Skip to content

Commit 8433bf1

Browse files
authored
Merge pull request #1844 from KelvinTegelaar/dev
Dev to hotfix
2 parents 653be22 + 7ec3326 commit 8433bf1

File tree

67 files changed

+513
-276
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

67 files changed

+513
-276
lines changed

Modules/CIPPCore/Public/Add-CIPPWin32LobAppContent.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ function Add-CIPPWin32LobAppContent {
138138
if ($CommitStateReq.uploadState -like '*fail*') {
139139
$errorMsg = "Commit failed. Upload state: $($CommitStateReq.uploadState)"
140140
if ($Headers) {
141-
Write-LogMessage -Headers $Headers -API $APIName -message $errorMsg -Sev 'Warning' -tenant $TenantFilter
141+
Write-LogMessage -Headers $Headers -API $APIName -message $errorMsg -sev 'Warn' -tenant $TenantFilter
142142
}
143143
throw $errorMsg
144144
}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertQuarantineReleaseRequests.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
#Add rerun protection: This Monitor can only run once every hour.
1515
$Rerun = Test-CIPPRerun -TenantFilter $TenantFilter -Type 'ExchangeMonitor' -API 'Get-CIPPAlertQuarantineReleaseRequests'
1616
if ($Rerun) {
17-
return $true
17+
return
1818
}
1919
$HasLicense = Test-CIPPStandardLicense -StandardName 'QuarantineReleaseRequests' -TenantFilter $TenantFilter -RequiredCapabilities @(
2020
'EXCHANGE_S_STANDARD',
@@ -25,7 +25,7 @@
2525
)
2626

2727
if (-not $HasLicense) {
28-
return $true
28+
return
2929
}
3030

3131
try {

Modules/CIPPCore/Public/Authentication/Test-IpInRange.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,15 +31,15 @@ function Test-IpInRange {
3131
$IP = [System.Net.IPAddress]::Parse($IPAddress)
3232
$rangeParts = $Range -split '/'
3333
$networkAddr = [System.Net.IPAddress]::Parse($rangeParts[0])
34-
$prefix = [int]$rangeParts[1]
34+
$maxBits = if ($networkAddr.AddressFamily -eq 'InterNetworkV6') { 128 } else { 32 }
35+
$prefix = if ($rangeParts.Count -gt 1) { [int]$rangeParts[1] } else { $maxBits }
3536

3637
if ($networkAddr.AddressFamily -ne $IP.AddressFamily) {
3738
return $false
3839
}
3940

4041
$ipBig = ConvertIpToBigInteger $IP
4142
$netBig = ConvertIpToBigInteger $networkAddr
42-
$maxBits = if ($networkAddr.AddressFamily -eq 'InterNetworkV6') { 128 } else { 32 }
4343
$shift = $maxBits - $prefix
4444
$mask = [System.Numerics.BigInteger]::Pow(2, $shift) - [System.Numerics.BigInteger]::One
4545
$invertedMask = [System.Numerics.BigInteger]::MinusOne -bxor $mask

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPOffboardingComplete.ps1

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ function Push-CIPPOffboardingComplete {
1515
$TaskInfo = $Item.Parameters.TaskInfo
1616
$TenantFilter = $Item.Parameters.TenantFilter
1717
$Username = $Item.Parameters.Username
18+
$Headers = $Item.Parameters.Headers
1819
$Results = $Item.Results # Results come from orchestrator, not Parameters
1920

2021
try {
@@ -102,19 +103,19 @@ function Push-CIPPOffboardingComplete {
102103
TaskState = 'Completed'
103104
}
104105

105-
Write-LogMessage -API 'Offboarding' -tenant $TenantFilter -message "Offboarding completed successfully for $Username" -sev Info
106+
Write-LogMessage -API 'Offboarding' -tenant $TenantFilter -message "Offboarding completed successfully for $Username" -sev Info -headers $Headers
106107

107108
# Send post-execution alerts if configured
108109
if ($TaskInfo.PostExecution -and $ProcessedResults) {
109110
Send-CIPPScheduledTaskAlert -Results $ProcessedResults -TaskInfo $TaskInfo -TenantFilter $TenantFilter
110111
}
111112
}
112-
113+
Write-LogMessage -API 'Offboarding' -tenant $TenantFilter -message "Offboarding completed for $Username" -sev Info -headers $Headers
113114
return "Offboarding completed for $Username"
114115

115116
} catch {
116117
$ErrorMsg = "Failed to complete offboarding for $Username : $($_.Exception.Message)"
117-
Write-LogMessage -API 'Offboarding' -tenant $TenantFilter -message $ErrorMsg -sev Error
118+
Write-LogMessage -API 'Offboarding' -tenant $TenantFilter -message $ErrorMsg -sev Error -headers $Headers -LogData (Get-CippException -Exception $_)
118119
throw $ErrorMsg
119120
}
120121
}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPOffboardingTask.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ function Push-CIPPOffboardingTask {
1919
Write-Information "Executing offboarding cmdlet: $Cmdlet"
2020

2121
# Check if cmdlet exists
22-
$CmdletInfo = Get-Command -Name $Cmdlet -ErrorAction SilentlyContinue
22+
$CmdletInfo = Get-Command -Name $Cmdlet -Module CIPPCore -ErrorAction SilentlyContinue
2323
if (-not $CmdletInfo) {
2424
throw "Cmdlet $Cmdlet does not exist"
2525
}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -317,13 +317,12 @@ function Push-ExecScheduledCommand {
317317
}
318318
Write-LogMessage -API 'Scheduler_UserTasks' -tenant $Tenant -tenantid $TenantInfo.customerId -message "Failed to execute task $($task.Name): $errorMessage" -sev Error -LogData (Get-CippExceptionData -Exception $_.Exception)
319319
}
320-
Write-Information 'Sending task results to target. Updating the task state.'
321320

322321
# For orchestrator-based commands, skip post-execution alerts as they will be handled by the orchestrator's post-execution function
323322
if ($Results -and $Item.Command -notin $OrchestratorBasedCommands) {
323+
Write-Information "Sending task results to post execution target(s): $($Task.PostExecution -join ', ')."
324324
Send-CIPPScheduledTaskAlert -Results $Results -TaskInfo $task -TenantFilter $Tenant -TaskType $TaskType
325325
}
326-
Write-Information 'Sent the results to the target. Updating the task state.'
327326

328327
try {
329328
# For orchestrator-based commands, skip task state update as it will be handled by post-execution

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ListScheduledItemDetails.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ function Invoke-ListScheduledItemDetails {
119119
}
120120
} catch {
121121
# If JSON parsing fails, use raw value
122-
Write-LogMessage -API $APIName -message "Error parsing Task.Results as JSON: $_" -Sev 'Warning'
122+
Write-LogMessage -API $APIName -message "Error parsing Task.Results as JSON: $_" -sev 'Warn'
123123
$ResultData = $Task.Results
124124
}
125125
} else {
@@ -155,7 +155,7 @@ function Invoke-ListScheduledItemDetails {
155155
try {
156156
$ParsedResults = $Result.Results | ConvertFrom-Json -ErrorAction Stop
157157
} catch {
158-
Write-LogMessage -API $APIName -message "Failed to parse result as JSON: $_" -Sev 'Warning'
158+
Write-LogMessage -API $APIName -message "Failed to parse result as JSON: $_" -sev 'Warn'
159159
# On failure, keep as string
160160
$ParsedResults = $Result.Results
161161
}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,7 @@ function Invoke-ExecApiClient {
192192
$Body = @{ Results = "API client $ClientId not found or not a valid CIPP-API application" }
193193
}
194194
} catch {
195-
Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -Sev 'Warning'
195+
Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Failed to remove app registration for $ClientId" -sev 'Warn'
196196
}
197197
}
198198
default {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCreateDefaultGroups.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ function Invoke-ExecCreateDefaultGroups {
1616
$Table = Get-CippTable -tablename 'TenantGroups'
1717
$Results = [System.Collections.Generic.List[object]]::new()
1818
$ExistingGroups = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'TenantGroup' and Type eq 'dynamic'"
19-
$DefaultGroups = '[{"PartitionKey":"TenantGroup","RowKey":"369d985e-0fba-48f9-844f-9f793b10a12c","Description":"This group does not have a license for intune, nor a license for Entra ID Premium","Description@type":null,"DynamicRules":"[{\"property\":\"availableServicePlan\",\"operator\":\"notIn\",\"value\":[{\"label\":\"Microsoft Intune\",\"value\":\"INTUNE_A\",\"id\":\"c1ec4a95-1f05-45b3-a911-aa3fa01094f5\"}]},{\"property\":\"availableServicePlan\",\"operator\":\"notIn\",\"value\":[{\"label\":\"Microsoft Entra ID P1\",\"value\":\"AAD_PREMIUM\",\"id\":\"41781fb2-bc02-4b7c-bd55-b576c07bb09d\"}]}]","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"and","RuleLogic@type":null,"Name":"Not Intune and Entra Premium Capable","Name@type":null},{"PartitionKey":"TenantGroup","RowKey":"4dbca08b-7dc5-4e0f-bc25-14a90c8e0941","Description":"This group has atleast one Business Premium License available","Description@type":null,"DynamicRules":"[{\"property\":\"availableLicense\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft 365 Business Premium\",\"value\":\"SPB\"}]},{\"property\":\"availableLicense\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft 365 Business Premium (no Teams)\",\"value\":\"Microsoft_365_ Business_ Premium_(no Teams)\"}]},{\"property\":\"availableLicense\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft 365 Business Premium Donation\",\"value\":\"Microsoft_365_Business_Premium_Donation_(Non_Profit_Pricing)\"}]},{\"property\":\"availableLicense\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft 365 Business Premium EEA (no Teams)\",\"value\":\"Office_365_w\/o_Teams_Bundle_Business_Premium\"}]}]","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"or","RuleLogic@type":null,"Name":"Business Premium License available","Name@type":null},{"PartitionKey":"TenantGroup","RowKey":"703c0e69-84a8-4dcf-a1c2-4986d2ccc850","Description":"This group does have a license for Entra Premium but does not have a license for Intune","Description@type":null,"DynamicRules":"[{\"property\":\"availableServicePlan\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft Entra ID P1\",\"value\":\"AAD_PREMIUM\",\"id\":\"41781fb2-bc02-4b7c-bd55-b576c07bb09d\"}]},{\"property\":\"availableServicePlan\",\"operator\":\"notIn\",\"value\":[{\"label\":\"Microsoft Intune\",\"value\":\"INTUNE_A\",\"id\":\"c1ec4a95-1f05-45b3-a911-aa3fa01094f5\"}]}]","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"and","RuleLogic@type":null,"Name":"Entra Premium Capable, Not Intune Capable","Name@type":null},{"PartitionKey":"TenantGroup","RowKey":"c1dadbc0-f0b4-448c-a2e6-e1938ba102e0","Description":"This group has Intune and Entra ID Premium available","Description@type":null,"DynamicRules":"{\"property\":\"availableServicePlan\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft Intune\",\"value\":\"INTUNE_A\"},{\"label\":\"Microsoft Entra ID P1\",\"value\":\"AAD_PREMIUM\"}]}","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"and","RuleLogic@type":null,"Name":"Entra ID Premium and Intune Capable","Name@type":null}]' | ConvertFrom-Json
19+
$DefaultGroups = '[{"PartitionKey":"TenantGroup","RowKey":"369d985e-0fba-48f9-844f-9f793b10a12c","Description":"This group does not have a license for intune, nor a license for Entra ID Premium","Description@type":null,"DynamicRules":"[{\"property\":\"availableServicePlan\",\"operator\":\"notIn\",\"value\":[{\"label\":\"Microsoft Intune\",\"value\":\"INTUNE_A\",\"id\":\"c1ec4a95-1f05-45b3-a911-aa3fa01094f5\"}]},{\"property\":\"availableServicePlan\",\"operator\":\"notIn\",\"value\":[{\"label\":\"Microsoft Entra ID P1\",\"value\":\"AAD_PREMIUM\",\"id\":\"41781fb2-bc02-4b7c-bd55-b576c07bb09d\"}]}]","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"and","RuleLogic@type":null,"Name":"Not Intune and Entra Premium Capable","Name@type":null},{"PartitionKey":"TenantGroup","RowKey":"4dbca08b-7dc5-4e0f-bc25-14a90c8e0941","Description":"This group has atleast one Business Premium License available","DynamicRules":"{\"property\":\"availableLicense\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft 365 Business Premium\",\"value\":\"SPB\",\"guid\":\"cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46\"},{\"label\":\"Microsoft 365 Business Premium (no Teams)\",\"value\":\"Microsoft_365_ Business_ Premium_(no Teams)\",\"guid\":\"00e1ec7b-e4a3-40d1-9441-b69b597ab222\"},{\"label\":\"Microsoft 365 Business Premium Donation\",\"value\":\"Microsoft_365_Business_Premium_Donation_(Non_Profit_Pricing)\",\"guid\":\"24c35284-d768-4e53-84d9-b7ae73dddf69\"},{\"label\":\"Microsoft 365 Business Premium EEA (no Teams)\",\"value\":\"Office_365_w/o_Teams_Bundle_Business_Premium\",\"guid\":\"a3f586b6-8cce-4d9b-99d6-55238397f77a\"}]}","GroupType":"dynamic","Name":"Business Premium License available","RuleLogic":"or"},{"PartitionKey":"TenantGroup","RowKey":"703c0e69-84a8-4dcf-a1c2-4986d2ccc850","Description":"This group does have a license for Entra Premium but does not have a license for Intune","Description@type":null,"DynamicRules":"[{\"property\":\"availableServicePlan\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft Entra ID P1\",\"value\":\"AAD_PREMIUM\",\"id\":\"41781fb2-bc02-4b7c-bd55-b576c07bb09d\"}]},{\"property\":\"availableServicePlan\",\"operator\":\"notIn\",\"value\":[{\"label\":\"Microsoft Intune\",\"value\":\"INTUNE_A\",\"id\":\"c1ec4a95-1f05-45b3-a911-aa3fa01094f5\"}]}]","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"and","RuleLogic@type":null,"Name":"Entra Premium Capable, Not Intune Capable","Name@type":null},{"PartitionKey":"TenantGroup","RowKey":"c1dadbc0-f0b4-448c-a2e6-e1938ba102e0","Description":"This group has Intune and Entra ID Premium available","Description@type":null,"DynamicRules":"{\"property\":\"availableServicePlan\",\"operator\":\"in\",\"value\":[{\"label\":\"Microsoft Intune\",\"value\":\"INTUNE_A\"},{\"label\":\"Microsoft Entra ID P1\",\"value\":\"AAD_PREMIUM\"}]}","DynamicRules@type":null,"GroupType":"dynamic","GroupType@type":null,"RuleLogic":"and","RuleLogic@type":null,"Name":"Entra ID Premium and Intune Capable","Name@type":null}]' | ConvertFrom-Json
2020

2121

2222
foreach ($Group in $DefaultGroups) {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecGDAPTrace.ps1

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -163,7 +163,7 @@ function Invoke-ExecAccessTest {
163163
# Filter didn't work, try direct lookup by UPN (works if UPN is unique identifier)
164164
$User = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$UPN" -tenantid $env:TenantID -NoAuthCheck $true
165165
} catch {
166-
Write-LogMessage -Headers $Headers -API $APIName -message "Could not find user $UPN in partner tenant: $($_.Exception.Message)" -Sev 'Warning'
166+
Write-LogMessage -Headers $Headers -API $APIName -message "Could not find user $UPN in partner tenant: $($_.Exception.Message)" -sev 'Warn'
167167
}
168168

169169
# If user not found, return error
@@ -212,7 +212,7 @@ function Invoke-ExecAccessTest {
212212
}
213213
}
214214
} catch {
215-
Write-LogMessage -Headers $Headers -API $APIName -message "Could not get user group memberships: $($_.Exception.Message)" -Sev 'Warning'
215+
Write-LogMessage -Headers $Headers -API $APIName -message "Could not get user group memberships: $($_.Exception.Message)" -sev 'Warn'
216216
}
217217

218218
# ============================================================================
@@ -296,7 +296,7 @@ function Invoke-ExecAccessTest {
296296
})
297297
}
298298
} catch {
299-
Write-LogMessage -Headers $Headers -API $APIName -message "Could not get access assignments for relationship ${RelationshipName}: $($_.Exception.Message)" -Sev 'Warning'
299+
Write-LogMessage -Headers $Headers -API $APIName -message "Could not get access assignments for relationship ${RelationshipName}: $($_.Exception.Message)" -sev 'Warn'
300300
}
301301
}
302302

@@ -346,7 +346,7 @@ function Invoke-ExecAccessTest {
346346

347347
Write-LogMessage -Headers $Headers -API $APIName -message "Fetched $($AllGroups.Count) total groups, $($GroupLookup.Count) in lookup" -Sev 'Debug'
348348
} catch {
349-
Write-LogMessage -Headers $Headers -API $APIName -message "Could not fetch all groups: $($_.Exception.Message). Will use fallback for missing groups." -Sev 'Warning'
349+
Write-LogMessage -Headers $Headers -API $APIName -message "Could not fetch all groups: $($_.Exception.Message). Will use fallback for missing groups." -sev 'Warn'
350350
}
351351

352352
# ========================================================================
@@ -387,12 +387,12 @@ function Invoke-ExecAccessTest {
387387
$GroupId = $Assignment.value.accessContainer.accessContainerId
388388
$Assignment = $Assignment.value
389389
} else {
390-
Write-LogMessage -Headers $Headers -API $APIName -message "Access assignment missing accessContainer: $($Assignment | ConvertTo-Json -Compress)" -Sev 'Warning'
390+
Write-LogMessage -Headers $Headers -API $APIName -message "Access assignment missing accessContainer: $($Assignment | ConvertTo-Json -Compress)" -sev 'Warn'
391391
continue
392392
}
393393

394394
if ([string]::IsNullOrWhiteSpace($GroupId)) {
395-
Write-LogMessage -Headers $Headers -API $APIName -message "Access assignment has empty accessContainerId: $($Assignment | ConvertTo-Json -Compress)" -Sev 'Warning'
395+
Write-LogMessage -Headers $Headers -API $APIName -message "Access assignment has empty accessContainerId: $($Assignment | ConvertTo-Json -Compress)" -sev 'Warn'
396396
continue
397397
}
398398

@@ -405,7 +405,7 @@ function Invoke-ExecAccessTest {
405405
}
406406

407407
if (-not $Roles -or $Roles.Count -eq 0) {
408-
Write-LogMessage -Headers $Headers -API $APIName -message "Access assignment for group $GroupId has no roles assigned" -Sev 'Warning'
408+
Write-LogMessage -Headers $Headers -API $APIName -message "Access assignment for group $GroupId has no roles assigned" -sev 'Warn'
409409
$Roles = @()
410410
}
411411

@@ -420,7 +420,7 @@ function Invoke-ExecAccessTest {
420420
id = $GroupId
421421
displayName = "Unknown Group ($GroupId)"
422422
}
423-
Write-LogMessage -Headers $Headers -API $APIName -message "Group $GroupId not found in lookup, using fallback" -Sev 'Warning'
423+
Write-LogMessage -Headers $Headers -API $APIName -message "Group $GroupId not found in lookup, using fallback" -sev 'Warn'
424424
}
425425

426426
# Process the assignment even if group lookup failed - we still have the group ID and roles
@@ -585,12 +585,12 @@ function Invoke-ExecAccessTest {
585585
} elseif ($Role -is [string]) {
586586
$RoleId = $Role
587587
} else {
588-
Write-LogMessage -Headers $Headers -API $APIName -message "Role object missing roleDefinitionId: $($Role | ConvertTo-Json -Compress)" -Sev 'Warning'
588+
Write-LogMessage -Headers $Headers -API $APIName -message "Role object missing roleDefinitionId: $($Role | ConvertTo-Json -Compress)" -sev 'Warn'
589589
continue
590590
}
591591

592592
if ([string]::IsNullOrWhiteSpace($RoleId)) {
593-
Write-LogMessage -Headers $Headers -API $APIName -message "Role has empty roleDefinitionId for group $GroupId" -Sev 'Warning'
593+
Write-LogMessage -Headers $Headers -API $APIName -message "Role has empty roleDefinitionId for group $GroupId" -sev 'Warn'
594594
continue
595595
}
596596

0 commit comments

Comments
 (0)