KelvinTegelaar · KelvinTegelaar · Feb 18, 2022 · Feb 5, 2022 · Feb 5, 2022 · Feb 5, 2022
diff --git a/AddTeam/run.ps1 b/AddTeam/run.ps1
@@ -25,7 +25,7 @@ try {
 
     $TeamsSettings = [PSCustomObject]@{
         "[email protected]" = "https://graph.microsoft.com/v1.0/teamsTemplates('standard')"
-        "visibility"          = "Public"
+        "visibility"          = $userobj.visibility
         "displayName"         = $userobj.displayname
         "description"         = $userobj.description
         "members"             = @($owners)

diff --git a/BestPracticeAnalyser_All/run.ps1 b/BestPracticeAnalyser_All/run.ps1
@@ -42,6 +42,7 @@ $Result = [PSCustomObject]@{
     DisabledSharedMailboxLogins      = ""
     DisabledSharedMailboxLoginsCount = ""
     UnusedLicensesCount              = ""
+    UnusedLicensesTotal              = ""
     UnusedLicensesResult             = ""
     UnusedLicenseList                = ""
     SecureScoreCurrent               = ""
@@ -78,24 +79,14 @@ catch {
     Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Privacy Enabled State on $($tenant) Error: $($_.exception.message)" -sev "Error"
 }
 
-
-# Build up and enter an Exchange PSSession for the next section
-try {
-    $tokenvalue = ConvertTo-SecureString (Get-GraphToken -AppID 'a0c73c16-a7e3-4564-9a95-2bdf47383716' -RefreshToken $ENV:ExchangeRefreshToken -Scope 'https://outlook.office365.com/.default' -Tenantid $($Tenant)).Authorization -AsPlainText -Force
-    $credential = New-Object System.Management.Automation.PSCredential($upn, $tokenValue)
-    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell-liveid?DelegatedOrg=$($Tenant)&BasicAuthToOAuthConversion=true" -Credential $credential -Authentication Basic -AllowRedirection -ErrorAction Continue
-    Import-PSSession $session -ea Silentlycontinue -AllowClobber -CommandName "Get-Mailbox", "Set-mailbox", "Get-AdminAuditLogConfig", "Get-OrganizationConfig", "Enable-OrganizationCustomization" | Out-Null
-    Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Exchange PS Sesssion Generated on $($tenant) is successful" -sev "Debug"
-}
-catch {
-    Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Exchange PS Session on $($tenant) Error: $($_.exception.message)" -sev "Error"
-}
-
-
 # Get Send and Send Behalf Of
 try {
     # Send and Send Behalf Of
-    $MailboxBPA = Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox, SharedMailbox
+    $MailboxBPAParams = @{
+        ResultSize           = 'Unlimited'
+        RecipientTypeDetails = 'UserMailbox, SharedMailbox'
+    }
+    $MailboxBPA = New-ExoRequest -tenantid $Tenant -cmdlet "Get-Mailbox"
     $TotalMailboxes = $MailboxBPA | Measure-Object | Select-Object -ExpandProperty Count
     $TotalMessageCopyForSentAsEnabled = $MailboxBPA | Where-Object { $_.MessageCopyForSentAsEnabled -eq $true } | Measure-Object | Select-Object -ExpandProperty Count
     $TotalMessageCopyForSendOnBehalfEnabled = $MailboxBPA | Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $true } | Measure-Object | Select-Object -ExpandProperty Count
@@ -119,24 +110,15 @@ catch {
 
 # Get Unified Audit Log
 try {
-    $Result.UnifiedAuditLog = Get-AdminAuditLogConfig | Select-Object -ExpandProperty UnifiedAuditLogIngestionEnabled
+    $EXOAdminAuditLogConfig = New-ExoRequest -tenantid $Tenant -cmdlet "Get-AdminAuditLogConfig"
+    $Result.UnifiedAuditLog = $EXOAdminAuditLogConfig | Select-Object -ExpandProperty UnifiedAuditLogIngestionEnabled
     Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Unified Audit Log on $($tenant) is $($Result.UnifiedAuditLog)" -sev "Debug"
 
 }
 catch {
     Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Unified Audit Log on $($tenant). Error: $($_.exception.message)" -sev "Error"
 }
 
-
-# Important to clean up the remote session
-try {
-    Get-PSSession | Remove-PSSession
-}
-catch {
-    Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Error cleaning up PSSession on $($tenant). Error: $($_.exception.message)" -sev "Error"
-}
-
-
 # Get Basic Auth States
 try {
     $BasicAuthDisable = Invoke-RestMethod -ContentType "application/json;charset=UTF-8" -Uri 'https://admin.microsoft.com/admin/api/services/apps/modernAuth' -Method GET -Headers @{
@@ -244,13 +226,19 @@ try {
         'X-Requested-With'       = 'XMLHttpRequest' 
     }
 
-    $WhiteListedSKUs = "FLOW_FREE", "TEAMS_EXPLORATORY", "TEAMS_COMMERCIAL_TRIAL", "POWERAPPS_VIRAL", "POWER_BI_STANDARD", "DYN365_ENTERPRISE_P1_IW"
+    $WhiteListedSKUs = "FLOW_FREE", "TEAMS_EXPLORATORY", "TEAMS_COMMERCIAL_TRIAL", "POWERAPPS_VIRAL", "POWER_BI_STANDARD", "DYN365_ENTERPRISE_P1_IW", "STREAM", "Dynamics 365 for Financials for IWs", "POWERAPPS_PER_APP_IW"
     $UnusedLicenses = $LicenseUsage | Where-Object { ($_.Purchased -ne $_.Consumed) -and ($WhiteListedSKUs -notcontains $_.AccountSkuId.SkuPartNumber) }
     $UnusedLicensesCount = $UnusedLicenses | Measure-Object | Select-Object -ExpandProperty Count
     $UnusedLicensesResult = if ($UnusedLicensesCount -gt 0) { "FAIL" } else { "PASS" }
     $Result.UnusedLicenseList = ($UnusedLicensesListBuilder = foreach ($License in $UnusedLicenses) {
             "SKU: $($License.AccountSkuId.SkuPartNumber), Purchased: $($License.Purchased), Consumed: $($License.Consumed)"
         }) -join "<br />"
+
+    $TempCount = 0
+    foreach ($License in $UnusedLicenses) {
+        $TempCount = $TempCount + ($($License.Purchased) - $($License.Consumed))
+    }
+    $Result.UnusedLicensesTotal = $TempCount
     $Result.UnusedLicensesCount = $UnusedLicensesCount
     $Result.UnusedLicensesResult = $UnusedLicensesResult
     Log-request -API "BestPracticeAnalyser" -tenant $tenant -message "Unused Licenses on $($tenant). $($Result.UnusedLicensesCount) total not matching" -sev "Debug"

diff --git a/Config/4d9206b0-4f96-41e6-86a5-f78cdcff5069.IntuneTemplate.json b/Config/4d9206b0-4f96-41e6-86a5-f78cdcff5069.IntuneTemplate.json
@@ -1,7 +1,7 @@
 {
   "Displayname": "CIPP Default: Set screen lock time to 5 minutes",
   "Description": "Sets the screen to lock after 5 minutes of inactivity.",
-  "RAWJson": "{\"name\":\"Set Screen Lockout to 5 minutes\",\"description\":\"\",\"platforms\":\"windows10\",\"technologies\":\"mdm\",\"roleScopeTagIds\":[\"0\"],\"settings\":[{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSetting\",\"settingInstance\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance\",\"settingDefinitionId\":\"device_vendor_msft_policy_config_localpoliciessecurityoptions_interactivelogon_machineinactivitylimit_v2\",\"simpleSettingValue\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationIntegerSettingValue\",\"value\":5}}}]}",
+  "RAWJson": "{\"name\":\"Set Screen Lockout to 5 minutes\",\"description\":\"\",\"platforms\":\"windows10\",\"technologies\":\"mdm\",\"roleScopeTagIds\":[\"0\"],\"settings\":[{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSetting\",\"settingInstance\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance\",\"settingDefinitionId\":\"device_vendor_msft_policy_config_localpoliciessecurityoptions_interactivelogon_machineinactivitylimit_v2\",\"simpleSettingValue\":{\"@odata.type\":\"#microsoft.graph.deviceManagementConfigurationIntegerSettingValue\",\"value\":300}}}]}",
   "Type": "Catalog",
   "GUID": "4d9206b0-4f96-41e6-86a5-f78cdcff5069"
 }