Merge pull request #345 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 1b706a7e2d10 · 2025-07-08T12:41:05.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Compare-CIPPIntuneObject.ps1 b/Modules/CIPPCore/Public/Compare-CIPPIntuneObject.ps1
@@ -257,7 +257,7 @@ function Compare-CIPPIntuneObject {
                         }
                     }
                 }
-                Default {
+                default {
                     if ($settingInstance.simpleSettingValue?.value) {
                         $label = if ($intuneObj?.displayName) {
                             $intuneObj.displayName
@@ -337,6 +337,9 @@ function Compare-CIPPIntuneObject {
                                         } else {
                                             $child.choiceSettingValue.value
                                         }
+                                        if (!$childValue -and $child.simpleSettingValue.value) {
+                                            $childValue = $child.simpleSettingValue.value
+                                        }
                                     }
 
                                     # Add object to our temporary list
@@ -351,7 +354,7 @@ function Compare-CIPPIntuneObject {
                         }
                     }
                 }
-                Default {
+                default {
                     if ($settingInstance.simpleSettingValue?.value) {
                         $label = if ($intuneObj?.displayName) {
                             $intuneObj.displayName
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsPolicyMigration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuthMethodsPolicyMigration.ps1
@@ -0,0 +1,59 @@
+function Invoke-CIPPStandardAuthMethodsPolicyMigration {
+    <#
+    .FUNCTIONALITY
+        Internal
+    .COMPONENT
+        (APIName) AuthMethodsPolicyMigration
+    .SYNOPSIS
+        (Label) Complete Authentication Methods Policy Migration
+    .DESCRIPTION
+        (Helptext) Completes the migration of authentication methods policy to the new format
+        (DocsDescription) Sets the authentication methods policy migration state to complete. This is required when migrating from legacy authentication policies to the new unified authentication methods policy.
+    .NOTES
+        CAT
+            Entra (AAD) Standards
+        TAG
+        ADDEDCOMPONENT
+        IMPACT
+            Medium Impact
+        ADDEDDATE
+            2025-01-08
+        POWERSHELLEQUIVALENT
+            Update-MgBetaPolicyAuthenticationMethodPolicy
+        RECOMMENDEDBY
+        UPDATECOMMENTBLOCK
+            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    .LINK
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards
+    #>
+
+    param($Tenant, $Settings)
+    $CurrentInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -tenantid $Tenant
+
+    if ($Settings.remediate -eq $true) {
+        if ($CurrentInfo.policyMigrationState -eq 'migrationComplete') {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Authentication methods policy migration is already complete.' -sev Info
+        } else {
+            try {
+                New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -tenantid $Tenant -body '{"policyMigrationState": "migrationComplete"}' -type PATCH
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Authentication methods policy migration completed successfully.' -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to complete authentication methods policy migration: $($_.Exception.Message)" -sev Error
+            }
+        }
+    }
+
+    if ($Settings.alert -eq $true) {
+        if ($CurrentInfo.policyMigrationState -ne 'migrationComplete') {
+            Write-StandardsAlert -message 'Authentication methods policy migration is not complete. Please check if you have legacy SSPR settings or MFA settings set: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage' -object $CurrentInfo -tenant $tenant -standardName 'AuthMethodsPolicyMigration' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Authentication methods policy migration is not complete' -sev Alert
+        }
+    }
+
+    if ($Settings.report -eq $true) {
+        $migrationComplete = $CurrentInfo.policyMigrationState -eq 'migrationComplete'
+        Set-CIPPStandardsCompareField -FieldName 'standards.AuthMethodsPolicyMigration' -FieldValue $migrationComplete -TenantFilter $tenant
+        Add-CIPPBPAField -FieldName 'AuthMethodsPolicyMigration' -FieldValue $migrationComplete -StoreAs bool -Tenant $tenant
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -257,7 +257,7 @@ function Compare-CIPPIntuneObject {`
`257`	`257`	`}`
`258`	`258`	`}`
`259`	`259`	`}`
`260`		`- Default {`
	`260`	`+ default {`
`261`	`261`	`if ($settingInstance.simpleSettingValue?.value) {`
`262`	`262`	`$label = if ($intuneObj?.displayName) {`
`263`	`263`	`$intuneObj.displayName`
`@@ -337,6 +337,9 @@ function Compare-CIPPIntuneObject {`
`337`	`337`	`} else {`
`338`	`338`	`$child.choiceSettingValue.value`
`339`	`339`	`}`
	`340`	`+ if (!$childValue -and $child.simpleSettingValue.value) {`
	`341`	`+ $childValue = $child.simpleSettingValue.value`
	`342`	`+ }`
`340`	`343`	`}`
`341`	`344`
`342`	`345`	`# Add object to our temporary list`
`@@ -351,7 +354,7 @@ function Compare-CIPPIntuneObject {`
`351`	`354`	`}`
`352`	`355`	`}`
`353`	`356`	`}`
`354`		`- Default {`
	`357`	`+ default {`
`355`	`358`	`if ($settingInstance.simpleSettingValue?.value) {`
`356`	`359`	`$label = if ($intuneObj?.displayName) {`
`357`	`360`	`$intuneObj.displayName`