Merge pull request #128 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Compare-CIPPIntuneObject.ps1

@@ -22,7 +22,7 @@ Function Invoke-AddTransportRule {
         try {
             if ($Existing) {
                 Write-Host 'Found existing'
-                $RequestParams | Add-Member -NotePropertyValue $RequestParams.name -NotePropertyName Identity
+                $RequestParams | Add-Member -NotePropertyValue $Existing.Identity -NotePropertyName Identity -Force
                 $null = New-ExoRequest -tenantid $tenantFilter -cmdlet 'Set-TransportRule' -cmdParams ($RequestParams | Select-Object -Property * -ExcludeProperty UseLegacyRegex) -useSystemMailbox $true
                 "Successfully set transport rule for $tenantFilter."
             } else {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Transport/Invoke-AddTransportRule.ps1

@@ -62,7 +62,11 @@ function New-ExoRequest {
             }
         }
         if (!$Anchor) {
-            $anchor = "APP:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$($tenant.customerId)"
+            $MailboxGuid = 'bb558c35-97f1-4cb9-8ff7-d53741dc928c'
+            if ($cmdlet -in 'Set-AdminAuditLogConfig') {
+                $MailboxGuid = '8cc370d3-822a-4ab8-a926-bb94bd0641a9'
+            }
+            $anchor = "APP:SystemMailbox{$MailboxGuid}@$($tenant.customerId)"
         }
         #if the anchor is a GUID, try looking up the user.
         if ($Anchor -match '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$') {

Modules/CIPPCore/Public/Get-CIPPIntunePolicy.ps1

@@ -32,28 +32,43 @@ function Invoke-CIPPStandardIntuneTemplate {
     #>
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'intuneTemplate'
-
+    $Table = Get-CippTable -tablename 'templates'
+    $Filter = "PartitionKey eq 'IntuneTemplate'"
+    $Request = @{body = $null }
+    $Request.body = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Where-Object -Property RowKey -Like "$($Settings.TemplateList.value)*").JSON | ConvertFrom-Json
+    $displayname = $request.body.Displayname
+    $description = $request.body.Description
+    $RawJSON = $Request.body.RawJSON
+    $ExistingPolicy = Get-CIPPIntunePolicy -tenantFilter $Tenant -DisplayName $displayname -TemplateType $Request.body.Type
+    if ($ExistingPolicy) {
+        $JSONExistingPolicy = $ExistingPolicy.cippconfiguration | ConvertFrom-Json
+        $JSONTemplate = $RawJSON | ConvertFrom-Json
+        $Compare = Compare-CIPPIntuneObject -ReferenceObject $JSONTemplate -DifferenceObject $JSONExistingPolicy -compareType $Request.body.Type
+    }
     If ($Settings.remediate -eq $true) {
-
         Write-Host 'starting template deploy'
         Write-Host "The full settings are $($Settings | ConvertTo-Json)"
-        foreach ($Template in $Settings) {
-            Write-Host "working on template deploy: $($Template | ConvertTo-Json)"
-            try {
-                $Table = Get-CippTable -tablename 'templates'
-                $Filter = "PartitionKey eq 'IntuneTemplate'"
-                $Request = @{body = $null }
-                $Request.body = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Where-Object -Property RowKey -Like "$($Template.TemplateList.value)*").JSON | ConvertFrom-Json
-                $displayname = $request.body.Displayname
-                $description = $request.body.Description
-                $RawJSON = $Request.body.RawJSON
-                $Template.customGroup ? ($Template.AssignTo = $Template.customGroup) : $null
-                Set-CIPPIntunePolicy -TemplateType $Request.body.Type -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $Template.AssignTo -ExcludeGroup $Template.excludeGroup -tenantFilter $Tenant
+        try {
+            $Settings.customGroup ? ($Settings.AssignTo = $Settings.customGroup) : $null
+            Set-CIPPIntunePolicy -TemplateType $Request.body.Type -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $Settings.AssignTo -ExcludeGroup $Settings.excludeGroup -tenantFilter $Tenant
+        } catch {
+            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template $displayname, Error: $ErrorMessage" -sev 'Error'
+        }
 
-            } catch {
-                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template $displayname, Error: $ErrorMessage" -sev 'Error'
-            }
+    }
+
+    if ($Settings.alert) {
+        #Replace the alert method used in standards with a prettier one, link to the report/template, link to a compare. extended table. etc
+        if ($compare) {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Policy $($displayname) does not match the expected configuration." -sev Alert
+        } else {
+            $ExistingPolicy ? (Write-LogMessage -API 'Standards' -tenant $Tenant -message "Policy $($displayname) has the correct configuration." -sev Info) : (Write-LogMessage -API 'Standards' -tenant $Tenant -message "Policy $($displayname) is missing." -sev Alert)
         }
     }
+
+    if ($Settings.report) {
+        #think about how to store this.
+        Add-CIPPBPAField -FieldName "policy-$displayname" -FieldValue $Compare -StoreAs bool -Tenant $tenant
+    }
 }

Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1

@@ -83,16 +83,16 @@ function Test-CIPPGDAPRelationships {
                         Type = 'SAM User Membership'
                     }) | Out-Null
             }
-            if ($CIPPGroupCount -lt 12) {
-                $GDAPissues.add([PSCustomObject]@{
-                        Type         = 'Warning'
-                        Issue        = "We only found $($CIPPGroupCount) of the 12 required groups. If you have migrated outside of CIPP this is to be expected. Please perform an access check to make sure you have the correct set of permissions."
-                        Tenant       = '*Partner Tenant'
-                        Relationship = 'None'
-                        Link         = 'https://docs.cipp.app/setup/gdap/troubleshooting#groups'
+        }
+        if ($CIPPGroupCount -lt 12) {
+            $GDAPissues.add([PSCustomObject]@{
+                    Type         = 'Warning'
+                    Issue        = "We only found $($CIPPGroupCount) of the 12 required groups. If you have migrated outside of CIPP this is to be expected. Please perform an access check to make sure you have the correct set of permissions."
+                    Tenant       = '*Partner Tenant'
+                    Relationship = 'None'
+                    Link         = 'https://docs.cipp.app/setup/gdap/troubleshooting#groups'
 
-                    }) | Out-Null
-            }
+                }) | Out-Null
         }
 
     } catch {