Merge pull request KelvinTegelaar#1539 from kris6673/fix-SP-standards-speed

KelvinTegelaar · web-flow · commit 189ccf016d73 · 2025-07-02T11:41:10.000+02:00
Feat: Speed up SP standards and deprecate SPDirectSharing
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDefaultSharingLink.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDefaultSharingLink.ps1
@@ -7,20 +7,22 @@ function Invoke-CIPPStandardDefaultSharingLink {
     .SYNOPSIS
         (Label) Set Default Sharing Link Settings
     .DESCRIPTION
-        (Helptext) Sets the default sharing link type to Internal and permission to View in SharePoint and OneDrive.
-        (DocsDescription) Sets the default sharing link type to Internal and permission to View in SharePoint and OneDrive.
+        (Helptext) Configure the SharePoint default sharing link type and permission. This setting controls both the type of sharing link created by default and the permission level assigned to those links.
+        (DocsDescription) Sets the default sharing link type (Direct or Internal) and permission (View) in SharePoint and OneDrive. Direct sharing means links only work for specific people, while Internal sharing means links work for anyone in the organization.
     .NOTES
         CAT
             SharePoint Standards
         TAG
         ADDEDCOMPONENT
+            [{"type":"autoComplete","multiple":false,"creatable":false,"label":"Default Sharing Link Type","name":"standards.DefaultSharingLink.SharingLinkType","options":[{"label":"Direct - Only specific people","value":"Direct"},{"label":"Internal - Anyone in the organization","value":"Internal"}]}]
         IMPACT
             Medium Impact
         ADDEDDATE
             2025-06-13
         POWERSHELLEQUIVALENT
-            Set-SPOTenant -DefaultSharingLinkType Internal -DefaultLinkPermission View
+            Set-SPOTenant -DefaultSharingLinkType [Direct|Internal] -DefaultLinkPermission View
         RECOMMENDEDBY
+            CIS
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
@@ -29,35 +31,63 @@ function Invoke-CIPPStandardDefaultSharingLink {
 
     param($Tenant, $Settings)
 
+    # Determine the desired sharing link type (default to Internal if not specified)
+    $DesiredSharingLinkType = $Settings.SharingLinkType.value ?? 'Internal'
+
+    # Map the string values to numeric values for SharePoint
+    $SharingLinkTypeMap = @{
+        'Direct'   = 1
+        'Internal' = 2
+        'Anyone'   = 3
+    }
+    $DesiredSharingLinkTypeValue = $SharingLinkTypeMap[$DesiredSharingLinkType]
+
     $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant |
-        Select-Object -Property DefaultSharingLinkType, DefaultLinkPermission
+        Select-Object -Property _ObjectIdentity_, TenantFilter, DefaultSharingLinkType, DefaultLinkPermission
 
-    $StateIsCorrect = ($CurrentState.DefaultSharingLinkType -eq 2) -and ($CurrentState.DefaultLinkPermission -eq 1)
+    # Check if the current state matches the desired configuration
+    $StateIsCorrect = ($CurrentState.DefaultSharingLinkType -eq $DesiredSharingLinkTypeValue) -and ($CurrentState.DefaultLinkPermission -eq 1)
 
     if ($Settings.remediate -eq $true) {
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Default sharing link settings are already configured correctly' -Sev Info
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Default sharing link settings are already configured correctly (Type: $DesiredSharingLinkType, Permission: View)" -Sev Info
         } else {
             $Properties = @{
-                DefaultSharingLinkType = 2  # Internal
+                DefaultSharingLinkType = $DesiredSharingLinkTypeValue
                 DefaultLinkPermission  = 1  # View
             }
 
             try {
-                Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
-                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set default sharing link settings' -Sev Info
+                $CurrentState | Set-CIPPSPOTenant -Properties $Properties
+                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Successfully set default sharing link settings (Type: $DesiredSharingLinkType, Permission: View)" -Sev Info
             } catch {
-                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set default sharing link settings. Error: $ErrorMessage" -Sev Error
+                $ErrorMessage = Get-CippException -Exception $_
+                Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set default sharing link settings. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
             }
         }
     }
 
     if ($Settings.alert -eq $true) {
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Default sharing link settings are configured correctly' -Sev Info
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Default sharing link settings are configured correctly (Type: $DesiredSharingLinkType, Permission: View)" -Sev Info
         } else {
-            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Default sharing link settings are not configured correctly' -Sev Alert
+            # Determine current values for alert message
+            $CurrentSharingType = switch ($CurrentState.DefaultSharingLinkType) {
+                1 { 'Direct' }
+                2 { 'Internal' }
+                3 { 'Anyone' }
+                default { 'Unknown' }
+            }
+            $CurrentPermission = switch ($CurrentState.DefaultLinkPermission) {
+                0 { 'Edit' }
+                1 { 'View' }
+                2 { 'Edit' }
+                default { 'Unknown' }
+            }
+
+            $Message = "Default sharing link settings are not configured correctly. Current: Type=$CurrentSharingType, Permission=$CurrentPermission. Expected: Type=$DesiredSharingLinkType, Permission=View"
+            Write-StandardsAlert -message $Message -object $CurrentState -tenant $Tenant -standardName 'DefaultSharingLink' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -Tenant $Tenant -Message $Message -Sev Alert
         }
     }
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPAzureB2B.ps1
@@ -32,7 +32,7 @@ function Invoke-CIPPStandardSPAzureB2B {
     param($Tenant, $Settings)
 
     $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant |
-        Select-Object -Property EnableAzureADB2BIntegration
+        Select-Object -Property _ObjectIdentity_, TenantFilter, EnableAzureADB2BIntegration
 
     $StateIsCorrect = ($CurrentState.EnableAzureADB2BIntegration -eq $true)
 
@@ -45,7 +45,7 @@ function Invoke-CIPPStandardSPAzureB2B {
             }
 
             try {
-                Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
+                $CurrentState | Set-CIPPSPOTenant -Properties $Properties
                 Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set the SharePoint Azure B2B to enabled' -Sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDirectSharing.ps1
@@ -32,8 +32,10 @@ function Invoke-CIPPStandardSPDirectSharing {
 
     param($Tenant, $Settings)
 
+    Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'This standard has been deprecated in favor of the "Set Default Sharing Link Settings" standard. Please update your standards to use new standard. However this will continue to function.' -Sev Alert
+
     $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant |
-        Select-Object -Property DefaultSharingLinkType
+        Select-Object -Property _ObjectIdentity_, TenantFilter, DefaultSharingLinkType
 
     $StateIsCorrect = ($CurrentState.DefaultSharingLinkType -eq 'Direct' -or $CurrentState.DefaultSharingLinkType -eq 1)
 
@@ -46,7 +48,7 @@ function Invoke-CIPPStandardSPDirectSharing {
             }
 
             try {
-                Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
+                $CurrentState | Set-CIPPSPOTenant -Properties $Properties
                 Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set the SharePoint Default Direct Sharing to Direct' -Sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisableLegacyWorkflows.ps1
@@ -46,7 +46,7 @@ function Invoke-CIPPStandardSPDisableLegacyWorkflows {
             }
 
             try {
-                Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
+                $CurrentState | Set-CIPPSPOTenant -Properties $Properties
                 Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully disabled Legacy Workflows' -Sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPDisallowInfectedFiles.ps1
@@ -33,7 +33,7 @@ function Invoke-CIPPStandardSPDisallowInfectedFiles {
     param($Tenant, $Settings)
 
     $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant |
-        Select-Object -Property DisallowInfectedFileDownload
+        Select-Object -Property _ObjectIdentity_, TenantFilter, DisallowInfectedFileDownload
 
     $StateIsCorrect = ($CurrentState.DisallowInfectedFileDownload -eq $true)
 
@@ -46,7 +46,7 @@ function Invoke-CIPPStandardSPDisallowInfectedFiles {
             }
 
             try {
-                Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
+                $CurrentState | Set-CIPPSPOTenant -Properties $Properties
                 Write-LogMessage -API 'Standards' -tenant $tenant -Message 'Successfully disallowed downloading SharePoint infected files.' -Sev Info
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPEmailAttestation.ps1
@@ -33,7 +33,7 @@ function Invoke-CIPPStandardSPEmailAttestation {
 
     param($Tenant, $Settings)
 
-    $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant | Select-Object -Property EmailAttestationReAuthDays, EmailAttestationRequired
+    $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant | Select-Object -Property _ObjectIdentity_, TenantFilter, EmailAttestationReAuthDays, EmailAttestationRequired
 
     $StateIsCorrect = ($CurrentState.EmailAttestationReAuthDays -eq [int]$Settings.Days) -and
     ($CurrentState.EmailAttestationRequired -eq $true)
@@ -48,7 +48,7 @@ function Invoke-CIPPStandardSPEmailAttestation {
             }
 
             try {
-                $Response = Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
+                $Response = $CurrentState | Set-CIPPSPOTenant -Properties $Properties
                 if ($Response.ErrorInfo.ErrorMessage) {
                     $ErrorMessage = Get-NormalizedError -Message $Response.ErrorInfo.ErrorMessage
                     Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Failed to set re-authentication with verification code restriction. Error: $ErrorMessage" -Sev Error
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSPExternalUserExpiration.ps1
@@ -33,7 +33,7 @@ function Invoke-CIPPStandardSPExternalUserExpiration {
     param($Tenant, $Settings)
 
     $CurrentState = Get-CIPPSPOTenant -TenantFilter $Tenant |
-    Select-Object -Property ExternalUserExpireInDays, ExternalUserExpirationRequired
+        Select-Object -Property _ObjectIdentity_, TenantFilter, ExternalUserExpireInDays, ExternalUserExpirationRequired
 
     $StateIsCorrect = ($CurrentState.ExternalUserExpireInDays -eq $Settings.Days) -and
     ($CurrentState.ExternalUserExpirationRequired -eq $true)
@@ -48,7 +48,7 @@ function Invoke-CIPPStandardSPExternalUserExpiration {
             }
 
             try {
-                Get-CIPPSPOTenant -TenantFilter $Tenant | Set-CIPPSPOTenant -Properties $Properties
+                $CurrentState | Set-CIPPSPOTenant -Properties $Properties
                 Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully set External User Expiration' -Sev Info
             } catch {
                 $ErrorMessage = Get-CippException -Exception $_

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ function Invoke-CIPPStandardSPDisableLegacyWorkflows {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`try {`
`49`		`- Get-CIPPSPOTenant -TenantFilter $Tenant \| Set-CIPPSPOTenant -Properties $Properties`
	`49`	`+ $CurrentState \| Set-CIPPSPOTenant -Properties $Properties`
`50`	`50`	`Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'Successfully disabled Legacy Workflows' -Sev Info`
`51`	`51`	`} catch {`
`52`	`52`	`$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message`