Merge pull request #324 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 02050700fd74 · 2025-06-20T16:10:35.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1 b/Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1
@@ -123,6 +123,12 @@ function Test-CIPPAccess {
         }
 
         $BaseRole = $null
+
+        if ($User.userRoles -contains 'superadmin') {
+            $User.userRoles = @('superadmin')
+        } elseif ($User.userRoles -contains 'admin') {
+            $User.userRoles = @('admin')
+        }
         foreach ($Role in $BaseRoles.PSObject.Properties) {
             foreach ($UserRole in $User.userRoles) {
                 if ($Role.Name -eq $UserRole) {
@@ -131,6 +137,7 @@ function Test-CIPPAccess {
                 }
             }
         }
+
     }
 
     # Check base role permissions before continuing to custom roles
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecBECRemediate {
+function Invoke-ExecBECRemediate {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -54,7 +54,7 @@ Function Invoke-ExecBECRemediate {
             "Failed to disable $RuleFailed Inbox Rules for $Username"
         }
         $StatusCode = [HttpStatusCode]::OK
-        Write-LogMessage -API 'BECRemediate' -tenant $TenantFilter -message "Executed Remediation for $Username" -sev 'Info'
+        Write-LogMessage -API 'BECRemediate' -tenant $TenantFilter -message "Executed Remediation for $Username" -sev 'Info' -LogData @($Results)
 
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-NormalizedError.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-NormalizedError.ps1
@@ -43,7 +43,7 @@ function Get-NormalizedError {
         'Response status code does not indicate success: 400 (Bad Request).' { 'Error 400 occured. There is an issue with the token configuration for this tenant. Please perform an access check' }
         '*Microsoft.Skype.Sync.Pstn.Tnm.Common.Http.HttpResponseException*' { 'Could not connect to Teams Admin center - Tenant might be missing a Teams license' }
         '*Provide valid credential.*' { 'Error 400: There is an issue with your Exchange Token configuration. Please perform an access check for this tenant' }
-        '*This indicate that a subscription within the tenant has lapsed*' { 'There is subscription for this service available, Check licensing information.' }
+        '*This indicate that a subscription within the tenant has lapsed*' { 'There is no subscription for this service available, Check licensing information.' }
         '*User was not found.*' { 'The relationship between this tenant and the partner has been dissolved from the tenant side.' }
         '*AADSTS50020*' { 'AADSTS50020: The user you have used for your Secure Application Model is a guest in this tenant, or your are using GDAP and have not added the user to the correct group. Please delete the guest user to gain access to this tenant' }
         '*AADSTS50177' { 'AADSTS50177: The user you have used for your Secure Application Model is a guest in this tenant, or your are using GDAP and have not added the user to the correct group. Please delete the guest user to gain access to this tenant' }
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1
@@ -69,6 +69,7 @@ function Invoke-CIPPStandardExcludedfileExt {
     if ($Settings.alert -eq $true) {
 
         if ($MissingExclusions) {
+            Write-StandardsAlert -message 'Exclude File Extensions from Syncing missing some extensions.' -object $MissingExclusions -tenant $Tenant -standardName 'ExcludedfileExt' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files does not contain $($MissingExclusions -join ',')" -sev Alert
         } else {
             Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files contains $($Settings.ext)" -sev Info
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardQuarantineRequestAlert.ps1
@@ -78,7 +78,9 @@ function Invoke-CIPPStandardQuarantineRequestAlert {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Quarantine Request Alert is enabled' -sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Quarantine Request Alert is disabled' -sev Info
+            $Message = 'Quarantine Request Alert is not enabled.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'QuarantineRequestAlerts' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -sev Info
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1
@@ -58,7 +58,9 @@ function Invoke-CIPPStandardSPAzureB2B {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Azure B2B is enabled' -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Azure B2B is not enabled' -Sev Alert
+            $Message = 'SharePoint Azure B2B is not enabled.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPAzureB2B' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1
@@ -39,27 +39,29 @@ function Invoke-CIPPStandardSPDirectSharing {
 
     if ($Settings.remediate -eq $true) {
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Sharing Restriction is already enabled' -Sev Info
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Default Direct Sharing is already enabled' -Sev Info
         } else {
             $Properties = @{
                 DefaultSharingLinkType = 1
             }
 
             try {
                 Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
-                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set the SharePoint Sharing Restriction to Direct' -Sev Info
+                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set the SharePoint Default Direct Sharing to Direct' -Sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set the SharePoint Sharing Restriction to Direct. Error: $ErrorMessage" -Sev Error
+                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set the SharePoint Default Direct Sharing to Direct. Error: $ErrorMessage" -Sev Error
             }
         }
     }
 
     if ($Settings.alert -eq $true) {
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Sharing Restriction is enabled' -Sev Info
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Direct Sharing is enabled' -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Sharing Restriction is not enabled' -Sev Alert
+            $Message = 'SharePoint Default Direct Sharing is not enabled.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPDirectSharing' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1
@@ -57,9 +57,11 @@ function Invoke-CIPPStandardSPDisableLegacyWorkflows {
 
     if ($Settings.alert -eq $true) {
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Legacy Workflows are disabled' -Sev Info
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Legacy Workflows are disabled' -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Legacy Workflows are enabled' -Sev Info
+            $Message = 'SharePoint Legacy Workflows is not disabled.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPDisableLegacyWorkflows' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Info
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1
@@ -59,7 +59,9 @@ function Invoke-CIPPStandardSPDisallowInfectedFiles {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $tenant -Message 'Downloading SharePoint infected files are disallowed.' -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -tenant $tenant -Message 'Downloading SharePoint infected files are allowed.' -Sev Alert
+            $Message = 'Downloading SharePoint infected files is not set to the desired value.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPDisallowInfectedFiles' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $tenant -Message $Message -Sev Alert
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1
@@ -66,7 +66,9 @@ function Invoke-CIPPStandardSPEmailAttestation {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Re-authentication with verification code is restricted.' -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Re-authentication with verification code is not restricted.' -Sev Alert
+            $Message = 'Re-authentication with verification code is not set to the desired value.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPEmailAttestation' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1
@@ -61,7 +61,9 @@ function Invoke-CIPPStandardSPExternalUserExpiration {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'External User Expiration is enabled' -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'External User Expiration is not enabled' -Sev Alert
+            $Message = 'External User Expiration is not set to the desired value.'
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPExternalUserExpiration' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert
         }
     }
 
diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1
@@ -61,7 +61,7 @@ function Receive-CippHttpTrigger {
         } catch {
             Write-Warning "Exception occurred on HTTP trigger ($FunctionName): $($_.Exception.Message)"
             Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-                    StatusCode = [HttpStatusCode]::Forbidden
+                    StatusCode = [HttpStatusCode]::InternalServerError
                     Body       = $_.Exception.Message
                 })
         }
diff --git a/version_latest.txt b/version_latest.txt
@@ -1 +1 @@
-8.0.3
+8.1.0

Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,12 @@ function Test-CIPPAccess {`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`$BaseRole = $null`
	`126`	`+`
	`127`	`+ if ($User.userRoles -contains 'superadmin') {`
	`128`	`+ $User.userRoles = @('superadmin')`
	`129`	`+ } elseif ($User.userRoles -contains 'admin') {`
	`130`	`+ $User.userRoles = @('admin')`
	`131`	`+ }`
`126`	`132`	`foreach ($Role in $BaseRoles.PSObject.Properties) {`
`127`	`133`	`foreach ($UserRole in $User.userRoles) {`
`128`	`134`	`if ($Role.Name -eq $UserRole) {`
`@@ -131,6 +137,7 @@ function Test-CIPPAccess {`
`131`	`137`	`}`
`132`	`138`	`}`
`133`	`139`	`}`
	`140`	`+`
`134`	`141`	`}`
`135`	`142`
`136`	`143`	`# Check base role permissions before continuing to custom roles`
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,9 @@ function Invoke-CIPPStandardQuarantineRequestAlert {`
`78`	`78`	`if ($StateIsCorrect -eq $true) {`
`79`	`79`	`Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Quarantine Request Alert is enabled' -sev Info`
`80`	`80`	`} else {`
`81`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Quarantine Request Alert is disabled' -sev Info`
	`81`	`+ $Message = 'Quarantine Request Alert is not enabled.'`
	`82`	`+ Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'QuarantineRequestAlerts' -standardId $Settings.standardId`
	`83`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -sev Info`
`82`	`84`	`}`
`83`	`85`	`}`
`84`	`86`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,9 @@ function Invoke-CIPPStandardSPAzureB2B {`
`58`	`58`	`if ($StateIsCorrect -eq $true) {`
`59`	`59`	`Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Azure B2B is enabled' -Sev Info`
`60`	`60`	`} else {`
`61`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Azure B2B is not enabled' -Sev Alert`
	`61`	`+ $Message = 'SharePoint Azure B2B is not enabled.'`
	`62`	`+ Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPAzureB2B' -standardId $Settings.standardId`
	`63`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert`
`62`	`64`	`}`
`63`	`65`	`}`
`64`	`66`
Original file line number	Diff line number	Diff line change
`@@ -39,27 +39,29 @@ function Invoke-CIPPStandardSPDirectSharing {`
`39`	`39`
`40`	`40`	`if ($Settings.remediate -eq $true) {`
`41`	`41`	`if ($StateIsCorrect -eq $true) {`
`42`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Sharing Restriction is already enabled' -Sev Info`
	`42`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Default Direct Sharing is already enabled' -Sev Info`
`43`	`43`	`} else {`
`44`	`44`	`$Properties = @{`
`45`	`45`	`DefaultSharingLinkType = 1`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`try {`
`49`	`49`	`Get-CIPPSPOTenant -TenantFilter $Tenant \| Set-CIPPSPOTenant -Properties $Properties`
`50`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set the SharePoint Sharing Restriction to Direct' -Sev Info`
	`50`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set the SharePoint Default Direct Sharing to Direct' -Sev Info`
`51`	`51`	`} catch {`
`52`	`52`	`$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message`
`53`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set the SharePoint Sharing Restriction to Direct. Error: $ErrorMessage" -Sev Error`
	`53`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set the SharePoint Default Direct Sharing to Direct. Error: $ErrorMessage" -Sev Error`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`if ($Settings.alert -eq $true) {`
`59`	`59`	`if ($StateIsCorrect -eq $true) {`
`60`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Sharing Restriction is enabled' -Sev Info`
	`60`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Direct Sharing is enabled' -Sev Info`
`61`	`61`	`} else {`
`62`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Sharing Restriction is not enabled' -Sev Alert`
	`62`	`+ $Message = 'SharePoint Default Direct Sharing is not enabled.'`
	`63`	`+ Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPDirectSharing' -standardId $Settings.standardId`
	`64`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert`
`63`	`65`	`}`
`64`	`66`	`}`
`65`	`67`
Original file line number	Diff line number	Diff line change
`@@ -57,9 +57,11 @@ function Invoke-CIPPStandardSPDisableLegacyWorkflows {`
`57`	`57`
`58`	`58`	`if ($Settings.alert -eq $true) {`
`59`	`59`	`if ($StateIsCorrect -eq $true) {`
`60`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Legacy Workflows are disabled' -Sev Info`
	`60`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint Legacy Workflows are disabled' -Sev Info`
`61`	`61`	`} else {`
`62`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Legacy Workflows are enabled' -Sev Info`
	`62`	`+ $Message = 'SharePoint Legacy Workflows is not disabled.'`
	`63`	`+ Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPDisableLegacyWorkflows' -standardId $Settings.standardId`
	`64`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Info`
`63`	`65`	`}`
`64`	`66`	`}`
`65`	`67`
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,9 @@ function Invoke-CIPPStandardSPDisallowInfectedFiles {`
`59`	`59`	`if ($StateIsCorrect -eq $true) {`
`60`	`60`	`Write-LogMessage -API 'Standards' -tenant $tenant -Message 'Downloading SharePoint infected files are disallowed.' -Sev Info`
`61`	`61`	`} else {`
`62`		`- Write-LogMessage -API 'Standards' -tenant $tenant -Message 'Downloading SharePoint infected files are allowed.' -Sev Alert`
	`62`	`+ $Message = 'Downloading SharePoint infected files is not set to the desired value.'`
	`63`	`+ Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPDisallowInfectedFiles' -standardId $Settings.standardId`
	`64`	`+ Write-LogMessage -API 'Standards' -tenant $tenant -Message $Message -Sev Alert`
`63`	`65`	`}`
`64`	`66`	`}`
`65`	`67`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,9 @@ function Invoke-CIPPStandardSPEmailAttestation {`
`66`	`66`	`if ($StateIsCorrect -eq $true) {`
`67`	`67`	`Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Re-authentication with verification code is restricted.' -Sev Info`
`68`	`68`	`} else {`
`69`		`- Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Re-authentication with verification code is not restricted.' -Sev Alert`
	`69`	`+ $Message = 'Re-authentication with verification code is not set to the desired value.'`
	`70`	`+ Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'SPEmailAttestation' -standardId $Settings.standardId`
	`71`	`+ Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert`
`70`	`72`	`}`
`71`	`73`	`}`
`72`	`74`