Merge pull request KelvinTegelaar#1497 from kris6673/fix-standards

Fix: Improve logging and fix report mode issues

Author: KelvinTegelaar

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1

@@ -33,38 +33,38 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableAdditionalStorageProviders'
 
-    $AdditionalStorageProvidersState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' }
+    $AdditionalStorageProvidersState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' } -Select 'Identity, AdditionalStorageProvidersAvailable'
 
     if ($Settings.remediate -eq $true) {
 
         try {
             if ($AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable) {
-                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{ Identity = $AdditionalStorageProvidersState.Identity; AdditionalStorageProvidersAvailable = $false } -useSystemMailbox $true
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers have been disabled.' -sev Info
+                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{ Identity = $AdditionalStorageProvidersState.Identity; AdditionalStorageProvidersAvailable = $false } -useSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers has been disabled.' -sev Info
                 $AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable = $false
             } else {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are already disabled.' -sev Info
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers are already disabled.' -sev Info
             }
         } catch {
-            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable OWA additional storage providers. Error: $ErrorMessage" -sev Error
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable OWA additional storage providers. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
         }
 
     }
 
     if ($Settings.alert -eq $true) {
         if ($AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable) {
             $Object = $AdditionalStorageProvidersState | Select-Object -Property AdditionalStorageProvidersAvailable
-            Write-StandardsAlert -message 'OWA additional storage providers are enabled' -object $Object -tenant $tenant -standardName 'DisableAdditionalStorageProviders' -standardId $Settings.standardId
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are enabled' -sev Info
+            Write-StandardsAlert -message 'OWA additional storage providers are enabled' -object $Object -tenant $Tenant -standardName 'DisableAdditionalStorageProviders' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers are enabled' -sev Info
         } else {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are disabled' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers are disabled' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
-        $state = $AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled ? $false : $true
-        Set-CIPPStandardsCompareField -FieldName 'standards.DisableAdditionalStorageProviders' -FieldValue $state -TenantFilter $Tenant
-        Add-CIPPBPAField -FieldName 'AdditionalStorageProvidersEnabled' -FieldValue $AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled -StoreAs bool -Tenant $tenant
+        $State = $AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled ? $false : $true
+        Set-CIPPStandardsCompareField -FieldName 'standards.DisableAdditionalStorageProviders' -FieldValue $State -TenantFilter $Tenant
+        Add-CIPPBPAField -FieldName 'AdditionalStorageProvidersEnabled' -FieldValue $State -StoreAs bool -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1

@@ -30,32 +30,31 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState {
 
     param($Tenant, $Settings)
 
-    $authenticatorFeaturesState = (New-GraphGetRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator')
-    $authState = if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq 'enabled') { $true } else { $false }
-
-
+    $AuthenticatorFeaturesState = (New-GraphGetRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator')
 
     # Get state value using null-coalescing operator
-    $state = $Settings.state.value ? $Settings.state.value : $settings.state
-    $authState = if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq $state) { $true } else { $false }
+    $CurrentState = $AuthenticatorFeaturesState.featureSettings.companionAppAllowedState.state
+    $WantedState = $Settings.state.value ? $Settings.state.value : $settings.state
+    $AuthStateCorrect = if ($CurrentState -eq $WantedState) { $true } else { $false }
 
     # Input validation
-    if (([string]::IsNullOrWhiteSpace($state) -or $state -eq 'Select a value') -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) {
+    if (([string]::IsNullOrWhiteSpace($WantedState) -or $WantedState -eq 'Select a value') -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) {
         Write-LogMessage -API 'Standards' -tenant $Tenant -message 'PWcompanionAppAllowedState: Invalid state parameter set' -sev Error
         Return
     }
 
     If ($Settings.remediate -eq $true) {
+        Write-Host "Remediating PWcompanionAppAllowedState for tenant $Tenant to $WantedState"
 
-        if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq $state) {
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message "companionAppAllowedState is already set to the desired state of $state." -sev Info
+        if ($AuthStateCorrect -eq $true) {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "companionAppAllowedState is already set to the desired state of $WantedState." -sev Info
         } else {
             try {
                 # Remove number matching from featureSettings because this is now Microsoft enforced and shipping it returns an error
-                $authenticatorFeaturesState.featureSettings.PSObject.Properties.Remove('numberMatchingRequiredState')
+                $AuthenticatorFeaturesState.featureSettings.PSObject.Properties.Remove('numberMatchingRequiredState')
                 # Define feature body
                 $featureBody = @{
-                    state         = $state
+                    state         = $WantedState
                     includeTarget = [PSCustomObject]@{
                         targetType = 'group'
                         id         = 'all_users'
@@ -65,33 +64,33 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState {
                         id         = '00000000-0000-0000-0000-000000000000'
                     }
                 }
-                $authenticatorFeaturesState.featureSettings.companionAppAllowedState = $featureBody
-                $body = ConvertTo-Json -Depth 3 -Compress -InputObject $authenticatorFeaturesState
+                $AuthenticatorFeaturesState.featureSettings.companionAppAllowedState = $featureBody
+                $body = ConvertTo-Json -Depth 3 -Compress -InputObject $AuthenticatorFeaturesState
                 $null = (New-GraphPostRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -Type patch -Body $body -ContentType 'application/json')
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set companionAppAllowedState to $state." -sev Info
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set companionAppAllowedState to $WantedState." -sev Info
             } catch {
                 $ErrorMessage = Get-CippExceptionMessage -Exception $_
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set companionAppAllowedState to $state. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set companionAppAllowedState to $WantedState. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
             }
         }
     }
 
     if ($Settings.alert -eq $true) {
 
-        if ($authState) {
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'companionAppAllowedState is enabled.' -sev Info
+        if ($AuthStateCorrect -eq $true) {
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "companionAppAllowedState is set to $WantedState." -sev Info
         } else {
-            Write-StandardsAlert -message 'companionAppAllowedState is not enabled' -object $authenticatorFeaturesState -tenant $Tenant -standardName 'PWcompanionAppAllowedState' -standardId $Settings.standardId
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'companionAppAllowedState is not enabled.' -sev Info
+            Write-StandardsAlert -message "companionAppAllowedState is not set to $WantedState. Current state is $CurrentState." -object $AuthenticatorFeaturesState -tenant $Tenant -standardName 'PWcompanionAppAllowedState' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "companionAppAllowedState is not set to $WantedState. Current state is $CurrentState." -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
-        Add-CIPPBPAField -FieldName 'companionAppAllowedState' -FieldValue $authState -StoreAs bool -Tenant $Tenant
-        if ($authState) {
+        Add-CIPPBPAField -FieldName 'companionAppAllowedState' -FieldValue $AuthStateCorrect -StoreAs bool -Tenant $Tenant
+        if ($AuthStateCorrect -eq $true) {
             $FieldValue = $true
         } else {
-            $FieldValue = $authenticatorFeaturesState.featureSettings.companionAppAllowedState
+            $FieldValue = $AuthenticatorFeaturesState.featureSettings.companionAppAllowedState
         }
         Set-CIPPStandardsCompareField -FieldName 'standards.PWcompanionAppAllowedState' -FieldValue $FieldValue -Tenant $Tenant
     }