Merge remote-tracking branch 'upstream/main'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cipp",
-  "version": "6.1.0",
+  "version": "6.1.1",
   "description": "The CyberDrain Improved Partner Portal is a portal to help manage administration for Microsoft Partners.",
   "homepage": "https://cipp.app/",
   "bugs": {

public/version_latest.txt

@@ -1 +1 @@
-6.1.0
+6.1.1

src/_nav.jsx

@@ -790,8 +790,23 @@ const _nav = [
       },
       {
         component: CNavItem,
-        name: 'Phishing Policies',
-        to: '/email/reports/phishing-policies',
+        name: 'Anti-Phishing Filters',
+        to: '/email/reports/antiphishing-filters',
+      },
+      {
+        component: CNavItem,
+        name: 'Malware Filters',
+        to: '/email/reports/malware-filters',
+      },
+      {
+        component: CNavItem,
+        name: 'Safe Links Filters',
+        to: '/email/reports/safelinks-filters',
+      },
+      {
+        component: CNavItem,
+        name: 'Safe Attachments Filters',
+        to: '/email/reports/safeattachments-filters',
       },
       {
         component: CNavItem,

src/data/Extensions.json

@@ -186,6 +186,11 @@
         "label": "Hudu API Key",
         "placeholder": "Enter your Hudu API Key"
       },
+      {
+        "type": "checkbox",
+        "name": "Hudu.Enabled",
+        "label": "Enable Integration"
+      },
       {
         "type": "checkbox",
         "name": "Hudu.CreateMissingUsers",
@@ -196,10 +201,20 @@
         "name": "Hudu.CreateMissingDevices",
         "label": "Create missing devices in Hudu"
       },
+      {
+        "type": "text",
+        "name": "Hudu.ExcludeSerials",
+        "label": "Exclude device serials (comma separated)"
+      },
       {
         "type": "checkbox",
-        "name": "Hudu.Enabled",
-        "label": "Enable Integration"
+        "name": "Hudu.ImportDomains",
+        "label": "Import domains from M365"
+      },
+      {
+        "type": "checkbox",
+        "name": "Hudu.MonitorDomains",
+        "label": "Monitor domains in Hudu"
       }
     ],
     "mappingRequired": true,

src/data/standards.json

@@ -5,11 +5,6 @@
     "tag": ["lowimpact"],
     "helpText": "Defines the email address to receive general updates and information related to M365 subscriptions. Leave a contact field blank if you do not want to update the contact information.",
     "docsDescription": "",
-    "disabledFeatures": {
-      "report": false,
-      "warn": false,
-      "remediate": false
-    },
     "addedComponent": [
       {
         "type": "input",
@@ -589,7 +584,7 @@
   {
     "name": "standards.OauthConsentLowSec",
     "cat": "Entra (AAD) Standards",
-    "tag": ["mediumimpact"],
+    "tag": ["mediumimpact", "IntegratedApps"],
     "helpText": "Sets the default oauth consent level so users can consent to applications that have low risks.",
     "docsDescription": "Allows users to consent to applications with low assigned risk.",
     "label": "Allow users to consent to applications with low security risk (Prevent OAuth phishing. Lower impact, less secure)",
@@ -645,7 +640,9 @@
     "addedComponent": [],
     "label": "Disables Voice call as an MFA method",
     "impact": "High Impact",
-    "impactColour": "danger"
+    "impactColour": "danger",
+    "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration",
+    "recommendedBy": []
   },
   {
     "name": "standards.DisableEmail",
@@ -1281,6 +1278,19 @@
     "powershellEquivalent": "Get-Mailbox & Update-MgUser",
     "recommendedBy": ["CIS"]
   },
+  {
+    "name": "standards.EXODisableAutoForwarding",
+    "cat": "Exchange Standards",
+    "tag": ["highimpact", "CIS", "mdo_autoforwardingmode", "mdo_blockmailforward"],
+    "helpText": "Disables the ability for users to automatically forward e-mails to external recipients.",
+    "docsDescription": "Disables the ability for users to automatically forward e-mails to external recipients. This is to prevent data exfiltration. Please check if there are any legitimate use cases for this feature before implementing, like forwarding invoices and such.",
+    "addedComponent": [],
+    "label": "Disable automatic forwarding to external recipients",
+    "impact": "High Impact",
+    "impactColour": "danger",
+    "powershellEquivalent": "Set-HostedOutboundSpamFilterPolicy -AutoForwardingMode 'Off'",
+    "recommendedBy": ["CIS"]
+  },
   {
     "name": "standards.QuarantineRequestAlert",
     "cat": "Defender Standards",
@@ -1339,7 +1349,8 @@
       "mdo_highconfidencephishaction",
       "mdo_phisspamacation",
       "mdo_spam_notifications_only_for_admins",
-      "mdo_antiphishingpolicies"
+      "mdo_antiphishingpolicies",
+      "mdo_phishthresholdlevel"
     ],
     "helpText": "This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.",
     "addedComponent": [
@@ -1635,6 +1646,11 @@
           }
         ]
       },
+      {
+        "type": "input",
+        "name": "standards.MalwareFilterPolicy.OptionalFileTypes",
+        "label": "Optional File Types, Comma separated"
+      },
       {
         "type": "Select",
         "label": "QuarantineTag",
@@ -2081,23 +2097,62 @@
     "name": "standards.DisableAddShortcutsToOneDrive",
     "cat": "SharePoint Standards",
     "tag": ["mediumimpact"],
-    "helpText": "When the feature is disabled the option Add shortcut to OneDrive will be removed. Any folders that have already been added will remain on the user's computer.",
-    "disabledFeatures": {
-      "report": true,
-      "warn": true,
-      "remediate": false
-    },
-    "addedComponent": [],
-    "label": "Disable Add Shortcuts To OneDrive",
+    "helpText": "If disabled, the button Add shortcut to OneDrive will be removed and users in the tenant will no longer be able to add new shortcuts to their OneDrive. Existing shortcuts will remain functional",
+    "addedComponent": [
+      {
+        "type": "Select",
+        "label": "Add Shortcuts To OneDrive button state",
+        "name": "standards.DisableAddShortcutsToOneDrive.state",
+        "values": [
+          {
+            "label": "Disabled",
+            "value": "true"
+          },
+          {
+            "label": "Enabled",
+            "value": "false"
+          }
+        ]
+      }
+    ],
+    "label": "Set Add Shortcuts To OneDrive button state",
+    "impact": "Medium Impact",
+    "impactColour": "warning",
+    "powershellEquivalent": "Set-SPOTenant -DisableAddShortcutsToOneDrive $true or $false",
+    "recommendedBy": []
+  },
+  {
+    "name": "standards.SPSyncButtonState",
+    "cat": "SharePoint Standards",
+    "tag": ["mediumimpact"],
+    "helpText": "If disabled, users in the tenant will no longer be able to use the Sync button to sync SharePoint content on all sites. However, existing synced content will remain functional on the user's computer.",
+    "addedComponent": [
+      {
+        "type": "Select",
+        "label": "SharePoint Sync Button state",
+        "name": "standards.SPSyncButtonState.state",
+        "values": [
+          {
+            "label": "Disabled",
+            "value": "true"
+          },
+          {
+            "label": "Enabled",
+            "value": "false"
+          }
+        ]
+      }
+    ],
+    "label": "Set SharePoint sync button state",
     "impact": "Medium Impact",
     "impactColour": "warning",
-    "powershellEquivalent": "Graph API or Portal",
+    "powershellEquivalent": "Set-SPOTenant -HideSyncButtonOnTeamSite $true or $false",
     "recommendedBy": []
   },
   {
     "name": "standards.DisableSharePointLegacyAuth",
     "cat": "SharePoint Standards",
-    "tag": ["mediumimpact", "CIS"],
+    "tag": ["mediumimpact", "CIS", "spo_legacy_auth"],
     "helpText": "Disables the ability to authenticate with SharePoint using legacy authentication methods. Any applications that use legacy authentication will need to be updated to use modern authentication.",
     "docsDescription": "Disables the ability for users and applications to access SharePoint via legacy basic authentication. This will likely not have any user impact, but will block systems/applications depending on basic auth or the SharePointOnlineCredentials class.",
     "addedComponent": [],

src/importsMap.jsx

@@ -133,7 +133,10 @@ import React from 'react'
   "/email/reports/mailbox-cas-settings": React.lazy(() => import('./views/email-exchange/reports/MailboxClientAccessSettingsList')), 
   "/email/reports/message-trace": React.lazy(() => import('./views/email-exchange/reports/MessageTrace')), 
   "/cipp/user-settings": React.lazy(() => import('./views/cipp/UserSettings')), 
-  "/email/reports/phishing-policies": React.lazy(() => import('./views/email-exchange/reports/PhishingPoliciesList')), 
+  "/email/reports/antiphishing-filters": React.lazy(() => import('./views/email-exchange/reports/AntiPhishingFilters')), 
+  "/email/reports/malware-filters": React.lazy(() => import('./views/email-exchange/reports/MalwareFilters')), 
+  "/email/reports/safelinks-filters": React.lazy(() => import('./views/email-exchange/reports/SafeLinksFilters')), 
+  "/email/reports/safeattachments-filters": React.lazy(() => import('./views/email-exchange/reports/SafeAttachmentsFilters')), 
   "/security/incidents/list-alerts": React.lazy(() => import('./views/security/incidents/ListAlerts')), 
   "/security/incidents/list-incidents": React.lazy(() => import('./views/security/incidents/ListIncidents')), 
   "/security/reports/list-device-compliance": React.lazy(() => import('./views/security/reports/ListDeviceComplianceReport')), 

src/routes.json

@@ -890,9 +890,27 @@
     "allowedRoles": ["admin", "editor", "readonly"]
   },
   {
-    "name": "Phishing Policies",
-    "path": "/email/reports/phishing-policies",
-    "component": "views/email-exchange/reports/PhishingPoliciesList",
+    "path": "/email/reports/antiphishing-filters",
+    "name": "Anti Phishing Filters",
+    "component": "views/email-exchange/reports/AntiPhishingFilters",
+    "allowedRoles": ["admin", "editor", "readonly"]
+  },
+  {
+    "path": "/email/reports/malware-filters",
+    "name": "Malware Filters",
+    "component": "views/email-exchange/reports/MalwareFilters",
+    "allowedRoles": ["admin", "editor", "readonly"]
+  },
+  {
+    "path": "/email/reports/safelinks-filters",
+    "name": "Safe Links Filters",
+    "component": "views/email-exchange/reports/SafeLinksFilters",
+    "allowedRoles": ["admin", "editor", "readonly"]
+  },
+  {
+    "path": "/email/reports/safeattachments-filters",
+    "name": "Safe Attachment Filters",
+    "component": "views/email-exchange/reports/SafeAttachmentsFilters",
     "allowedRoles": ["admin", "editor", "readonly"]
   },
   {

src/views/cipp/ExtensionSync.jsx

@@ -19,49 +19,49 @@ const ExtensionSync = () => {
   const columns = [
     {
       name: 'Tenant',
-      selector: (row) => row['Tenant'],
+      selector: (row) => row?.Tenant,
       sortable: true,
       cell: cellGenericFormatter(),
       exportSelector: 'Tenants',
     },
     {
       name: 'Sync Type',
-      selector: (row) => row['SyncType'],
+      selector: (row) => row?.SyncType,
       sortable: true,
       cell: cellBadgeFormatter({ color: 'info' }),
       exportSelector: 'SyncType',
     },
     {
       name: 'Task',
-      selector: (row) => row['Name'],
+      selector: (row) => row?.Name,
       sortable: true,
       cell: cellGenericFormatter(),
       exportSelector: 'Name',
     },
     {
       name: 'Scheduled Time',
-      selector: (row) => row['ScheduledTime'],
+      selector: (row) => row?.ScheduledTime,
       sortable: true,
       cell: cellDateFormatter({ format: 'short' }),
       exportSelector: 'ScheduledTime',
     },
     {
       name: 'Last Run',
-      selector: (row) => row['ExecutedTime'],
+      selector: (row) => row?.ExecutedTime,
       sortable: true,
       cell: cellDateFormatter({ format: 'short' }),
       exportSelector: 'ExecutedTime',
     },
     {
       name: 'Repeats every',
-      selector: (row) => row['RepeatsEvery'],
+      selector: (row) => row?.RepeatsEvery,
       sortable: true,
       cell: (row) => CellTip(row['RepeatsEvery']),
       exportSelector: 'RepeatsEvery',
     },
     {
       name: 'Results',
-      selector: (row) => row['Results'],
+      selector: (row) => row?.Results,
       sortable: true,
       cell: cellGenericFormatter(),
       exportSelector: 'Results',

src/views/cipp/Setup.jsx

@@ -286,7 +286,7 @@ const Setup = () => {
                 type="text"
                 name="TenantID"
                 label="Tenant ID"
-                placeholder="Enter the Tenant ID. e.g. mymsp.onmicrosoft.com. Leave blank to retain a previous key if this exists."
+                placeholder="Enter the Tenant ID. e.g. 1111-1111-1111-1111-11111. Leave blank to retain a previous key if this exists."
               />
             </CCol>
           </CRow>

src/views/cipp/UserSettings.jsx

@@ -156,28 +156,36 @@ const UserSettings = () => {
                       <CRow className="mb-3">
                         <h3 className="underline mb-5">Offboarding Defaults</h3>
                         <CCol>
-                          <RFFCFormSwitch name="RevokeSessions" label="Revoke all sessions" />
-                          <RFFCFormSwitch name="RemoveMobile" label="Remove all Mobile Devices" />
-                          <RFFCFormSwitch name="RemoveRules" label="Remove all Rules" />
-                          <RFFCFormSwitch name="RemoveLicenses" label="Remove Licenses" />
+                          <RFFCFormSwitch
+                            name="ConvertToShared"
+                            label="Convert to Shared Mailbox"
+                          />
                           <RFFCFormSwitch
                             name="HideFromGAL"
                             label="Hide from Global Address List"
                           />
-                        </CCol>
-                        <CCol>
                           <RFFCFormSwitch
-                            name="ConvertToShared"
-                            label="Convert to Shared Mailbox"
+                            name="removeCalendarInvites"
+                            label="Cancel all calendar invites"
                           />
-                          <RFFCFormSwitch name="DisableSignIn" label="Disable Sign in" />
-                          <RFFCFormSwitch name="ResetPass" label="Reset Password" />
-                          <RFFCFormSwitch name="RemoveGroups" label="Remove from all groups" />
-
+                          <RFFCFormSwitch
+                            name="removePermissions"
+                            label="Remove users mailbox permissions"
+                          />
+                          <RFFCFormSwitch name="RemoveRules" label="Remove all Rules" />
                           <RFFCFormSwitch
                             name="keepCopy"
                             label="Keep copy of forwarded mail in source mailbox"
                           />
+                          <RFFCFormSwitch name="RemoveMobile" label="Remove all Mobile Devices" />
+                        </CCol>
+                        <CCol>
+                          <RFFCFormSwitch name="RemoveGroups" label="Remove from all groups" />
+                          <RFFCFormSwitch name="RemoveLicenses" label="Remove Licenses" />
+                          <RFFCFormSwitch name="RevokeSessions" label="Revoke all sessions" />
+                          <RFFCFormSwitch name="DisableSignIn" label="Disable Sign in" />
+                          <RFFCFormSwitch name="ResetPass" label="Reset Password" />
+                          <RFFCFormSwitch name="DeleteUser" label="Delete user" />
                         </CCol>
                       </CRow>
                       <CRow className="mb-3">