false, + required: true, + validators: { required: { value: true, message: "This field is required" } }, + }, + { + label: "Commit Message", + placeholder: "Enter a commit message for adding this file to GitHub", + name: "Message", + type: "textField", + multiline: true, + required: true, + rows: 4, + }, + ], + confirmText: "Are you sure you want to save this template to the selected repository?", + condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, + }, + { + label: "Delete Template", + type: "POST", + url: "/api/RemoveSensitiveInfoTypeTemplate", + data: { ID: "GUID" }, + confirmText: "Do you want to delete the template?", + icon: , + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: ["name", "comments", "Pattern", "Confidence", "Locale", "GUID"], + actions: actions, + }; + + const simpleColumns = ["name", "comments", "Pattern", "Confidence", "Locale", "GUID"]; + + return ( + + + + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/security/compliance/sit/index.js b/src/pages/security/compliance/sit/index.js new file mode 100644 index 000000000000..3101f0502218 --- /dev/null +++ b/src/pages/security/compliance/sit/index.js @@ -0,0 +1,70 @@ +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { TrashIcon } from "@heroicons/react/24/outline"; +import { CippDeployCompliancePolicyDrawer } from "../../../../components/CippComponents/CippDeployCompliancePolicyDrawer.jsx"; +import { PermissionButton } from "../../../../utils/permissions.js"; + +const Page = () => { + const pageTitle = "Sensitive Information Types"; + const apiUrl = "/api/ListSensitiveInfoType"; + const cardButtonPermissions = ["Security.SensitiveInfoType.ReadWrite"]; + + const actions = [ + { + label: "Delete SIT", + type: "POST", + icon: , + url: "/api/RemoveSensitiveInfoType", + data: { + Identity: "Name", + }, + confirmText: + "Are you sure you want to delete this Sensitive Information Type? Built-in Microsoft types cannot be deleted.", + color: "danger", + }, + ]; + + const offCanvas = { + extendedInfoFields: [ + "Name", + "Description", + "Publisher", + "Recommended", + "RulePackId", + "RulePackVersion", + "State", + "Type", + ], + actions: actions, + }; + + const simpleColumns = [ + "Name", + "Publisher", + "Description", + "Recommended", + "RulePackVersion", + "State", + ]; + + return ( + + } + /> + ); +}; + +Page.getLayout = (page) => {page}; +export default Page; diff --git a/src/pages/teams-share/onedrive/index.js b/src/pages/teams-share/onedrive/index.js index b5ef1f7a2792..7c06e88f1441 100644 --- a/src/pages/teams-share/onedrive/index.js +++ b/src/pages/teams-share/onedrive/index.js @@ -8,10 +8,12 @@ const Page = () => { const reportDB = useCippReportDB({ apiUrl: '/api/ListSites?type=OneDriveUsageAccount', queryKey: 'ListSites-OneDriveUsageAccount', - cacheName: 'OneDriveUsage', - syncTitle: 'Sync OneDrive Usage', + cacheName: 'Sites', + syncTitle: 'Sync OneDrive Report', + syncData: { Types: 'OneDriveUsageAccount' }, allowToggle: true, defaultCached: false, + allowAllTenantSync: true, }) const actions = [ @@ -115,6 +117,6 @@ const Page = () => { ) } -Page.getLayout = (page) => {page} +Page.getLayout = (page) => {page} export default Page diff --git a/src/pages/teams-share/sharepoint/index.js b/src/pages/teams-share/sharepoint/index.js index ac08cec280cd..cf1353f52b7f 100644 --- a/src/pages/teams-share/sharepoint/index.js +++ b/src/pages/teams-share/sharepoint/index.js @@ -22,10 +22,12 @@ const Page = () => { const reportDB = useCippReportDB({ apiUrl: '/api/ListSites?type=SharePointSiteUsage', queryKey: 'ListSites-SharePointSiteUsage', - cacheName: 'SharePointSiteUsage', - syncTitle: 'Sync SharePoint Site Usage', + cacheName: 'Sites', + syncTitle: 'Sync SharePoint Sites Report', + syncData: { Types: 'SharePointSiteUsage' }, allowToggle: true, - defaultCached: false, + defaultCached: true, + allowAllTenantSync: true, }) const actions = [ @@ -270,6 +272,6 @@ const Page = () => { ) } -Page.getLayout = (page) => {page} +Page.getLayout = (page) => {page} export default Page diff --git a/src/pages/teams-share/teams/business-voice/index.js b/src/pages/teams-share/teams/business-voice/index.js index a3aa56764153..3c9354706147 100644 --- a/src/pages/teams-share/teams/business-voice/index.js +++ b/src/pages/teams-share/teams/business-voice/index.js @@ -1,10 +1,20 @@ import { Layout as DashboardLayout } from "../../../../layouts/index.js"; import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; import { PersonAdd, PersonRemove, LocationOn } from "@mui/icons-material"; const Page = () => { const pageTitle = "Teams Business Voice"; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListTeamsVoice", + queryKey: "ListTeamsVoice", + cacheName: "TeamsVoice", + syncTitle: "Sync Teams Business Voice Report", + allowToggle: true, + defaultCached: false, + }); + const actions = [ // the modal dropdowns that were added below may not exist yet, and will need to be tested. { @@ -81,34 +91,40 @@ const Page = () => { }; return ( - + <> + + {reportDB.syncDialog} + ); }; -Page.getLayout = (page) => {page}; +Page.getLayout = (page) => {page}; export default Page; diff --git a/src/pages/teams-share/teams/list-team/index.js b/src/pages/teams-share/teams/list-team/index.js index bf48cccb08a3..99b51994bafe 100644 --- a/src/pages/teams-share/teams/list-team/index.js +++ b/src/pages/teams-share/teams/list-team/index.js @@ -1,13 +1,24 @@ import { Layout as DashboardLayout } from "../../../../layouts/index.js"; import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; import { Button } from "@mui/material"; +import { Stack } from "@mui/system"; import { Delete, GroupAdd } from "@mui/icons-material"; import Link from "next/link"; import { Edit } from "@mui/icons-material"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; const Page = () => { const pageTitle = "Teams"; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListTeams?type=list", + queryKey: "ListTeams-list", + cacheName: "Teams", + syncTitle: "Sync Teams Report", + allowToggle: true, + defaultCached: false, + }); + const actions = [ { label: "Edit Group", @@ -32,22 +43,34 @@ const Page = () => { ]; return ( - - - - } - /> + <> + + + {reportDB.controls} + + } + /> + {reportDB.syncDialog} + ); }; -Page.getLayout = (page) => {page}; +Page.getLayout = (page) => {page}; export default Page; diff --git a/src/pages/teams-share/teams/teams-activity/index.js b/src/pages/teams-share/teams/teams-activity/index.js index 2f2797a57cbb..f5fb2bb53754 100644 --- a/src/pages/teams-share/teams/teams-activity/index.js +++ b/src/pages/teams-share/teams/teams-activity/index.js @@ -1,18 +1,40 @@ import { Layout as DashboardLayout } from "../../../../layouts/index.js"; import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { useCippReportDB } from "../../../../components/CippComponents/CippReportDBControls"; const Page = () => { const pageTitle = "Teams Activity List"; + const reportDB = useCippReportDB({ + apiUrl: "/api/ListTeamsActivity?type=TeamsUserActivityUser", + queryKey: "ListTeamsActivity-TeamsUserActivityUser", + cacheName: "TeamsActivity", + syncTitle: "Sync Teams Activity Report", + allowToggle: true, + defaultCached: false, + }); + return ( - + <> + + {reportDB.syncDialog} + ); }; -Page.getLayout = (page) => {page}; +Page.getLayout = (page) => {page}; export default Page; diff --git a/src/pages/tenant/conditional/list-policies/edit.jsx b/src/pages/tenant/conditional/list-policies/edit.jsx new file mode 100644 index 000000000000..156cd39f12b2 --- /dev/null +++ b/src/pages/tenant/conditional/list-policies/edit.jsx @@ -0,0 +1,75 @@ +import React, { useEffect, useState } from "react"; +import { Alert, Box } from "@mui/material"; +import { useForm } from "react-hook-form"; +import { useRouter } from "next/router"; +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import CippFormPage from "../../../../components/CippFormPages/CippFormPage"; +import CippFormSkeleton from "../../../../components/CippFormPages/CippFormSkeleton"; +import { ApiGetCall } from "../../../../api/ApiCall"; +import CippCAPolicyBuilder, { + extractCAPolicyJSON, +} from "../../../../components/CippComponents/CippCAPolicyBuilder"; +import { useSettings } from "../../../../hooks/use-settings.js"; + +const EditCAPolicy = () => { + const router = useRouter(); + const { id: policyId } = router.query; + const tenantFilter = useSettings()?.currentTenant; + const [policyData, setPolicyData] = useState(null); + + const formControl = useForm({ mode: "onChange" }); + + // Fetch the current policies for this tenant + const policiesQuery = ApiGetCall({ + url: `/api/ListConditionalAccessPolicies?tenantFilter=${tenantFilter}`, + queryKey: `CAPolicies-${tenantFilter}`, + enabled: !!policyId && !!tenantFilter, + }); + + useEffect(() => { + if (policiesQuery.isSuccess && policiesQuery.data?.Results) { + const match = policiesQuery.data.Results.find((p) => p.id === policyId); + if (match?.rawjson) { + const parsed = JSON.parse(match.rawjson); + setPolicyData(parsed); + } + } + }, [policiesQuery.isSuccess, policiesQuery.data, policyId]); + + const dataFormatter = (values) => { + const cleaned = extractCAPolicyJSON(values); + return { + tenantFilter, + PolicyId: policyId, + PolicyBody: cleaned, + }; + }; + + return ( + + + {policiesQuery.isLoading ? ( + + ) : policiesQuery.isError ? ( + Error loading policies. + ) : !policyData ? ( + Policy not found for ID: {policyId} + ) : ( + + )} + + + ); +}; + +EditCAPolicy.getLayout = (page) => {page}; + +export default EditCAPolicy; diff --git a/src/pages/tenant/conditional/list-policies/index.js b/src/pages/tenant/conditional/list-policies/index.js index d7f48eac6694..1e85c99b3ebc 100644 --- a/src/pages/tenant/conditional/list-policies/index.js +++ b/src/pages/tenant/conditional/list-policies/index.js @@ -25,6 +25,13 @@ const Page = () => { // Actions configuration const actions = [ + { + label: "Edit Policy", + link: "/tenant/conditional/list-policies/edit?id=[id]", + icon: , + color: "info", + hideBulk: true, + }, { label: "Create template based on policy", type: "POST", diff --git a/src/pages/tenant/conditional/list-template/create.jsx b/src/pages/tenant/conditional/list-template/create.jsx new file mode 100644 index 000000000000..1843c369c323 --- /dev/null +++ b/src/pages/tenant/conditional/list-template/create.jsx @@ -0,0 +1,39 @@ +import React from "react"; +import { Box } from "@mui/material"; +import { useForm } from "react-hook-form"; +import { Layout as DashboardLayout } from "../../../../layouts/index.js"; +import CippFormPage from "../../../../components/CippFormPages/CippFormPage"; +import CippCAPolicyBuilder, { extractCAPolicyJSON } from "../../../../components/CippComponents/CippCAPolicyBuilder"; + +const CreateCATemplate = () => { + const formControl = useForm({ + mode: "onChange", + defaultValues: { + state: { label: "Report-only", value: "enabledForReportingButNotEnforced" }, + }, + }); + + const customDataFormatter = (values) => { + return extractCAPolicyJSON(values); + }; + + return ( + + + + + + ); +}; + +CreateCATemplate.getLayout = (page) => {page}; + +export default CreateCATemplate; diff --git a/src/pages/tenant/conditional/list-template/edit.jsx b/src/pages/tenant/conditional/list-template/edit.jsx index 9521ddae99ed..6d82be777062 100644 --- a/src/pages/tenant/conditional/list-template/edit.jsx +++ b/src/pages/tenant/conditional/list-template/edit.jsx @@ -1,5 +1,5 @@ import React, { useEffect, useState } from "react"; -import { Alert, Box, Typography } from "@mui/material"; +import { Alert, Box, Typography, ToggleButtonGroup, ToggleButton } from "@mui/material"; import { useForm } from "react-hook-form"; import { useRouter } from "next/router"; import { Layout as DashboardLayout } from "../../../../layouts/index.js"; @@ -7,15 +7,29 @@ import CippFormPage from "../../../../components/CippFormPages/CippFormPage"; import CippFormSkeleton from "../../../../components/CippFormPages/CippFormSkeleton"; import { ApiGetCall } from "../../../../api/ApiCall"; import CippTemplateFieldRenderer from "../../../../components/CippComponents/CippTemplateFieldRenderer"; +import CippCAPolicyBuilder, { + extractCAPolicyJSON, +} from "../../../../components/CippComponents/CippCAPolicyBuilder"; const EditCATemplate = () => { const router = useRouter(); const { GUID } = router.query; const [templateData, setTemplateData] = useState(null); const [originalData, setOriginalData] = useState(null); + const [editorMode, setEditorMode] = useState("builder"); const formControl = useForm({ mode: "onChange" }); + // When switching to builder mode, reset the form to clear any empty [] + // values that CippTemplateFieldRenderer may have injected + const handleEditorModeChange = (e, val) => { + if (!val) return; + if (val === "builder" && editorMode !== "builder") { + formControl.reset({}); + } + setEditorMode(val); + }; + // Fetch the template data const templateQuery = ApiGetCall({ url: `/api/ListCATemplates?GUID=${GUID}`, @@ -110,6 +124,14 @@ const EditCATemplate = () => { }; }; + // Build a data formatter that works for both editor modes + const builderDataFormatter = (values) => { + const cleaned = extractCAPolicyJSON(values); + return { GUID, ...cleaned }; + }; + + const activeFormatter = editorMode === "builder" ? builderDataFormatter : customDataFormatter; + return ( { queryKey={[`CATemplate-${GUID}`, "CATemplates"]} backButtonTitle="Conditional Access Templates" postUrl="/api/ExecEditTemplate?type=CATemplate" - customDataformatter={customDataFormatter} + customDataformatter={activeFormatter} formPageType="Edit" + titleButton={ + + Policy Builder + Field Editor + + } > {templateQuery.isLoading ? ( ) : templateQuery.isError || !templateData ? ( Error loading template or template not found. + ) : editorMode === "builder" ? ( + ) : ( { const pageTitle = "Available Conditional Access Templates"; @@ -42,6 +43,37 @@ const Page = () => { icon: , color: "info", }, + { + label: "Add to package", + type: "POST", + url: "/api/ExecSetPackageTag", + data: { GUID: "GUID" }, + fields: [ + { + type: "textField", + name: "Package", + label: "Package Name", + required: true, + validators: { + required: { value: true, message: "Package name is required" }, + }, + }, + ], + confirmText: "Enter the package name to assign to the selected template(s).", + multiPost: true, + icon: , + color: "info", + }, + { + label: "Remove from package", + type: "POST", + url: "/api/ExecSetPackageTag", + data: { GUID: "GUID", Remove: true }, + confirmText: "Are you sure you want to remove the selected template(s) from their package?", + multiPost: true, + icon: , + color: "warning", + }, { label: "Save to GitHub", type: "POST", @@ -110,10 +142,16 @@ const Page = () => { queryKey="ListCATemplates-table" actions={actions} offCanvas={offCanvas} - simpleColumns={["displayName", "GUID"]} + simpleColumns={["displayName", "package", "GUID"]} cardButton={ - { templateDetails.refetch() }, currentTenant, + templateTenants: Array.isArray(selectedTemplate?.tenantFilter) + ? selectedTemplate.tenantFilter + : [], + excludedTenants: Array.isArray(selectedTemplate?.excludedTenants) + ? selectedTemplate.excludedTenants + : [], }), ] diff --git a/src/pages/tenant/manage/configuration-backup.js b/src/pages/tenant/manage/configuration-backup.js index 15154dc5e258..2d839fa6466d 100644 --- a/src/pages/tenant/manage/configuration-backup.js +++ b/src/pages/tenant/manage/configuration-backup.js @@ -89,8 +89,8 @@ const Page = () => { queryKey: `BackupTasks-${currentTenant}`, }); - // Use the actual backup files as the backup data - const filteredBackupData = Array.isArray(backupList.data) ? backupList.data : []; + // Use the actual backup files as the backup data — filter out any null entries + const filteredBackupData = Array.isArray(backupList.data) ? backupList.data.filter(Boolean) : []; // Generate backup tags from actual API response items - use raw items directly const generateBackupTags = (backup) => { // Use the Items array directly from the API response without any translation @@ -173,11 +173,12 @@ const Page = () => { }; // Filter backup data by selected tenant if in AllTenants view + const selectedTenantValue = backupTenantFilter?.value ?? backupTenantFilter; const tenantFilteredBackupData = settings.currentTenant === "AllTenants" && - backupTenantFilter && - backupTenantFilter !== "AllTenants" - ? filteredBackupData.filter((backup) => backup.TenantFilter === backupTenantFilter) + selectedTenantValue && + selectedTenantValue !== "AllTenants" + ? filteredBackupData.filter((backup) => backup.TenantFilter === selectedTenantValue) : filteredBackupData; const backupDisplayItems = tenantFilteredBackupData.map((backup, index) => ({ @@ -188,7 +189,7 @@ const Page = () => { tags: generateBackupTags(backup), })); - // Process existing backup configuration, find tenantFilter. by comparing settings.currentTenant with Tenant.value + // Process existing backup configuration const currentConfig = Array.isArray(existingBackupConfig.data) ? existingBackupConfig.data.find( (tenant) => @@ -383,8 +384,9 @@ const Page = () => { No Backup Configuration No backup schedule is currently configured for{" "} - {settings.currentTenant === "AllTenants" ? "any tenant" : settings.currentTenant}. - Click "Add Backup Schedule" to create an automated backup configuration. + {settings.currentTenant === "AllTenants" ? "AllTenants" : settings.currentTenant}. + Click "Add Backup Schedule" to create an automated backup configuration that will apply to all tenants. + A tenant specific backup can exist alongside a global backup, and will run according to its own schedule. )} diff --git a/src/pages/tenant/manage/drift.js b/src/pages/tenant/manage/drift.js index 8c383590ed04..df2a3869dc38 100644 --- a/src/pages/tenant/manage/drift.js +++ b/src/pages/tenant/manage/drift.js @@ -95,6 +95,12 @@ const ManageDriftPage = () => { queryKey: 'ListIntuneTemplates', }) + // API call to get all CA templates for displayName lookup + const caTemplatesApi = ApiGetCall({ + url: '/api/ListCATemplates', + queryKey: 'ListCATemplates', + }) + // API call for standards comparison (when templateId is available) const comparisonApi = ApiGetCall({ url: '/api/ListStandardsCompare', @@ -232,6 +238,14 @@ const ManageDriftPage = () => { displayName = template.TemplateList.label } } + // If not found in standardSettings, look up in all CA templates (for tag templates) + if (!displayName && Array.isArray(caTemplatesApi.data)) { + const template = caTemplatesApi.data.find((t) => t.GUID === guid) + if (template?.displayName) { + displayName = template.displayName + } + } + // If template not found, return null to filter it out later if (!displayName) { return null @@ -1362,6 +1376,7 @@ const ManageDriftPage = () => { ) // Actions for the ActionsMenu + const currentDriftTemplate = standardsApi.data?.find((t) => t.GUID === templateId) const actions = createDriftManagementActions({ templateId, onRefresh: () => { @@ -1375,6 +1390,12 @@ const ManageDriftPage = () => { setTriggerReport(true) }, currentTenant: tenantFilter, + templateTenants: Array.isArray(currentDriftTemplate?.tenantFilter) + ? currentDriftTemplate.tenantFilter + : [], + excludedTenants: Array.isArray(currentDriftTemplate?.excludedTenants) + ? currentDriftTemplate.excludedTenants + : [], }) // Effect to trigger the ExecutiveReportButton when needed diff --git a/src/pages/tenant/manage/driftManagementActions.js b/src/pages/tenant/manage/driftManagementActions.js index 5d7cd8e80488..7b3f59c7bca0 100644 --- a/src/pages/tenant/manage/driftManagementActions.js +++ b/src/pages/tenant/manage/driftManagementActions.js @@ -1,5 +1,6 @@ -import React from "react"; -import { Edit, Sync, PlayArrow, PictureAsPdf } from "@mui/icons-material"; +import React from 'react' +import { Edit, Sync, PlayArrow, PictureAsPdf } from '@mui/icons-material' +import { CippFormTemplateTenantSelector } from '../../../components/CippComponents/CippFormTemplateTenantSelector.jsx' /** * Creates the standard drift management actions array @@ -11,29 +12,31 @@ import { Edit, Sync, PlayArrow, PictureAsPdf } from "@mui/icons-material"; */ export const createDriftManagementActions = ({ templateId, - templateType = "classic", + templateType = 'classic', showEditTemplate = false, onRefresh, onGenerateReport, currentTenant, + templateTenants = [], + excludedTenants = [], }) => { const actions = [ { - label: "Refresh Data", + label: 'Refresh Data', icon: , noConfirm: true, customFunction: onRefresh, }, - ]; + ] // Add Generate Report action if handler is provided if (onGenerateReport) { actions.push({ - label: "Generate Report", + label: 'Generate Report', icon: , noConfirm: true, customFunction: onGenerateReport, - }); + }) } // Add template-specific actions if templateId is available @@ -41,57 +44,55 @@ export const createDriftManagementActions = ({ // Conditionally add Edit Template action if (showEditTemplate) { actions.push({ - label: "Edit Template", + label: 'Edit Template', icon: , - color: "info", + color: 'info', noConfirm: true, customFunction: () => { // Use Next.js router for internal navigation - import("next/router") + import('next/router') .then(({ default: router }) => { router.push( `/tenant/standards/templates/template?id=${templateId}&type=${templateType}` - ); + ) }) .catch(() => { // Fallback to window.location if router is not available - window.location.href = `/tenant/standards/templates/template?id=${templateId}&type=${templateType}`; - }); + window.location.href = `/tenant/standards/templates/template?id=${templateId}&type=${templateType}` + }) }, - }); + }) } - actions.push( - { - label: `Run Standard Now (${currentTenant || "Currently Selected Tenant"})`, - type: "GET", - url: "/api/ExecStandardsRun", - icon: , - data: { - TemplateId: templateId, - }, - confirmText: "Are you sure you want to force a run of this standard?", - multiPost: false, + actions.push({ + label: 'Run Standard Now', + type: 'GET', + url: '/api/ExecStandardsRun', + icon: , + data: { + TemplateId: templateId, }, - { - label: "Run Standard Now (All Tenants in Template)", - type: "GET", - url: "/api/ExecStandardsRun", - icon: , - data: { - TemplateId: templateId, - tenantFilter: "allTenants", - }, - confirmText: "Are you sure you want to force a run of this standard?", - multiPost: false, - } - ); + customDataformatter: (_row, _action, formData) => ({ + TemplateId: templateId, + tenantFilter: formData.tenantFilter?.value ?? formData.tenantFilter, + }), + children: ({ formHook }) => ( + + ), + confirmText: 'Are you sure you want to force a run of this standard?', + allowResubmit: true, + multiPost: false, + }) } - return actions; -}; + return actions +} /** * Default export for backward compatibility */ -export default createDriftManagementActions; +export default createDriftManagementActions diff --git a/src/pages/tenant/manage/policies-deployed.js b/src/pages/tenant/manage/policies-deployed.js index d38f68d03698..616f5a64491f 100644 --- a/src/pages/tenant/manage/policies-deployed.js +++ b/src/pages/tenant/manage/policies-deployed.js @@ -1,6 +1,6 @@ -import { Layout as DashboardLayout } from "../../../layouts/index.js"; -import { useRouter } from "next/router"; -import { Policy, Security, AdminPanelSettings, Devices, ExpandMore } from "@mui/icons-material"; +import { Layout as DashboardLayout } from '../../../layouts/index.js' +import { useRouter } from 'next/router' +import { Policy, Security, AdminPanelSettings, Devices, ExpandMore } from '@mui/icons-material' import { Box, Stack, @@ -9,34 +9,34 @@ import { AccordionSummary, AccordionDetails, Chip, -} from "@mui/material"; -import { HeaderedTabbedLayout } from "../../../layouts/HeaderedTabbedLayout"; -import tabOptions from "./tabOptions.json"; -import { CippDataTable } from "../../../components/CippTable/CippDataTable"; -import { CippHead } from "../../../components/CippComponents/CippHead"; -import { ApiGetCall } from "../../../api/ApiCall"; -import standardsData from "../../../data/standards.json"; -import { createDriftManagementActions } from "./driftManagementActions"; -import { useSettings } from "../../../hooks/use-settings"; -import { CippAutoComplete } from "../../../components/CippComponents/CippAutocomplete"; -import { useEffect } from "react"; +} from '@mui/material' +import { HeaderedTabbedLayout } from '../../../layouts/HeaderedTabbedLayout' +import tabOptions from './tabOptions.json' +import { CippDataTable } from '../../../components/CippTable/CippDataTable' +import { CippHead } from '../../../components/CippComponents/CippHead' +import { ApiGetCall } from '../../../api/ApiCall' +import standardsData from '../../../data/standards.json' +import { createDriftManagementActions } from './driftManagementActions' +import { useSettings } from '../../../hooks/use-settings' +import { CippAutoComplete } from '../../../components/CippComponents/CippAutocomplete' +import { useEffect } from 'react' const PoliciesDeployedPage = () => { - const userSettingsDefaults = useSettings(); - const router = useRouter(); - const { templateId } = router.query; - const tenantFilter = router.query.tenantFilter || userSettingsDefaults.tenantFilter; - const currentTenant = userSettingsDefaults.currentTenant; + const userSettingsDefaults = useSettings() + const router = useRouter() + const { templateId } = router.query + const tenantFilter = router.query.tenantFilter || userSettingsDefaults.tenantFilter + const currentTenant = userSettingsDefaults.currentTenant // API call to get standards template data const standardsApi = ApiGetCall({ - url: "/api/listStandardTemplates", - queryKey: "ListStandardsTemplates-Drift", - }); + url: '/api/listStandardTemplates', + queryKey: 'ListStandardsTemplates-Drift', + }) // API call to get standards comparison data const comparisonApi = ApiGetCall({ - url: "/api/ListStandardsCompare", + url: '/api/ListStandardsCompare', data: { TemplateId: templateId, TenantFilter: tenantFilter, @@ -44,66 +44,70 @@ const PoliciesDeployedPage = () => { }, queryKey: `StandardsCompare-${templateId}-${tenantFilter}`, enabled: !!templateId && !!tenantFilter, - }); + }) // API call to get drift data for deviation statuses const driftApi = ApiGetCall({ - url: "/api/listTenantDrift", + url: '/api/listTenantDrift', data: { tenantFilter: tenantFilter, standardsId: templateId, }, queryKey: `TenantDrift-${templateId}-${tenantFilter}`, enabled: !!templateId && !!tenantFilter, - }); + }) // API call to get all Intune templates for displayName lookup const intuneTemplatesApi = ApiGetCall({ - url: "/api/ListIntuneTemplates", - queryKey: "ListIntuneTemplates", - }); + url: '/api/ListIntuneTemplates', + queryKey: 'ListIntuneTemplates', + }) + + // API call to get all CA templates for displayName lookup + const caTemplatesApi = ApiGetCall({ + url: '/api/ListCATemplates', + queryKey: 'ListCATemplates', + }) // Find the current template from standards data - const currentTemplate = (standardsApi.data || []).find( - (template) => template.GUID === templateId - ); - const templateStandards = currentTemplate?.standards || {}; - const comparisonData = comparisonApi.data?.[0] || {}; + const currentTemplate = (standardsApi.data || []).find((template) => template.GUID === templateId) + const templateStandards = currentTemplate?.standards || {} + const comparisonData = comparisonApi.data?.[0] || {} // Helper function to get status from comparison data with deviation status const getStatus = (standardKey, templateValue = null, templateType = null) => { - const comparisonKey = `standards.${standardKey}`; - const comparisonItem = comparisonData[comparisonKey]; - const value = comparisonItem?.Value; + const comparisonKey = `standards.${standardKey}` + const comparisonItem = comparisonData[comparisonKey] + const value = comparisonItem?.Value // If value is true, it's deployed and compliant if (value === true) { - return "Deployed"; + return 'Deployed' } // Check if ExpectedValue and CurrentValue match (like drift.js does) if (comparisonItem?.ExpectedValue && comparisonItem?.CurrentValue) { try { - const expectedStr = JSON.stringify(comparisonItem.ExpectedValue); - const currentStr = JSON.stringify(comparisonItem.CurrentValue); + const expectedStr = JSON.stringify(comparisonItem.ExpectedValue) + const currentStr = JSON.stringify(comparisonItem.CurrentValue) if (expectedStr === currentStr) { - return "Deployed"; + return 'Deployed' } } catch (e) { - console.error("Error comparing values:", e); + console.error('Error comparing values:', e) } } // If value is explicitly false, it means not deployed (not a deviation) if (value === false) { - return "Not Deployed"; + return 'Not Deployed' } // If value is null/undefined, check drift data for deviation status - const driftData = Array.isArray(driftApi.data) ? driftApi.data : []; + const driftData = Array.isArray(driftApi.data) ? driftApi.data : [] // For templates, we need to match against the full template path - let searchKeys = [standardKey, `standards.${standardKey}`]; + let searchKeys = [standardKey, `standards.${standardKey}`] // Add template-specific search keys if (templateValue && templateType) { @@ -111,7 +115,7 @@ const PoliciesDeployedPage = () => { `standards.${templateType}.${templateValue}`, `${templateType}.${templateValue}`, templateValue - ); + ) } const deviation = driftData.find((item) => @@ -122,26 +126,26 @@ const PoliciesDeployedPage = () => { item.standardName?.includes(key) || item.policyName?.includes(key) ) - ); + ) if (deviation && deviation.Status) { - return `Deviation - ${deviation.Status}`; + return `Deviation - ${deviation.Status}` } // Only return "Deviation - New" if we have comparison data but value is null if (comparisonItem) { - return "Deviation - New"; + return 'Deviation - New' } - return "Not Configured"; - }; + return 'Not Configured' + } // Helper function to get display name from drift data const getDisplayNameFromDrift = (standardKey, templateValue = null, templateType = null) => { - const driftData = Array.isArray(driftApi.data) ? driftApi.data : []; + const driftData = Array.isArray(driftApi.data) ? driftApi.data : [] // For templates, we need to match against the full template path - let searchKeys = [standardKey, `standards.${standardKey}`]; + let searchKeys = [standardKey, `standards.${standardKey}`] // Add template-specific search keys if (templateValue && templateType) { @@ -149,7 +153,7 @@ const PoliciesDeployedPage = () => { `standards.${templateType}.${templateValue}`, `${templateType}.${templateValue}`, templateValue - ); + ) } const deviation = driftData.find((item) => @@ -160,277 +164,285 @@ const PoliciesDeployedPage = () => { item.standardName?.includes(key) || item.policyName?.includes(key) ) - ); + ) // If found in drift data, return the display name if (deviation?.standardDisplayName) { - return deviation.standardDisplayName; + return deviation.standardDisplayName } // If not found in drift data and this is an Intune template, look it up in the Intune templates API - if (templateType === "IntuneTemplate" && templateValue && intuneTemplatesApi.data) { - const template = intuneTemplatesApi.data.find((t) => t.GUID === templateValue); + if (templateType === 'IntuneTemplate' && templateValue && intuneTemplatesApi.data) { + const template = intuneTemplatesApi.data.find((t) => t.GUID === templateValue) if (template?.Displayname) { - return template.Displayname; + return template.Displayname + } + } + + // If not found in drift data and this is a CA template, look it up in the CA templates API + if (templateType === 'ConditionalAccessTemplate' && templateValue && caTemplatesApi.data) { + const template = caTemplatesApi.data.find((t) => t.GUID === templateValue) + if (template?.displayName) { + return template.displayName } } - return null; - }; + return null + } // Helper function to get last refresh date const getLastRefresh = (standardKey) => { - const comparisonKey = `standards.${standardKey}`; - const lastRefresh = comparisonData[comparisonKey]?.LastRefresh; - return lastRefresh ? new Date(lastRefresh).toLocaleDateString() : "N/A"; - }; + const comparisonKey = `standards.${standardKey}` + const lastRefresh = comparisonData[comparisonKey]?.LastRefresh + return lastRefresh ? new Date(lastRefresh).toLocaleDateString() : 'N/A' + } // Helper function to get standard name from standards.json const getStandardName = (standardKey) => { - const standardName = `standards.${standardKey}`; - const standard = standardsData.find((s) => s.name === standardName); - return standard?.label || standardKey.replace(/([A-Z])/g, " $1").trim(); - }; + const standardName = `standards.${standardKey}` + const standard = standardsData.find((s) => s.name === standardName) + return standard?.label || standardKey.replace(/([A-Z])/g, ' $1').trim() + } // Helper function to get template label from standards API data const getTemplateLabel = (templateValue, templateType) => { - if (!templateValue || !currentTemplate) return "Unknown Template"; + if (!templateValue || !currentTemplate) return 'Unknown Template' // Search through all templates in the current template data - const allTemplates = currentTemplate.standards || {}; + const allTemplates = currentTemplate.standards || {} // Look for the template in the specific type array if (allTemplates[templateType] && Array.isArray(allTemplates[templateType])) { const template = allTemplates[templateType].find( (t) => t.TemplateList?.value === templateValue - ); + ) if (template?.TemplateList?.label) { - return template.TemplateList.label; + return template.TemplateList.label } } // If not found in the specific type, search through all template types for (const [key, templates] of Object.entries(allTemplates)) { if (Array.isArray(templates)) { - const template = templates.find((t) => t.TemplateList?.value === templateValue); + const template = templates.find((t) => t.TemplateList?.value === templateValue) if (template?.TemplateList?.label) { - return template.TemplateList.label; + return template.TemplateList.label } } } - return "Unknown Template"; - }; + return 'Unknown Template' + } // Process Security Standards (everything NOT IntuneTemplates or ConditionalAccessTemplates) const deployedStandards = Object.entries(templateStandards) - .filter(([key]) => key !== "IntuneTemplate" && key !== "ConditionalAccessTemplate") + .filter(([key]) => key !== 'IntuneTemplate' && key !== 'ConditionalAccessTemplate') .map(([key, value], index) => ({ id: index + 1, name: getStandardName(key), - category: "Security Standard", + category: 'Security Standard', status: getStatus(key), lastModified: getLastRefresh(key), standardKey: key, - })); + })) // Process Intune Templates - const intunePolices = []; - (templateStandards.IntuneTemplate || []).forEach((template, index) => { - console.log("Processing IntuneTemplate in policies-deployed:", template); + const intunePolices = [] + ;(templateStandards.IntuneTemplate || []).forEach((template, index) => { + console.log('Processing IntuneTemplate in policies-deployed:', template) // Check if this template has TemplateList-Tags (try both property formats) - const templateListTags = template["TemplateList-Tags"] || template.TemplateListTags; + const templateListTags = template['TemplateList-Tags'] || template.TemplateListTags // Check if this template has TemplateList-Tags and expand them if (templateListTags?.value && templateListTags?.addedFields?.templates) { console.log( - "Found TemplateList-Tags for IntuneTemplate in policies-deployed:", + 'Found TemplateList-Tags for IntuneTemplate in policies-deployed:', templateListTags - ); - console.log("Templates to expand:", templateListTags.addedFields.templates); + ) + console.log('Templates to expand:', templateListTags.addedFields.templates) // Expand TemplateList-Tags into multiple template items templateListTags.addedFields.templates.forEach((expandedTemplate, expandedIndex) => { - console.log("Expanding IntuneTemplate in policies-deployed:", expandedTemplate); - const standardKey = `IntuneTemplate.${expandedTemplate.GUID}`; + console.log('Expanding IntuneTemplate in policies-deployed:', expandedTemplate) + const standardKey = `IntuneTemplate.${expandedTemplate.GUID}` const driftDisplayName = getDisplayNameFromDrift( standardKey, expandedTemplate.GUID, - "IntuneTemplate" - ); - const packageTagName = templateListTags.value; + 'IntuneTemplate' + ) + const packageTagName = templateListTags.value const templateName = - expandedTemplate.displayName || expandedTemplate.name || "Unknown Template"; + expandedTemplate.displayName || expandedTemplate.name || 'Unknown Template' intunePolices.push({ id: intunePolices.length + 1, name: `${driftDisplayName || templateName} (via ${packageTagName})`, - category: "Intune Template", - platform: "Multi-Platform", - status: getStatus(standardKey, expandedTemplate.GUID, "IntuneTemplate"), + category: 'Intune Template', + platform: 'Multi-Platform', + status: getStatus(standardKey, expandedTemplate.GUID, 'IntuneTemplate'), lastModified: getLastRefresh(standardKey), - assignedGroups: template.AssignTo || "N/A", + assignedGroups: template.AssignTo || 'N/A', templateValue: expandedTemplate.GUID, - }); - }); + }) + }) } else { // Regular TemplateList processing - const templateGuid = template.TemplateList?.value; - const standardKey = `IntuneTemplate.${templateGuid}`; - const driftDisplayName = getDisplayNameFromDrift(standardKey, templateGuid, "IntuneTemplate"); + const templateGuid = template.TemplateList?.value + const standardKey = `IntuneTemplate.${templateGuid}` + const driftDisplayName = getDisplayNameFromDrift(standardKey, templateGuid, 'IntuneTemplate') // Try multiple fallbacks for the name - let templateName = driftDisplayName; + let templateName = driftDisplayName if (!templateName) { - const templateLabel = getTemplateLabel(templateGuid, "IntuneTemplate"); - if (templateLabel !== "Unknown Template") { - templateName = `Intune - ${templateLabel}`; + const templateLabel = getTemplateLabel(templateGuid, 'IntuneTemplate') + if (templateLabel !== 'Unknown Template') { + templateName = `Intune - ${templateLabel}` } } // If still no name, try looking up directly in intuneTemplatesApi by GUID if (!templateName && templateGuid && intuneTemplatesApi.data) { - const intuneTemplate = intuneTemplatesApi.data.find((t) => t.GUID === templateGuid); + const intuneTemplate = intuneTemplatesApi.data.find((t) => t.GUID === templateGuid) if (intuneTemplate?.Displayname) { - templateName = intuneTemplate.Displayname; + templateName = intuneTemplate.Displayname } } // Final fallback if (!templateName) { - templateName = `Intune - ${templateGuid || "Unknown Template"}`; + templateName = `Intune - ${templateGuid || 'Unknown Template'}` } intunePolices.push({ id: intunePolices.length + 1, name: templateName, - category: "Intune Template", - platform: "Multi-Platform", - status: getStatus(standardKey, templateGuid, "IntuneTemplate"), + category: 'Intune Template', + platform: 'Multi-Platform', + status: getStatus(standardKey, templateGuid, 'IntuneTemplate'), lastModified: getLastRefresh(standardKey), - assignedGroups: template.AssignTo || "N/A", + assignedGroups: template.AssignTo || 'N/A', templateValue: templateGuid, - }); + }) } - }); + }) // Add any templates from comparison data that weren't in template standards (e.g., from tags) // Check for IntuneTemplate entries in comparison data Object.keys(comparisonData).forEach((key) => { - if (key.startsWith("standards.IntuneTemplate.")) { - const guid = key.replace("standards.IntuneTemplate.", ""); + if (key.startsWith('standards.IntuneTemplate.')) { + const guid = key.replace('standards.IntuneTemplate.', '') // Check if this GUID is already in our list - const alreadyExists = intunePolices.some((p) => p.templateValue === guid); + const alreadyExists = intunePolices.some((p) => p.templateValue === guid) if (!alreadyExists && comparisonData[key]?.Value === true) { - const standardKey = `IntuneTemplate.${guid}`; - const driftDisplayName = getDisplayNameFromDrift(standardKey, guid, "IntuneTemplate"); + const standardKey = `IntuneTemplate.${guid}` + const driftDisplayName = getDisplayNameFromDrift(standardKey, guid, 'IntuneTemplate') intunePolices.push({ id: intunePolices.length + 1, name: driftDisplayName || `Intune - ${guid}`, - category: "Intune Template", - platform: "Multi-Platform", - status: getStatus(standardKey, guid, "IntuneTemplate"), + category: 'Intune Template', + platform: 'Multi-Platform', + status: getStatus(standardKey, guid, 'IntuneTemplate'), lastModified: getLastRefresh(standardKey), - assignedGroups: "N/A", + assignedGroups: 'N/A', templateValue: guid, - }); + }) } } - }); + }) // Process Conditional Access Templates - const conditionalAccessPolicies = []; - (templateStandards.ConditionalAccessTemplate || []).forEach((template, index) => { - console.log("Processing ConditionalAccessTemplate in policies-deployed:", template); + const conditionalAccessPolicies = [] + ;(templateStandards.ConditionalAccessTemplate || []).forEach((template, index) => { + console.log('Processing ConditionalAccessTemplate in policies-deployed:', template) // Check if this template has TemplateList-Tags (try both property formats) - const templateListTags = template["TemplateList-Tags"] || template.TemplateListTags; + const templateListTags = template['TemplateList-Tags'] || template.TemplateListTags // Check if this template has TemplateList-Tags and expand them if (templateListTags?.value && templateListTags?.addedFields?.templates) { console.log( - "Found TemplateList-Tags for ConditionalAccessTemplate in policies-deployed:", + 'Found TemplateList-Tags for ConditionalAccessTemplate in policies-deployed:', templateListTags - ); - console.log("Templates to expand:", templateListTags.addedFields.templates); + ) + console.log('Templates to expand:', templateListTags.addedFields.templates) // Expand TemplateList-Tags into multiple template items templateListTags.addedFields.templates.forEach((expandedTemplate, expandedIndex) => { - console.log("Expanding ConditionalAccessTemplate in policies-deployed:", expandedTemplate); - const standardKey = `ConditionalAccessTemplate.${expandedTemplate.GUID}`; + console.log('Expanding ConditionalAccessTemplate in policies-deployed:', expandedTemplate) + const standardKey = `ConditionalAccessTemplate.${expandedTemplate.GUID}` const driftDisplayName = getDisplayNameFromDrift( standardKey, expandedTemplate.GUID, - "ConditionalAccessTemplate" - ); - const packageTagName = templateListTags.value; + 'ConditionalAccessTemplate' + ) + const packageTagName = templateListTags.value const templateName = - expandedTemplate.displayName || expandedTemplate.name || "Unknown Template"; + expandedTemplate.displayName || expandedTemplate.name || 'Unknown Template' conditionalAccessPolicies.push({ id: conditionalAccessPolicies.length + 1, name: `${driftDisplayName || templateName} (via ${packageTagName})`, - state: template.state || "Unknown", - conditions: "Conditional Access Policy", - controls: "Access Control", + state: template.state || 'Unknown', + conditions: 'Conditional Access Policy', + controls: 'Access Control', lastModified: getLastRefresh(standardKey), - status: getStatus(standardKey, expandedTemplate.GUID, "ConditionalAccessTemplate"), + status: getStatus(standardKey, expandedTemplate.GUID, 'ConditionalAccessTemplate'), templateValue: expandedTemplate.GUID, - }); - }); + }) + }) } else { // Regular TemplateList processing - const standardKey = `ConditionalAccessTemplate.${template.TemplateList?.value}`; + const standardKey = `ConditionalAccessTemplate.${template.TemplateList?.value}` const driftDisplayName = getDisplayNameFromDrift( standardKey, template.TemplateList?.value, - "ConditionalAccessTemplate" - ); + 'ConditionalAccessTemplate' + ) const templateLabel = getTemplateLabel( template.TemplateList?.value, - "ConditionalAccessTemplate" - ); + 'ConditionalAccessTemplate' + ) conditionalAccessPolicies.push({ id: conditionalAccessPolicies.length + 1, name: driftDisplayName || `Conditional Access - ${templateLabel}`, - state: template.state || "Unknown", - conditions: "Conditional Access Policy", - controls: "Access Control", + state: template.state || 'Unknown', + conditions: 'Conditional Access Policy', + controls: 'Access Control', lastModified: getLastRefresh(standardKey), - status: getStatus(standardKey, template.TemplateList?.value, "ConditionalAccessTemplate"), + status: getStatus(standardKey, template.TemplateList?.value, 'ConditionalAccessTemplate'), templateValue: template.TemplateList?.value, - }); + }) } - }); + }) // Add any CA templates from comparison data that weren't in template standards Object.keys(comparisonData).forEach((key) => { - if (key.startsWith("standards.ConditionalAccessTemplate.")) { - const guid = key.replace("standards.ConditionalAccessTemplate.", ""); + if (key.startsWith('standards.ConditionalAccessTemplate.')) { + const guid = key.replace('standards.ConditionalAccessTemplate.', '') // Check if this GUID is already in our list - const alreadyExists = conditionalAccessPolicies.some((p) => p.templateValue === guid); + const alreadyExists = conditionalAccessPolicies.some((p) => p.templateValue === guid) if (!alreadyExists && comparisonData[key]?.Value === true) { - const standardKey = `ConditionalAccessTemplate.${guid}`; + const standardKey = `ConditionalAccessTemplate.${guid}` const driftDisplayName = getDisplayNameFromDrift( standardKey, guid, - "ConditionalAccessTemplate" - ); + 'ConditionalAccessTemplate' + ) conditionalAccessPolicies.push({ id: conditionalAccessPolicies.length + 1, name: driftDisplayName || `Conditional Access - ${guid}`, - state: "Unknown", - conditions: "Conditional Access Policy", - controls: "Access Control", + state: 'Unknown', + conditions: 'Conditional Access Policy', + controls: 'Access Control', lastModified: getLastRefresh(standardKey), - status: getStatus(standardKey, guid, "ConditionalAccessTemplate"), + status: getStatus(standardKey, guid, 'ConditionalAccessTemplate'), templateValue: guid, - }); + }) } } - }); + }) // Simple filter for all templates (no type filtering) const templateOptions = standardsApi.data @@ -442,35 +454,41 @@ const PoliciesDeployedPage = () => { `Template ${template.GUID}`, value: template.GUID, })) - : []; + : [] // Find currently selected template const selectedTemplateOption = templateId && templateOptions.length ? templateOptions.find((option) => option.value === templateId) || null - : null; + : null // Effect to refetch APIs when templateId changes (needed for shallow routing) useEffect(() => { if (templateId) { - comparisonApi.refetch(); - driftApi.refetch(); + comparisonApi.refetch() + driftApi.refetch() } - }, [templateId]); + }, [templateId]) const actions = createDriftManagementActions({ templateId, - templateType: currentTemplate?.type || "classic", + templateType: currentTemplate?.type || 'classic', showEditTemplate: true, onRefresh: () => { - standardsApi.refetch(); - comparisonApi.refetch(); - driftApi.refetch(); + standardsApi.refetch() + comparisonApi.refetch() + driftApi.refetch() }, currentTenant, - }); - const title = "View Deployed Policies"; - const subtitle = []; + templateTenants: Array.isArray(currentTemplate?.tenantFilter) + ? currentTemplate.tenantFilter + : [], + excludedTenants: Array.isArray(currentTemplate?.excludedTenants) + ? currentTemplate.excludedTenants + : [], + }) + const title = 'View Deployed Policies' + const subtitle = [] return ( { {/* Filters Section */} - + { defaultValue={selectedTemplateOption} value={selectedTemplateOption} onChange={(selectedTemplate) => { - const query = { ...router.query }; + const query = { ...router.query } if (selectedTemplate && selectedTemplate.value) { - query.templateId = selectedTemplate.value; + query.templateId = selectedTemplate.value } else { - delete query.templateId; + delete query.templateId } router.replace( { @@ -507,7 +525,7 @@ const PoliciesDeployedPage = () => { }, undefined, { shallow: true } - ); + ) }} sx={{ width: 300 }} placeholder="Select template..." @@ -528,7 +546,7 @@ const PoliciesDeployedPage = () => { { title="Intune Templates" data={intunePolices} simpleColumns={[ - "name", - "category", - "platform", - "status", - "lastModified", - "assignedGroups", + 'name', + 'category', + 'platform', + 'status', + 'lastModified', + 'assignedGroups', ]} noCard={true} isFetching={ @@ -580,12 +598,12 @@ const PoliciesDeployedPage = () => { title="Conditional Access Templates" data={conditionalAccessPolicies} simpleColumns={[ - "name", - "state", - "status", - "conditions", - "controls", - "lastModified", + 'name', + 'state', + 'status', + 'conditions', + 'controls', + 'lastModified', ]} noCard={true} isFetching={ @@ -597,9 +615,9 @@ const PoliciesDeployedPage = () => { - ); -}; + ) +} -PoliciesDeployedPage.getLayout = (page) => {page}; +PoliciesDeployedPage.getLayout = (page) => {page} -export default PoliciesDeployedPage; +export default PoliciesDeployedPage diff --git a/src/pages/tenant/reports/list-licenses/index.js b/src/pages/tenant/reports/list-licenses/index.js index 35d61ea16158..4d877df75f8f 100644 --- a/src/pages/tenant/reports/list-licenses/index.js +++ b/src/pages/tenant/reports/list-licenses/index.js @@ -1,24 +1,92 @@ -import { Layout as DashboardLayout } from "../../../../layouts/index.js"; -import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; +import { Layout as DashboardLayout } from '../../../../layouts/index.js' +import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' +import { AssignmentInd } from '@mui/icons-material' +import CippFormComponent from '../../../../components/CippComponents/CippFormComponent' const Page = () => { - const pageTitle = "Licences Report"; - const apiUrl = "/api/ListLicenses"; + const pageTitle = 'Licences Report' + const apiUrl = '/api/ListLicenses' const simpleColumns = [ - "Tenant", - "License", - "CountUsed", - "CountAvailable", - "TotalLicenses", - "AssignedUsers", - "AssignedGroups", - "TermInfo", // TODO TermInfo is not showing as a clickable json object in the table, like CApolicies does in the mfa report. IDK how to fix it. -Bobby - ]; + 'Tenant', + 'License', + 'CountUsed', + 'CountAvailable', + 'TotalLicenses', + 'AssignedUsers', + 'AssignedGroups', + 'TermInfo', // TODO TermInfo is not showing as a clickable json object in the table, like CApolicies does in the mfa report. IDK how to fix it. -Bobby + ] - return ; -}; + const actions = [ + { + label: 'Assign License to User', + type: 'POST', + url: '/api/ExecBulkLicense', + icon: , + confirmText: 'Are you sure you want to assign [License] to the selected user?', + multiPost: false, + children: ({ formHook, row }) => ( + `${option.displayName} (${option.userPrincipalName})`, + valueField: 'id', + queryKey: `Users-${row?.Tenant}`, + data: { + Endpoint: 'users', + $select: 'id,displayName,userPrincipalName', + $count: true, + $orderby: 'displayName', + $top: 999, + }, + }} + /> + ), + customDataformatter: (row, action, formData) => ({ + tenantFilter: row.Tenant, + LicenseOperation: 'Add', + Licenses: [{ label: row.License, value: row.skuId }], + userIds: [formData.userIds?.value], + }), + }, + ] -Page.getLayout = (page) => {page}; + const offCanvas = { + extendedInfoFields: [ + 'Tenant', + 'License', + 'CountUsed', + 'CountAvailable', + 'TotalLicenses', + 'AssignedUsers', + 'AssignedGroups', + 'TermInfo', + ], + actions: actions, + } -export default Page; + return ( + + ) +} + +Page.getLayout = (page) => {page} + +export default Page diff --git a/src/pages/tenant/standards/alignment/index.js b/src/pages/tenant/standards/alignment/index.js index 45238be2960a..60c05489bc24 100644 --- a/src/pages/tenant/standards/alignment/index.js +++ b/src/pages/tenant/standards/alignment/index.js @@ -1,16 +1,248 @@ import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' import { Layout as DashboardLayout } from '../../../../layouts/index.js' import { TabbedLayout } from '../../../../layouts/TabbedLayout' +import { ApiGetCallWithPagination } from '../../../../api/ApiCall' +import { useSettings } from '../../../../hooks/use-settings' import { Delete, Edit } from '@mui/icons-material' -import { EyeIcon, ListBulletIcon, ChartBarIcon } from '@heroicons/react/24/outline' +import { EyeIcon, ListBulletIcon, ChartBarIcon, Squares2X2Icon } from '@heroicons/react/24/outline' import tabOptions from '../tabOptions.json' -import { useState } from 'react' -import { Box, Chip, Divider, Stack, Tooltip, Typography } from '@mui/material' +import { useEffect, useMemo, useState } from 'react' +import ReactMarkdown from 'react-markdown' +import remarkGfm from 'remark-gfm' +import { + Box, + Chip, + Divider, + Stack, + ToggleButton, + ToggleButtonGroup, + Tooltip, + Typography, +} from '@mui/material' import standardsData from '../../../../data/standards.json' +const complianceColors = { + compliant: 'success', + 'non-compliant': 'error', + 'accepted deviation': 'info', + 'customer specific': 'info', + 'license missing': 'warning', + 'reporting disabled': 'default', +} + +const compliancePriority = { + compliant: 10, + 'reporting disabled': 20, + 'customer specific': 30, + 'accepted deviation': 40, + 'license missing': 50, + 'non-compliant': 60, +} + +const getComplianceStatus = (status) => String(status ?? 'Unknown').trim() || 'Unknown' + +const getComplianceColor = (status) => + complianceColors[getComplianceStatus(status).toLowerCase()] ?? 'default' + +const getCompliancePriority = (status) => + compliancePriority[getComplianceStatus(status).toLowerCase()] ?? 0 + +const isAlignedComplianceStatus = (status) => + ['compliant', 'accepted deviation', 'customer specific'].includes( + getComplianceStatus(status).toLowerCase() + ) + +const getPageRows = (page) => { + if (Array.isArray(page)) return page + if (Array.isArray(page?.Results)) return page.Results + if (Array.isArray(page?.Data)) return page.Data + if (Array.isArray(page?.data)) return page.data + if (Array.isArray(page?.value)) return page.value + return [] +} + +const getStandardInfo = (standardId) => { + const baseName = standardId?.split('.').slice(0, -1).join('.') + return ( + standardsData.find((s) => s.name === standardId) ?? + standardsData.find((s) => s.name === baseName) + ) +} + const Page = () => { const pageTitle = 'Standard & Drift Alignment' - const [granular, setGranular] = useState(false) + const tenant = useSettings().currentTenant + const [viewMode, setViewMode] = useState('summary') + const [byStandardTenantFilter, setByStandardTenantFilter] = useState('all') + const isSummary = viewMode === 'summary' + const isGranular = viewMode === 'granular' + const isByStandard = viewMode === 'byStandard' + + const { + data: byStandardApiData, + fetchNextPage: fetchNextByStandardPage, + hasNextPage: byStandardHasNextPage, + isFetching: byStandardIsFetching, + isSuccess: byStandardIsSuccess, + } = ApiGetCallWithPagination({ + url: '/api/ListTenantAlignment', + data: { tenantFilter: tenant, granular: 'true' }, + queryKey: `listTenantAlignment-byStandard-source-${tenant}`, + waiting: isByStandard, + }) + + useEffect(() => { + if (isByStandard && byStandardIsSuccess && byStandardHasNextPage && !byStandardIsFetching) { + fetchNextByStandardPage() + } + }, [ + byStandardApiData?.pages?.length, + byStandardHasNextPage, + byStandardIsFetching, + byStandardIsSuccess, + fetchNextByStandardPage, + isByStandard, + ]) + + const byStandardSourceData = useMemo( + () => byStandardApiData?.pages?.flatMap((page) => getPageRows(page)) ?? [], + [byStandardApiData] + ) + + const byStandardData = useMemo(() => { + const groupedStandards = new Map() + + byStandardSourceData.forEach((row) => { + const standardKey = row.standardId || row.standardName + if (!standardKey) return + + const standardInfo = getStandardInfo(row.standardId) + const hasExactMatch = standardsData.find((s) => s.name === row.standardId) + const standardName = hasExactMatch + ? (standardInfo?.label ?? row.standardName ?? standardKey) + : (row.standardName ?? standardInfo?.label ?? standardKey) + + if (!groupedStandards.has(standardKey)) { + groupedStandards.set(standardKey, { + standardId: standardKey, + standardName, + category: standardInfo?.cat ?? 'Uncategorized', + standardTypes: new Set(), + tenants: new Map(), + }) + } + + const standard = groupedStandards.get(standardKey) + const standardType = row.standardType ?? row.templateType + if (standardType) standard.standardTypes.add(standardType) + + const tenantKey = row.tenantFilter ?? row.tenantName ?? row.Tenant ?? 'Unknown' + const status = getComplianceStatus(row.complianceStatus) + const tenant = standard.tenants.get(tenantKey) ?? { + tenantFilter: tenantKey, + complianceStatus: status, + rows: [], + } + + tenant.rows.push(row) + if (getCompliancePriority(status) > getCompliancePriority(tenant.complianceStatus)) { + tenant.complianceStatus = status + } + standard.tenants.set(tenantKey, tenant) + }) + + return Array.from(groupedStandards.values()) + .map((standard) => { + const tenants = Array.from(standard.tenants.values()) + .map((tenant) => { + const templateNames = [ + ...new Set(tenant.rows.map((row) => row.templateName).filter(Boolean)), + ] + const latestDataCollection = tenant.rows + .map((row) => row.latestDataCollection) + .filter(Boolean) + .sort((a, b) => new Date(b) - new Date(a))[0] + + return { + tenantFilter: tenant.tenantFilter, + complianceStatus: tenant.complianceStatus, + templateName: templateNames.join(', ') || 'N/A', + latestDataCollection, + rowCount: tenant.rows.length, + rows: tenant.rows, + } + }) + .sort((a, b) => a.tenantFilter.localeCompare(b.tenantFilter)) + + const counts = tenants.reduce( + (acc, tenant) => { + switch (getComplianceStatus(tenant.complianceStatus).toLowerCase()) { + case 'compliant': + acc.compliantCount += 1 + break + case 'non-compliant': + acc.nonCompliantCount += 1 + break + case 'accepted deviation': + acc.acceptedDeviationCount += 1 + break + case 'customer specific': + acc.customerSpecificCount += 1 + break + case 'license missing': + acc.licenseMissingCount += 1 + break + case 'reporting disabled': + acc.reportingDisabledCount += 1 + break + default: + acc.otherCount += 1 + } + return acc + }, + { + compliantCount: 0, + nonCompliantCount: 0, + acceptedDeviationCount: 0, + customerSpecificCount: 0, + licenseMissingCount: 0, + reportingDisabledCount: 0, + otherCount: 0, + } + ) + + const totalTenants = tenants.length + const alignedCount = + counts.compliantCount + counts.acceptedDeviationCount + counts.customerSpecificCount + const compliancePercentage = totalTenants + ? Math.round((alignedCount / totalTenants) * 100) + : 0 + const licenseMissingPercentage = totalTenants + ? Math.round((counts.licenseMissingCount / totalTenants) * 100) + : 0 + + return { + standardId: standard.standardId, + standardName: standard.standardName, + category: standard.category, + standardType: Array.from(standard.standardTypes).sort().join(', ') || 'N/A', + totalTenants, + alignedCount, + compliancePercentage, + alignmentScore: compliancePercentage, + LicenseMissingPercentage: licenseMissingPercentage, + complianceScore: `${compliancePercentage}%`, + summaryStatus: compliancePercentage === 100 ? 'Fully Compliant' : 'Needs Attention', + hasNonCompliant: counts.nonCompliantCount > 0 ? 'Yes' : 'No', + hasLicenseMissing: counts.licenseMissingCount > 0 ? 'Yes' : 'No', + hasAcceptedDeviation: counts.acceptedDeviationCount > 0 ? 'Yes' : 'No', + isFullyCompliant: compliancePercentage === 100 ? 'Yes' : 'No', + tenants, + ...counts, + } + }) + .sort((a, b) => a.standardName.localeCompare(b.standardName)) + }, [byStandardSourceData]) const summaryFilterList = [ { @@ -53,6 +285,29 @@ const Page = () => { }, ] + const byStandardFilterList = [ + { + filterName: 'Fully Compliant', + value: [{ id: 'isFullyCompliant', value: 'Yes' }], + type: 'column', + }, + { + filterName: 'Has Non-Compliant', + value: [{ id: 'hasNonCompliant', value: 'Yes' }], + type: 'column', + }, + { + filterName: 'License Missing', + value: [{ id: 'hasLicenseMissing', value: 'Yes' }], + type: 'column', + }, + { + filterName: 'Accepted Deviation', + value: [{ id: 'hasAcceptedDeviation', value: 'Yes' }], + type: 'column', + }, + ] + const summaryActions = [ { label: 'View Tenant Report', @@ -178,16 +433,7 @@ const Page = () => { standardsData.find((s) => s.name === baseName)?.label ?? row.standardName - const complianceColors = { - compliant: 'success', - 'non-compliant': 'error', - 'accepted deviation': 'info', - 'customer specific': 'info', - 'license missing': 'warning', - 'reporting disabled': 'default', - } - const statusColor = - complianceColors[String(row.complianceStatus ?? '').toLowerCase()] ?? 'default' + const statusColor = getComplianceColor(row.complianceStatus) const properties = [ { label: 'Standard', value: prettyName }, @@ -434,39 +680,245 @@ const Page = () => { }, } + const byStandardOffCanvas = { + size: 'md', + title: 'Standard Tenant Summary', + contentPadding: 0, + children: (row) => { + const standardInfo = getStandardInfo(row.standardId) + const properties = [ + { label: 'Standard', value: row.standardName }, + { label: 'Category', value: row.category }, + { label: 'Type', value: row.standardType }, + { label: 'Tenants', value: row.totalTenants }, + { label: 'Compliance', value: `${row.alignmentScore}%` }, + { label: 'Licenses Missing', value: `${row.LicenseMissingPercentage}%` }, + ] + const tenants = row.tenants ?? [] + const compliantTenants = tenants.filter((tenant) => + isAlignedComplianceStatus(tenant.complianceStatus) + ) + const nonCompliantTenants = tenants.filter( + (tenant) => !isAlignedComplianceStatus(tenant.complianceStatus) + ) + const filteredTenants = + byStandardTenantFilter === 'compliant' + ? compliantTenants + : byStandardTenantFilter === 'nonCompliant' + ? nonCompliantTenants + : tenants + + return ( + + } + sx={{ borderBottom: '1px solid', borderColor: 'divider' }} + > + {properties.map(({ label, value }) => ( + + + {label} + + + {value ?? 'N/A'} + + + ))} + + + {standardInfo?.helpText && ( + + + Description + + + {standardInfo.helpText} + + + )} + + + + + Tenant Compliance + + { + if (newFilter !== null) setByStandardTenantFilter(newFilter) + }} + sx={{ + alignSelf: { xs: 'flex-start', sm: 'center' }, + '& .MuiToggleButton-root': { py: 0.25, px: 1, fontSize: '0.75rem' }, + }} + > + All ({tenants.length}) + Compliant ({compliantTenants.length}) + + Noncompliant ({nonCompliantTenants.length}) + + + + {filteredTenants.length === 0 && ( + + No tenants match this filter. + + )} + {filteredTenants.map((tenant) => ( + + + + + {tenant.tenantFilter} + + + Template: {tenant.templateName} + + + + + + Last Applied:{' '} + {tenant.latestDataCollection + ? new Date(tenant.latestDataCollection).toLocaleString() + : 'N/A'} + {tenant.rowCount > 1 ? ` (${tenant.rowCount} template matches)` : ''} + + + ))} + + + ) + }, + } + const modeToggle = ( - - - ) : ( - - ) - } - label={granular ? 'Per Standard' : 'Summary'} - onClick={() => setGranular((v) => !v)} - color="primary" - variant="filled" - size="small" - clickable - /> - + { + if (newViewMode !== null) setViewMode(newViewMode) + }} + sx={{ '& .MuiToggleButton-root': { py: 0.25, px: 1, fontSize: '0.75rem' } }} + > + + + + + Summary + + + + + + + + Per Standard + + + + + + + + By Standard + + + + ) return ( { 'standardType', 'latestDataCollection', ] - : [ - 'tenantFilter', - 'standardName', - 'standardType', - 'alignmentScore', - 'LicenseMissingPercentage', - 'combinedAlignmentScore', - 'currentDeviationsCount', - ] + : isByStandard + ? [ + 'standardName', + 'category', + 'standardType', + 'totalTenants', + 'tenants', + 'compliancePercentage', + 'LicenseMissingPercentage', + 'alignedCount', + 'compliantCount', + 'nonCompliantCount', + 'licenseMissingCount', + 'acceptedDeviationCount', + ] + : [ + 'tenantFilter', + 'standardName', + 'standardType', + 'alignmentScore', + 'LicenseMissingPercentage', + 'combinedAlignmentScore', + 'pendingDeviationsCount', + 'deniedDeviationsCount', + ] + } + queryKey={ + isGranular + ? 'listTenantAlignment-granular' + : isByStandard + ? 'listTenantAlignment-byStandard' + : 'listTenantAlignment' } - queryKey={granular ? 'listTenantAlignment-granular' : 'listTenantAlignment'} - offCanvas={granular ? granularOffCanvas : undefined} + offCanvas={isGranular ? granularOffCanvas : isByStandard ? byStandardOffCanvas : undefined} + offCanvasOnRowClick={isByStandard} cardButton={modeToggle} /> ) diff --git a/src/pages/tenant/standards/bpa-report/view.js b/src/pages/tenant/standards/bpa-report/view.js index f85fb633a3a3..6abd0203b330 100644 --- a/src/pages/tenant/standards/bpa-report/view.js +++ b/src/pages/tenant/standards/bpa-report/view.js @@ -10,7 +10,7 @@ import { useEffect, useState } from "react"; import CippButtonCard from "../../../../components/CippCards/CippButtonCard"; import { CippDataTable } from "../../../../components/CippTable/CippDataTable"; import { CippImageCard } from "../../../../components/CippCards/CippImageCard"; -import _ from "lodash"; +import { get } from "lodash"; const Page = () => { const router = useRouter(); const { id } = router.query; @@ -52,8 +52,8 @@ const Page = () => { const tenantData = bpaData?.data?.Data?.find((data) => data.GUID === tenantId); const cards = frontendFields.map((field) => { //instead of this, use lodash to get the data for blockData - const blockData = _.get(tenantData, field.value) - ? _.get(tenantData, field.value) + const blockData = get(tenantData, field.value) + ? get(tenantData, field.value) : undefined; return { name: field.name, diff --git a/src/pages/tenant/standards/templates/index.js b/src/pages/tenant/standards/templates/index.js index b23752c50d9b..e6b82787f7db 100644 --- a/src/pages/tenant/standards/templates/index.js +++ b/src/pages/tenant/standards/templates/index.js @@ -1,152 +1,151 @@ -import { Alert, Button } from "@mui/material"; -import { CippTablePage } from "../../../../components/CippComponents/CippTablePage.jsx"; -import { Layout as DashboardLayout } from "../../../../layouts/index.js"; // had to add an extra path here because I added an extra folder structure. We should switch to absolute pathing so we dont have to deal with relative. -import { TabbedLayout } from "../../../../layouts/TabbedLayout"; -import Link from "next/link"; -import { CopyAll, Delete, PlayArrow, AddBox, Edit, GitHub, ContentCopy } from "@mui/icons-material"; -import { ApiGetCall, ApiPostCall } from "../../../../api/ApiCall"; -import { Grid } from "@mui/system"; -import { CippApiResults } from "../../../../components/CippComponents/CippApiResults"; -import { EyeIcon } from "@heroicons/react/24/outline"; -import tabOptions from "../tabOptions.json"; -import { useSettings } from "../../../../hooks/use-settings.js"; -import { CippPolicyImportDrawer } from "../../../../components/CippComponents/CippPolicyImportDrawer.jsx"; -import { PermissionButton } from "../../../../utils/permissions.js"; +import { Alert, Button } from '@mui/material' +import { CippTablePage } from '../../../../components/CippComponents/CippTablePage.jsx' +import { Layout as DashboardLayout } from '../../../../layouts/index.js' // had to add an extra path here because I added an extra folder structure. We should switch to absolute pathing so we dont have to deal with relative. +import { TabbedLayout } from '../../../../layouts/TabbedLayout' +import Link from 'next/link' +import { CopyAll, Delete, PlayArrow, AddBox, Edit, GitHub, ContentCopy } from '@mui/icons-material' +import { ApiGetCall, ApiPostCall } from '../../../../api/ApiCall' +import { Grid } from '@mui/system' +import { CippApiResults } from '../../../../components/CippComponents/CippApiResults' +import { EyeIcon } from '@heroicons/react/24/outline' +import tabOptions from '../tabOptions.json' +import { CippPolicyImportDrawer } from '../../../../components/CippComponents/CippPolicyImportDrawer.jsx' +import { PermissionButton } from '../../../../utils/permissions.js' +import { CippFormTemplateTenantSelector } from '../../../../components/CippComponents/CippFormTemplateTenantSelector.jsx' const Page = () => { - const oldStandards = ApiGetCall({ url: "/api/ListStandards", queryKey: "ListStandards-legacy" }); + const oldStandards = ApiGetCall({ url: '/api/ListStandards', queryKey: 'ListStandards-legacy' }) const integrations = ApiGetCall({ - url: "/api/ListExtensionsConfig", - queryKey: "Integrations", + url: '/api/ListExtensionsConfig', + queryKey: 'Integrations', refetchOnMount: false, refetchOnReconnect: false, - }); + }) - const currentTenant = useSettings().currentTenant; - const pageTitle = "Templates"; - const cardButtonPermissions = ["Tenant.Standards.ReadWrite"]; + const pageTitle = 'Templates' + const cardButtonPermissions = ['Tenant.Standards.ReadWrite'] const actions = [ { - label: "View Tenant Report", - link: "/tenant/manage/applied-standards/?templateId=[GUID]", + label: 'View Tenant Report', + link: '/tenant/manage/applied-standards/?templateId=[GUID]', icon: , - color: "info", - target: "_self", + color: 'info', + target: '_self', }, { - label: "Edit Template", + label: 'Edit Template', //when using a link it must always be the full path /identity/administration/users/[id] for example. - link: "/tenant/standards/templates/template?id=[GUID]&type=[type]", + link: '/tenant/standards/templates/template?id=[GUID]&type=[type]', icon: , - color: "success", - target: "_self", + color: 'success', + target: '_self', }, { - label: "Clone & Edit Template", - link: "/tenant/standards/templates/template?id=[GUID]&clone=true&type=[type]", + label: 'Clone & Edit Template', + link: '/tenant/standards/templates/template?id=[GUID]&clone=true&type=[type]', icon: , - color: "success", - target: "_self", + color: 'success', + target: '_self', }, { - label: "Create Drift Clone", - type: "POST", - url: "/api/ExecDriftClone", + label: 'Create Drift Clone', + type: 'POST', + url: '/api/ExecDriftClone', icon: , - color: "warning", + color: 'warning', data: { - id: "GUID", + id: 'GUID', }, confirmText: - "Are you sure you want to create a drift clone of [templateName]? This will create a new drift template based on this template.", + 'Are you sure you want to create a drift clone of [templateName]? This will create a new drift template based on this template.', multiPost: false, }, { - label: `Run Template Now (${currentTenant || "Currently Selected Tenant"})`, - type: "GET", - url: "/api/ExecStandardsRun", + label: 'Run Template Now', + type: 'GET', + url: '/api/ExecStandardsRun', icon: , data: { - TemplateId: "GUID", + TemplateId: 'GUID', }, - confirmText: "Are you sure you want to force a run of this template?", + allowResubmit: true, + customDataformatter: (row, action, formData) => ({ + TemplateId: row.GUID, + tenantFilter: formData.tenantFilter?.value ?? formData.tenantFilter, + }), + children: ({ formHook, row }) => ( + + ), + confirmText: 'Are you sure you want to force a run of this template?', multiPost: false, }, { - label: "Run Template Now (All Tenants in Template)", - type: "GET", - url: "/api/ExecStandardsRun", - icon: , - data: { - TemplateId: "GUID", - tenantFilter: "allTenants", - }, - confirmText: "Are you sure you want to force a run of this template?", - multiPost: false, - }, - { - label: "Save to GitHub", - type: "POST", - url: "/api/ExecCommunityRepo", + label: 'Save to GitHub', + type: 'POST', + url: '/api/ExecCommunityRepo', icon: , data: { - Action: "UploadTemplate", - GUID: "GUID", + Action: 'UploadTemplate', + GUID: 'GUID', }, fields: [ { - label: "Repository", - name: "FullName", - type: "select", + label: 'Repository', + name: 'FullName', + type: 'select', api: { - url: "/api/ListCommunityRepos", + url: '/api/ListCommunityRepos', data: { WriteAccess: true, }, - queryKey: "CommunityRepos-Write", - dataKey: "Results", - valueField: "FullName", - labelField: "FullName", + queryKey: 'CommunityRepos-Write', + dataKey: 'Results', + valueField: 'FullName', + labelField: 'FullName', }, multiple: false, creatable: false, required: true, validators: { - required: { value: true, message: "This field is required" }, + required: { value: true, message: 'This field is required' }, }, }, { - label: "Commit Message", - placeholder: "Enter a commit message for adding this file to GitHub", - name: "Message", - type: "textField", + label: 'Commit Message', + placeholder: 'Enter a commit message for adding this file to GitHub', + name: 'Message', + type: 'textField', multiline: true, required: true, rows: 4, }, ], - confirmText: "Are you sure you want to save this template to the selected repository?", + confirmText: 'Are you sure you want to save this template to the selected repository?', condition: () => integrations.isSuccess && integrations?.data?.GitHub?.Enabled, }, { - label: "Delete Template", - type: "POST", - url: "/api/RemoveStandardTemplate", + label: 'Delete Template', + type: 'POST', + url: '/api/RemoveStandardTemplate', icon: , data: { - ID: "GUID", + ID: 'GUID', }, - confirmText: "Are you sure you want to delete [templateName]?", + confirmText: 'Are you sure you want to delete [templateName]?', multiPost: false, }, - ]; - const conversionApi = ApiPostCall({ relatedQueryKeys: "listStandardTemplates" }); + ] + const conversionApi = ApiPostCall({ relatedQueryKeys: 'listStandardTemplates' }) const handleConversion = () => { conversionApi.mutate({ - url: "/api/execStandardConvert", + url: '/api/execStandardConvert', data: {}, - }); - }; + }) + } const tableFilter = (
    {oldStandards.isSuccess && oldStandards.data.length !== 0 && ( @@ -154,7 +153,7 @@ const Page = () => { You have legacy standards available. Press the button to convert these standards to @@ -163,7 +162,7 @@ const Page = () => { they are correct and re-enable the schedule. - @@ -175,7 +174,7 @@ const Page = () => { )}
    - ); + ) return ( { actions={actions} tableFilter={tableFilter} simpleColumns={[ - "templateName", - "type", - "tenantFilter", - "excludedTenants", - "updatedAt", - "updatedBy", - "runManually", - "standards", + 'templateName', + 'type', + 'tenantFilter', + 'excludedTenants', + 'updatedAt', + 'updatedBy', + 'runManually', + 'standards', ]} queryKey="listStandardTemplates" /> - ); -}; + ) +} Page.getLayout = (page) => ( {page} -); +) -export default Page; +export default Page diff --git a/src/pages/tenant/standards/templates/template.jsx b/src/pages/tenant/standards/templates/template.jsx index 19cf27c788f2..7e442863b3f1 100644 --- a/src/pages/tenant/standards/templates/template.jsx +++ b/src/pages/tenant/standards/templates/template.jsx @@ -1,205 +1,205 @@ -import { Box, Button, Container, Stack, Typography, SvgIcon, Skeleton } from "@mui/material"; -import { Grid } from "@mui/system"; -import { Layout as DashboardLayout } from "../../../../layouts/index.js"; -import { useForm, useWatch } from "react-hook-form"; -import { useRouter } from "next/router"; -import { Add, SaveRounded } from "@mui/icons-material"; -import { useEffect, useState, useCallback, useMemo, useRef, lazy, Suspense } from "react"; -import standards from "../../../../data/standards"; -import CippStandardAccordion from "../../../../components/CippStandards/CippStandardAccordion"; +import { Box, Button, Container, Stack, Typography, SvgIcon, Skeleton } from '@mui/material' +import { Grid } from '@mui/system' +import { Layout as DashboardLayout } from '../../../../layouts/index.js' +import { useForm, useWatch } from 'react-hook-form' +import { useRouter } from 'next/router' +import { Add, SaveRounded } from '@mui/icons-material' +import { useEffect, useState, useCallback, useMemo, useRef, lazy, Suspense } from 'react' +import standards from '../../../../data/standards' +import CippStandardAccordion from '../../../../components/CippStandards/CippStandardAccordion' // Lazy load the dialog to improve initial page load performance const CippStandardDialog = lazy( - () => import("../../../../components/CippStandards/CippStandardDialog"), -); -import CippStandardsSideBar from "../../../../components/CippStandards/CippStandardsSideBar"; -import { ArrowLeftIcon } from "@mui/x-date-pickers"; -import { useDialog } from "../../../../hooks/use-dialog"; -import { ApiGetCall } from "../../../../api/ApiCall"; -import _ from "lodash"; -import { createDriftManagementActions } from "../../manage/driftManagementActions"; -import { ActionsMenu } from "../../../../components/actions-menu"; -import { useSettings } from "../../../../hooks/use-settings"; -import { CippHead } from "../../../../components/CippComponents/CippHead"; + () => import('../../../../components/CippStandards/CippStandardDialog') +) +import CippStandardsSideBar from '../../../../components/CippStandards/CippStandardsSideBar' +import { ArrowLeftIcon } from '@mui/x-date-pickers' +import { useDialog } from '../../../../hooks/use-dialog' +import { ApiGetCall } from '../../../../api/ApiCall' +import { get } from 'lodash' +import { createDriftManagementActions } from '../../manage/driftManagementActions' +import { ActionsMenu } from '../../../../components/actions-menu' +import { useSettings } from '../../../../hooks/use-settings' +import { CippHead } from '../../../../components/CippComponents/CippHead' const Page = () => { - const router = useRouter(); - const [editMode, setEditMode] = useState(false); - const formControl = useForm({ mode: "onBlur" }); - const { formState } = formControl; - const [dialogOpen, setDialogOpen] = useState(false); - const [expanded, setExpanded] = useState(null); - const [searchQuery, setSearchQuery] = useState(""); - const [selectedStandards, setSelectedStandards] = useState({}); - const [updatedAt, setUpdatedAt] = useState(false); - const [hasUnsavedChanges, setHasUnsavedChanges] = useState(false); - const [currentStep, setCurrentStep] = useState(0); - const [hasDriftConflict, setHasDriftConflict] = useState(false); - const initialStandardsRef = useRef({}); - - const currentTenant = useSettings().currentTenant; + const router = useRouter() + const [editMode, setEditMode] = useState(false) + const formControl = useForm({ mode: 'onBlur' }) + const { formState } = formControl + const [dialogOpen, setDialogOpen] = useState(false) + const [expanded, setExpanded] = useState(null) + const [searchQuery, setSearchQuery] = useState('') + const [selectedStandards, setSelectedStandards] = useState({}) + const [updatedAt, setUpdatedAt] = useState(false) + const [hasUnsavedChanges, setHasUnsavedChanges] = useState(false) + const [currentStep, setCurrentStep] = useState(0) + const [hasDriftConflict, setHasDriftConflict] = useState(false) + const initialStandardsRef = useRef({}) + + const currentTenant = useSettings().currentTenant // Check if this is drift mode - const isDriftMode = router.query.type === "drift"; + const isDriftMode = router.query.type === 'drift' // Set drift mode flag in form when in drift mode useEffect(() => { if (isDriftMode) { - formControl.setValue("isDriftTemplate", true); + formControl.setValue('isDriftTemplate', true) } - }, [isDriftMode, formControl]); + }, [isDriftMode, formControl]) // Watch form values to check valid configuration - const watchForm = useWatch({ control: formControl.control }); + const watchForm = useWatch({ control: formControl.control }) const existingTemplate = ApiGetCall({ url: `/api/listStandardTemplates`, data: { id: router.query.id }, queryKey: `listStandardTemplates-${router.query.id}`, waiting: editMode, - }); + }) // Check if the template configuration is valid and update currentStep useEffect(() => { const stepsStatus = { - step1: !!_.get(watchForm, "templateName"), - step2: _.get(watchForm, "tenantFilter", []).length > 0, + step1: !!get(watchForm, 'templateName'), + step2: get(watchForm, 'tenantFilter', []).length > 0, step3: Object.keys(selectedStandards).length > 0, step4: - _.get(watchForm, "standards") && + get(watchForm, 'standards') && Object.keys(selectedStandards).length > 0 && Object.keys(selectedStandards).every((standardName) => { - const standardValues = _.get(watchForm, standardName, {}); + const standardValues = get(watchForm, standardName, {}) // Always require an action value which should be an array with at least one element - const actionValue = _.get(standardValues, "action"); - return actionValue && (!Array.isArray(actionValue) || actionValue.length > 0); + const actionValue = get(standardValues, 'action') + return actionValue && (!Array.isArray(actionValue) || actionValue.length > 0) }), - }; + } - const completedSteps = Object.values(stepsStatus).filter(Boolean).length; - setCurrentStep(completedSteps); - }, [selectedStandards, watchForm, isDriftMode]); + const completedSteps = Object.values(stepsStatus).filter(Boolean).length + setCurrentStep(completedSteps) + }, [selectedStandards, watchForm, isDriftMode]) // Handle route change events const handleRouteChange = useCallback( (url) => { if (hasUnsavedChanges) { const confirmLeave = window.confirm( - "You have unsaved changes. Are you sure you want to leave this page?", - ); + 'You have unsaved changes. Are you sure you want to leave this page?' + ) if (!confirmLeave) { - router.events.emit("routeChangeError"); - throw "Route change was aborted"; + router.events.emit('routeChangeError') + throw 'Route change was aborted' } } }, - [hasUnsavedChanges, router], - ); + [hasUnsavedChanges, router] + ) // Handle browser back/forward navigation or tab close useEffect(() => { const handleBeforeUnload = (e) => { if (hasUnsavedChanges) { - e.preventDefault(); - e.returnValue = "You have unsaved changes. Are you sure you want to leave this page?"; - return e.returnValue; + e.preventDefault() + e.returnValue = 'You have unsaved changes. Are you sure you want to leave this page?' + return e.returnValue } - }; + } // Add event listeners - window.addEventListener("beforeunload", handleBeforeUnload); - router.events.on("routeChangeStart", handleRouteChange); + window.addEventListener('beforeunload', handleBeforeUnload) + router.events.on('routeChangeStart', handleRouteChange) // Remove event listeners on cleanup return () => { - window.removeEventListener("beforeunload", handleBeforeUnload); - router.events.off("routeChangeStart", handleRouteChange); - }; - }, [hasUnsavedChanges, handleRouteChange, router.events]); + window.removeEventListener('beforeunload', handleBeforeUnload) + router.events.off('routeChangeStart', handleRouteChange) + } + }, [hasUnsavedChanges, handleRouteChange, router.events]) // Track form changes useEffect(() => { // Compare the current form values with the initial values to check for real changes - const currentValues = formControl.getValues(); - const initialValues = initialStandardsRef.current; + const currentValues = formControl.getValues() + const initialValues = initialStandardsRef.current if ( formState.isDirty || JSON.stringify(selectedStandards) !== JSON.stringify(initialStandardsRef.current) ) { - setHasUnsavedChanges(true); + setHasUnsavedChanges(true) } else { - setHasUnsavedChanges(false); + setHasUnsavedChanges(false) } - }, [formState.isDirty, selectedStandards, formControl]); + }, [formState.isDirty, selectedStandards, formControl]) useEffect(() => { if (router.query.id) { - setEditMode(true); + setEditMode(true) } if (existingTemplate.isSuccess) { //formControl.reset(existingTemplate.data?.[0]); - const apiData = existingTemplate.data?.[0]; + const apiData = existingTemplate.data?.[0] Object.keys(apiData.standards).forEach((key) => { if (Array.isArray(apiData.standards[key])) { apiData.standards[key] = apiData.standards[key].filter( - (value) => value !== null && value !== undefined, - ); + (value) => value !== null && value !== undefined + ) } - }); + }) - formControl.reset(apiData); + formControl.reset(apiData) if (router.query.clone) { - formControl.setValue("templateName", `${apiData.templateName} (Clone)`); - formControl.setValue("GUID", ""); + formControl.setValue('templateName', `${apiData.templateName} (Clone)`) + formControl.setValue('GUID', '') } //set the updated at date and user setUpdatedAt({ date: apiData?.updatedAt, user: apiData?.updatedBy, - }); + }) // Transform standards from the API to match the format for selectedStandards - const standardsFromApi = apiData?.standards; - const transformedStandards = {}; + const standardsFromApi = apiData?.standards + const transformedStandards = {} Object.keys(standardsFromApi).forEach((key) => { if (Array.isArray(standardsFromApi[key])) { standardsFromApi[key].forEach((_, index) => { - transformedStandards[`standards.${key}[${index}]`] = true; - }); + transformedStandards[`standards.${key}[${index}]`] = true + }) } else { - transformedStandards[`standards.${key}`] = true; + transformedStandards[`standards.${key}`] = true } - }); + }) - setSelectedStandards(transformedStandards); + setSelectedStandards(transformedStandards) // Store initial state for change detection - initialStandardsRef.current = { ...transformedStandards }; - setHasUnsavedChanges(false); + initialStandardsRef.current = { ...transformedStandards } + setHasUnsavedChanges(false) } - }, [existingTemplate.isSuccess, router]); + }, [existingTemplate.isSuccess, router]) // Memoize categories to avoid unnecessary recalculations const categories = useMemo(() => { return standards.reduce((acc, standard) => { - const { cat } = standard; + const { cat } = standard if (!acc[cat]) { - acc[cat] = []; + acc[cat] = [] } - acc[cat].push(standard); - return acc; - }, {}); - }, []); + acc[cat].push(standard) + return acc + }, {}) + }, []) const handleOpenDialog = useCallback(() => { - setDialogOpen(true); - }, []); + setDialogOpen(true) + }, []) const handleCloseDialog = useCallback(() => { - setDialogOpen(false); - setSearchQuery(""); - }, []); + setDialogOpen(false) + setSearchQuery('') + }, []) const filterStandards = (standardsList) => standardsList.filter( @@ -207,149 +207,161 @@ const Page = () => { standard.label.toLowerCase().includes(searchQuery.toLowerCase()) || standard.helpText.toLowerCase().includes(searchQuery.toLowerCase()) || (standard.tag && - standard.tag.some((tag) => tag.toLowerCase().includes(searchQuery.toLowerCase()))), - ); + standard.tag.some((tag) => tag.toLowerCase().includes(searchQuery.toLowerCase()))) || + (standard.appliesToTest && + standard.appliesToTest.some((testId) => + testId.toLowerCase().includes(searchQuery.toLowerCase()) + )) + ) const handleToggleStandard = (standardName) => { setSelectedStandards((prev) => ({ ...prev, [standardName]: !prev[standardName], - })); - }; + })) + } const handleAddMultipleStandard = (standardName) => { //if the standardname contains an array qualifier,e.g standardName[0], strip that away. - const arrayPattern = /(.*)\[(\d+)\]$/; - const match = standardName.match(arrayPattern); + const arrayPattern = /(.*)\[(\d+)\]$/ + const match = standardName.match(arrayPattern) if (match) { - standardName = match[1]; + standardName = match[1] } setSelectedStandards((prev) => { - const existingInstances = Object.keys(prev).filter((name) => name.startsWith(standardName)); - const newIndex = existingInstances.length; + const existingInstances = Object.keys(prev).filter((name) => name.startsWith(standardName)) + const newIndex = existingInstances.length return { ...prev, [`${standardName}[${newIndex}]`]: true, - }; - }); - }; + } + }) + } const handleRemoveStandard = (standardName) => { - const arrayPattern = /(.*)\[(\d+)\]$/; - const match = standardName.match(arrayPattern); + const arrayPattern = /(.*)\[(\d+)\]$/ + const match = standardName.match(arrayPattern) if (match) { - const baseName = match[1]; - const removedIndex = parseInt(match[2]); + const baseName = match[1] + const removedIndex = parseInt(match[2]) // Remove the item from the form array - const currentArray = formControl.getValues(baseName) || []; - const updatedArray = currentArray.filter((_, i) => i !== removedIndex); - formControl.setValue(baseName, updatedArray); + const currentArray = formControl.getValues(baseName) || [] + const updatedArray = currentArray.filter((_, i) => i !== removedIndex) + formControl.setValue(baseName, updatedArray) // Re-index selectedStandards to keep indices contiguous - const escapedBaseName = baseName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); - const reindexPattern = new RegExp(`^${escapedBaseName}\\[(\\d+)\\]$`); + const escapedBaseName = baseName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&') + const reindexPattern = new RegExp(`^${escapedBaseName}\\[(\\d+)\\]$`) setSelectedStandards((prev) => { - const newSelected = {}; + const newSelected = {} Object.keys(prev).forEach((key) => { - const keyMatch = key.match(reindexPattern); + const keyMatch = key.match(reindexPattern) if (keyMatch) { - const idx = parseInt(keyMatch[1]); + const idx = parseInt(keyMatch[1]) if (idx < removedIndex) { - newSelected[key] = prev[key]; + newSelected[key] = prev[key] } else if (idx > removedIndex) { // Shift higher indices down by 1 - newSelected[`${baseName}[${idx - 1}]`] = prev[key]; + newSelected[`${baseName}[${idx - 1}]`] = prev[key] } // Skip the removed index } else { - newSelected[key] = prev[key]; + newSelected[key] = prev[key] } - }); - return newSelected; - }); + }) + return newSelected + }) } else { setSelectedStandards((prev) => { - const newSelected = { ...prev }; - delete newSelected[standardName]; - return newSelected; - }); - formControl.unregister(standardName); + const newSelected = { ...prev } + delete newSelected[standardName] + return newSelected + }) + formControl.unregister(standardName) } - }; + } const handleAccordionToggle = (standardName) => { - setExpanded((prev) => (prev === standardName ? null : standardName)); - }; + setExpanded((prev) => (prev === standardName ? null : standardName)) + } - const createDialog = useDialog(); + const createDialog = useDialog() // Save action that will open the create dialog const handleSave = () => { - createDialog.handleOpen(); + createDialog.handleOpen() // Will be set to false after successful save in the dialog component - }; + } // Determine if save button should be disabled based on configuration const isSaveDisabled = isDriftMode - ? !_.get(watchForm, "tenantFilter") || - !_.get(watchForm, "tenantFilter").length || + ? !get(watchForm, 'tenantFilter') || + !get(watchForm, 'tenantFilter').length || currentStep < 4 || hasDriftConflict // For drift mode, require all steps and no drift conflicts - : !_.get(watchForm, "tenantFilter") || - !_.get(watchForm, "tenantFilter").length || - currentStep < 4; + : !get(watchForm, 'tenantFilter') || + !get(watchForm, 'tenantFilter').length || + currentStep < 4 // Create drift management actions (excluding refresh) const driftActions = useMemo(() => { - if (!editMode || !router.query.id) return []; + if (!editMode || !router.query.id) return [] const allActions = createDriftManagementActions({ templateId: router.query.id, - onRefresh: () => {}, // Empty function since we're filtering out refresh + onRefresh: () => {}, currentTenant: currentTenant, - }); + templateTenants: Array.isArray(watchForm?.tenantFilter) ? watchForm.tenantFilter : [], + excludedTenants: Array.isArray(watchForm?.excludedTenants) ? watchForm.excludedTenants : [], + }) // Filter out the refresh action - return allActions.filter((action) => action.label !== "Refresh Data"); - }, [editMode, router.query.id, currentTenant]); + return allActions.filter((action) => action.label !== 'Refresh Data') + }, [ + editMode, + router.query.id, + currentTenant, + watchForm?.tenantFilter, + watchForm?.excludedTenants, + ]) - const actions = []; + const actions = [] const steps = [ - "Set a name for the Template", - "Assigned Template to Tenants", - "Added Standards to Template", - "Configured all Standards", - ]; + 'Set a name for the Template', + 'Assigned Template to Tenants', + 'Added Standards to Template', + 'Configured all Standards', + ] const handleSafeNavigation = (url) => { if (hasUnsavedChanges) { const confirmLeave = window.confirm( - "You have unsaved changes. Are you sure you want to leave this page?", - ); + 'You have unsaved changes. Are you sure you want to leave this page?' + ) if (confirmLeave) { - router.push(url); + router.push(url) } } else { - router.push(url); + router.push(url) } - }; + } return ( - + @@ -364,11 +376,11 @@ const Page = () => { {editMode ? isDriftMode - ? "Edit Drift Template" - : "Edit Standards Template" + ? 'Edit Drift Template' + : 'Edit Standards Template' : isDriftMode - ? "Add Drift Template" - : "Add Standards Template"} + ? 'Add Drift Template' + : 'Add Standards Template'}