Merge pull request #477 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/CustomData/Invoke-CustomDataSync.ps1

@@ -67,7 +67,7 @@ function Invoke-CustomDataSync {
             continue
         }
         $SourceMatchProperty = $SyncConfig.DatasetConfig.sourceMatchProperty
-        $DestinationMatchProperty = $SyncConfigs.DatasetConfig.destinationMatchProperty
+        $DestinationMatchProperty = $SyncConfig.DatasetConfig.destinationMatchProperty
         $CustomDataAttribute = $SyncConfig.CustomDataAttribute
         $ExtensionSyncProperty = $SyncConfig.ExtensionSyncProperty
         $DatasetConfig = $SyncConfig.DatasetConfig

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCippReplacemap.ps1

@@ -10,7 +10,14 @@ function Invoke-ExecCippReplacemap {
 
     $Table = Get-CippTable -tablename 'CippReplacemap'
     $Action = $Request.Query.Action ?? $Request.Body.Action
-    $customerId = $Request.Query.tenantId ?? $Request.Body.tenantId
+    $TenantId = $Request.Query.tenantId ?? $Request.Body.tenantId
+    if ($TenantId -eq 'AllTenants') {
+        $customerId = $TenantId
+    } else {
+        # ensure we use a consistent id for the table storage
+        $Tenant = Get-Tenants -TenantFilter $TenantId
+        $customerId = $Tenant.customerId
+    }
 
     if (!$customerId) {
         return ([HttpResponseContext]@{
@@ -31,11 +38,13 @@ function Invoke-ExecCippReplacemap {
         'AddEdit' {
             $VariableName = $Request.Body.RowKey
             $VariableValue = $Request.Body.Value
+            $VariableDescription = $Request.Body.Description
 
             $VariableEntity = @{
                 PartitionKey = $customerId
                 RowKey       = $VariableName
                 Value        = $VariableValue
+                Description  = $VariableDescription
             }
 
             Add-CIPPAzDataTableEntity @Table -Entity $VariableEntity -Force

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ListCustomVariables.ps1

@@ -0,0 +1,272 @@
+function Invoke-ListCustomVariables {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.Core.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+
+    $HttpResponse = [HttpResponseContext]@{
+        StatusCode = [HttpStatusCode]::OK
+        Body       = @{}
+    }
+
+    try {
+        # Define reserved variables (matching Get-CIPPTextReplacement)
+        $ReservedVariables = @(
+            @{
+                Name        = 'tenantid'
+                Variable    = '%tenantid%'
+                Description = 'The tenant customer ID'
+                Type        = 'reserved'
+                Category    = 'tenant'
+            },
+            @{
+                Name        = 'tenantfilter'
+                Variable    = '%tenantfilter%'
+                Description = 'The tenant default domain name'
+                Type        = 'reserved'
+                Category    = 'tenant'
+            },
+            @{
+                Name        = 'tenantname'
+                Variable    = '%tenantname%'
+                Description = 'The tenant display name'
+                Type        = 'reserved'
+                Category    = 'tenant'
+            },
+            @{
+                Name        = 'defaultdomain'
+                Variable    = '%defaultdomain%'
+                Description = 'The tenant default domain name'
+                Type        = 'reserved'
+                Category    = 'tenant'
+            },
+            @{
+                Name        = 'initialdomain'
+                Variable    = '%initialdomain%'
+                Description = 'The tenant initial domain name'
+                Type        = 'reserved'
+                Category    = 'tenant'
+            },
+            @{
+                Name        = 'partnertenantid'
+                Variable    = '%partnertenantid%'
+                Description = 'The partner tenant ID'
+                Type        = 'reserved'
+                Category    = 'partner'
+            },
+            @{
+                Name        = 'samappid'
+                Variable    = '%samappid%'
+                Description = 'The SAM application ID'
+                Type        = 'reserved'
+                Category    = 'partner'
+            },
+            @{
+                Name        = 'cippuserschema'
+                Variable    = '%cippuserschema%'
+                Description = 'The CIPP user schema extension ID'
+                Type        = 'reserved'
+                Category    = 'cipp'
+            },
+            @{
+                Name        = 'cippurl'
+                Variable    = '%cippurl%'
+                Description = 'The CIPP instance URL'
+                Type        = 'reserved'
+                Category    = 'cipp'
+            },
+            @{
+                Name        = 'serial'
+                Variable    = '%serial%'
+                Description = 'System serial number'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'systemroot'
+                Variable    = '%systemroot%'
+                Description = 'System root directory'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'systemdrive'
+                Variable    = '%systemdrive%'
+                Description = 'System drive letter'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'temp'
+                Variable    = '%temp%'
+                Description = 'Temporary directory path'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'userprofile'
+                Variable    = '%userprofile%'
+                Description = 'User profile directory'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'username'
+                Variable    = '%username%'
+                Description = 'Current username'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'userdomain'
+                Variable    = '%userdomain%'
+                Description = 'User domain'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'windir'
+                Variable    = '%windir%'
+                Description = 'Windows directory'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'programfiles'
+                Variable    = '%programfiles%'
+                Description = 'Program Files directory'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'programfiles(x86)'
+                Variable    = '%programfiles(x86)%'
+                Description = 'Program Files (x86) directory'
+                Type        = 'reserved'
+                Category    = 'system'
+            },
+            @{
+                Name        = 'programdata'
+                Variable    = '%programdata%'
+                Description = 'Program Data directory'
+                Type        = 'reserved'
+                Category    = 'system'
+            }
+        )
+
+        # Use a hashtable to track variables by name to handle overrides
+        $VariableMap = @{}
+
+        if ($Request.Query.includeSystem -and $Request.Query.includeSystem -ne 'true') {
+            $ReservedVariables = $ReservedVariables | Where-Object { $_.Category -ne 'system' }
+        }
+
+        # Add reserved variables first
+        foreach ($Variable in $ReservedVariables) {
+            $VariableMap[$Variable.Name] = $Variable
+        }
+
+        # Get custom variables from the replace map table
+        $ReplaceTable = Get-CIPPTable -tablename 'CippReplacemap'
+
+        # Get global variables (AllTenants) - these can be overridden by tenant-specific ones
+        $GlobalVariables = Get-CIPPAzDataTableEntity @ReplaceTable -Filter "PartitionKey eq 'AllTenants'"
+        if ($GlobalVariables) {
+            foreach ($Variable in $GlobalVariables) {
+                if ($Variable.RowKey -and $Variable.Value) {
+                    $VariableMap[$Variable.RowKey] = @{
+                        Name        = $Variable.RowKey
+                        Variable    = "%$($Variable.RowKey)%"
+                        Description = 'Global custom variable'
+                        Value       = $Variable.Value
+                        Type        = 'custom'
+                        Category    = 'global'
+                        Scope       = 'AllTenants'
+                    }
+                }
+            }
+        }
+
+        # Get tenant-specific variables if tenantFilter is provided
+        # These override any global variables with the same name
+        $TenantFilter = $Request.Query.tenantFilter
+        if ($TenantFilter -and $TenantFilter -ne 'AllTenants') {
+            # Try to get tenant to find customerId
+            try {
+                $Tenant = Get-Tenants -TenantFilter $TenantFilter
+                $CustomerId = $Tenant.customerId
+
+                # Get variables by customerId
+                $TenantVariables = Get-CIPPAzDataTableEntity @ReplaceTable -Filter "PartitionKey eq '$CustomerId'"
+
+                # If no results found by customerId, try by defaultDomainName
+                if (-not $TenantVariables) {
+                    $TenantVariables = Get-CIPPAzDataTableEntity @ReplaceTable -Filter "PartitionKey eq '$($Tenant.defaultDomainName)'"
+                }
+
+                if ($TenantVariables) {
+                    foreach ($Variable in $TenantVariables) {
+                        if ($Variable.RowKey -and $Variable.Value) {
+                            # Tenant variables override global ones with the same name
+                            $VariableMap[$Variable.RowKey] = @{
+                                Name        = $Variable.RowKey
+                                Variable    = "%$($Variable.RowKey)%"
+                                Description = 'Tenant-specific custom variable'
+                                Value       = $Variable.Value
+                                Type        = 'custom'
+                                Category    = 'tenant-custom'
+                                Scope       = $TenantFilter
+                            }
+                        }
+                    }
+                }
+            } catch {
+                Write-LogMessage -API $APIName -message "Could not retrieve tenant-specific variables for $TenantFilter : $($_.Exception.Message)" -Sev 'Warning'
+            }
+        }
+
+        # Convert hashtable values to array and sort
+        $AllVariables = $VariableMap.Values
+        $SortedVariables = $AllVariables | Sort-Object @{
+            Expression = {
+                switch ($_.Type) {
+                    'reserved' { 1 }
+                    'custom' {
+                        switch ($_.Category) {
+                            'global' { 2 }
+                            'tenant-custom' { 3 }
+                            default { 4 }
+                        }
+                    }
+                    default { 5 }
+                }
+            }
+        }, Name
+
+        $HttpResponse.Body = @{
+            Results  = @($SortedVariables)
+            Metadata = @{
+                TenantFilter  = $TenantFilter
+                TotalCount    = $SortedVariables.Count
+                ReservedCount = @($SortedVariables | Where-Object { $_.Type -eq 'reserved' }).Count
+                CustomCount   = @($SortedVariables | Where-Object { $_.Type -eq 'custom' }).Count
+            }
+        }
+
+    } catch {
+        $HttpResponse.StatusCode = [HttpStatusCode]::InternalServerError
+        $HttpResponse.Body = @{
+            Results = @()
+            Error   = $_.Exception.Message
+        }
+        Write-LogMessage -API $APIName -message "Failed to retrieve custom variables: $($_.Exception.Message)" -Sev 'Error'
+    }
+
+    return $HttpResponse
+}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1

@@ -13,8 +13,11 @@ function Invoke-CIPPStandardActivityBasedTimeout {
         CAT
             Global Standards
         TAG
-            "CIS"
+            "CIS M365 5.0 (1.3.2)"
             "spo_idle_session_timeout"
+            "NIST CSF 2.0 (PR.AA-03)"
+        EXECUTIVETEXT
+            Automatically logs out inactive users from Microsoft 365 applications after a specified time period to prevent unauthorized access to company data on unattended devices. This security measure protects against data breaches when employees leave workstations unlocked.
         ADDEDCOMPONENT
             {"type":"autoComplete","multiple":false,"creatable":false,"label":"Select value","name":"standards.ActivityBasedTimeout.timeout","options":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]}
         IMPACT

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1

@@ -13,7 +13,9 @@ function Invoke-CIPPStandardAddDKIM {
         CAT
             Exchange Standards
         TAG
-            "CIS"
+            "CIS M365 5.0 (2.1.9)"
+        EXECUTIVETEXT
+            Enables email authentication technology that digitally signs outgoing emails to verify they actually came from your organization. This prevents email spoofing, improves email deliverability, and protects the company's reputation by ensuring recipients can trust emails from your domains.
         ADDEDCOMPONENT
         IMPACT
             Low Impact

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1

@@ -13,9 +13,11 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
         CAT
             Global Standards
         TAG
-            "CIS"
+            "CIS M365 5.0 (2.1.10)"
             "Security"
             "PhishingProtection"
+        EXECUTIVETEXT
+            Implements advanced email security for Microsoft's default domain names (onmicrosoft.com) to prevent criminals from impersonating your organization. This blocks fraudulent emails that could damage your company's reputation and protects partners and customers from phishing attacks using your domain names.
         ADDEDCOMPONENT
             {"type":"autoComplete","multiple":false,"creatable":true,"required":false,"placeholder":"v=DMARC1; p=reject; (recommended)","label":"Value","name":"standards.AddDMARCToMOERA.RecordValue","options":[{"label":"v=DMARC1; p=reject; (recommended)","value":"v=DMARC1; p=reject;"}]}
         IMPACT

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1

@@ -13,6 +13,8 @@ function Invoke-CIPPStandardAnonReportDisable {
         CAT
             Global Standards
         TAG
+        EXECUTIVETEXT
+            Configures Microsoft 365 reports to display actual usernames instead of anonymized identifiers, enabling IT administrators to effectively troubleshoot issues and generate meaningful usage reports. This improves operational efficiency and system management capabilities.
         ADDEDCOMPONENT
         IMPACT
             Low Impact

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1

@@ -13,14 +13,15 @@ function Invoke-CIPPStandardAntiPhishPolicy {
         CAT
             Defender Standards
         TAG
-            "CIS"
             "mdo_safeattachments"
             "mdo_highconfidencespamaction"
             "mdo_highconfidencephishaction"
             "mdo_phisspamacation"
             "mdo_spam_notifications_only_for_admins"
             "mdo_antiphishingpolicies"
             "mdo_phishthresholdlevel"
+            "CIS M365 5.0 (2.1.7)"
+            "NIST CSF 2.0 (DE.CM-09)"
         ADDEDCOMPONENT
             {"type":"number","label":"Phishing email threshold. (Default 1)","name":"standards.AntiPhishPolicy.PhishThresholdLevel","defaultValue":1}
             {"type":"switch","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","defaultValue":true}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiSpamSafeList.ps1

@@ -13,6 +13,9 @@ function Invoke-CIPPStandardAntiSpamSafeList {
         CAT
             Defender Standards
         TAG
+            "CIS M365 5.0 (2.1.13)"
+        EXECUTIVETEXT
+            Enables Microsoft's pre-approved list of trusted email servers to improve email delivery from legitimate sources while maintaining spam protection. This reduces false positives where legitimate emails might be blocked while still protecting against spam and malicious emails.
         ADDEDCOMPONENT
             {"type":"switch","name":"standards.AntiSpamSafeList.EnableSafeList","label":"Enable Safe List"}
         IMPACT

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1

@@ -13,6 +13,8 @@ function Invoke-CIPPStandardAppDeploy {
         CAT
             Entra (AAD) Standards
         TAG
+        EXECUTIVETEXT
+            Automatically deploys approved business applications across all company locations and users, ensuring consistent access to essential tools and maintaining standardized software configurations. This streamlines application management and reduces IT deployment overhead.
         ADDEDCOMPONENT
             {"type":"select","multiple":false,"creatable":false,"label":"App Approval Mode","name":"standards.AppDeploy.mode","options":[{"label":"Template","value":"template"},{"label":"Copy Permissions","value":"copy"}]}
             {"type":"autoComplete","multiple":true,"creatable":false,"label":"Select Applications","name":"standards.AppDeploy.templateIds","api":{"url":"/api/ListAppApprovalTemplates","labelField":"TemplateName","valueField":"TemplateId","queryKey":"StdAppApprovalTemplateList","addedField":{"AppId":"AppId"}},"condition":{"field":"standards.AppDeploy.mode","compareType":"is","compareValue":"template"}}