fixes

KelvinTegelaar · KelvinTegelaar · commit 361a68ff363a · 2025-07-14T00:13:22.000+02:00
diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertLowTenantAlignment.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertLowTenantAlignment.ps1
@@ -14,7 +14,7 @@ function Get-CIPPAlertLowTenantAlignment {
         Get-CIPPAlertLowTenantAlignment -TenantFilter "contoso.onmicrosoft.com" -InputValue 75
     #>
     [CmdletBinding()]
-    Param (
+    param (
         [Parameter(Mandatory)]
         $TenantFilter,
         [Alias('input')]
@@ -31,7 +31,16 @@ function Get-CIPPAlertLowTenantAlignment {
             return
         }
 
-        $LowAlignmentAlerts = $AlignmentData | Where-Object { $_.AlignmentScore -lt $InputValue }
+        $LowAlignmentAlerts = $AlignmentData | Where-Object { $_.AlignmentScore -lt $InputValue } | ForEach-Object {
+            [PSCustomObject]@{
+                TenantFilter             = $_.TenantFilter
+                StandardName             = $_.StandardName
+                StandardId               = $_.StandardId
+                AlignmentScore           = $_.AlignmentScore
+                LicenseMissingPercentage = $_.LicenseMissingPercentage
+                LatestDataCollection     = $_.LatestDataCollection
+            }
+        }
 
         if ($LowAlignmentAlerts.Count -gt 0) {
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $LowAlignmentAlerts
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListTenantAlignment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListTenantAlignment.ps1
@@ -20,11 +20,12 @@ function Invoke-ListTenantAlignment {
         # Transform the data to match the expected API response format
         $Results = $AlignmentData | ForEach-Object {
             [PSCustomObject]@{
-                tenantFilter         = $_.TenantFilter
-                standardName         = $_.StandardName
-                standardId           = $_.StandardId
-                alignmentScore       = $_.AlignmentScore
-                latestDataCollection = $_.LatestDataCollection
+                tenantFilter             = $_.TenantFilter
+                standardName             = $_.StandardName
+                standardId               = $_.StandardId
+                alignmentScore           = $_.AlignmentScore
+                LicenseMissingPercentage = $_.LicenseMissingPercentage
+                latestDataCollection     = $_.LatestDataCollection
             }
         }
 
diff --git a/Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1 b/Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1
@@ -179,11 +179,14 @@ function Get-CIPPTenantAlignment {
                         }
 
                         $IsCompliant = ($Value -eq $true)
+                        $IsLicenseMissing = ($Value -is [string] -and $Value -like "License Missing:*")
 
                         if ($IsReportingDisabled) {
                             $ComplianceStatus = 'Reporting Disabled'
                         } elseif ($IsCompliant) {
                             $ComplianceStatus = 'Compliant'
+                        } elseif ($IsLicenseMissing) {
+                            $ComplianceStatus = 'License Missing'
                         } else {
                             $ComplianceStatus = 'Non-Compliant'
                         }
@@ -214,6 +217,7 @@ function Get-CIPPTenantAlignment {
 
                 $CompliantStandards = ($ComparisonTable | Where-Object { $_.ComplianceStatus -eq 'Compliant' }).Count
                 $NonCompliantStandards = ($ComparisonTable | Where-Object { $_.ComplianceStatus -eq 'Non-Compliant' }).Count
+                $LicenseMissingStandards = ($ComparisonTable | Where-Object { $_.ComplianceStatus -eq 'License Missing' }).Count
                 $ReportingDisabledStandardsCount = ($ComparisonTable | Where-Object { $_.ReportingDisabled }).Count
 
                 $AlignmentPercentage = if (($AllCount - $ReportingDisabledStandardsCount) -gt 0) {
@@ -222,17 +226,25 @@ function Get-CIPPTenantAlignment {
                     0
                 }
 
+                $LicenseMissingPercentage = if ($AllCount -gt 0) {
+                    [Math]::Round(($LicenseMissingStandards / $AllCount) * 100)
+                } else {
+                    0
+                }
+
                 $Result = [PSCustomObject]@{
-                    TenantFilter           = $TenantName
-                    StandardName           = $Template.templateName
-                    StandardId             = $Template.GUID
-                    AlignmentScore         = $AlignmentPercentage
-                    CompliantStandards     = $CompliantStandards
-                    NonCompliantStandards  = $NonCompliantStandards
-                    TotalStandards         = $AllCount
+                    TenantFilter         = $TenantName
+                    StandardName         = $Template.templateName
+                    StandardId           = $Template.GUID
+                    AlignmentScore       = $AlignmentPercentage
+                    LicenseMissingPercentage = $LicenseMissingPercentage
+                    CompliantStandards   = $CompliantStandards
+                    NonCompliantStandards = $NonCompliantStandards
+                    LicenseMissingStandards = $LicenseMissingStandards
+                    TotalStandards       = $AllCount
                     ReportingDisabledCount = $ReportingDisabledStandardsCount
-                    LatestDataCollection   = if ($LatestDataCollection) { $LatestDataCollection } else { $null }
-                    ComparisonDetails      = $ComparisonTable
+                    LatestDataCollection = if ($LatestDataCollection) { $LatestDataCollection } else { $null }
+                    ComparisonDetails    = $ComparisonTable
                 }
 
                 $Results.Add($Result)
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1
@@ -31,11 +31,10 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'ConditionalAccess'
 
-    If ($Settings.remediate -eq $true) {
-
+    if ($Settings.remediate -eq $true) {
+        $AllCAPolicies = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies?$top=999' -tenantid $Tenant
         foreach ($Setting in $Settings) {
             try {
-
                 $Table = Get-CippTable -tablename 'templates'
                 $Filter = "PartitionKey eq 'CATemplate' and RowKey eq '$($Setting.TemplateList.value)'"
                 $JSONObj = (Get-CippAzDataTableEntity @Table -Filter $Filter).JSON
@@ -45,7 +44,21 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update conditional access rule $($JSONObj.displayName). Error: $ErrorMessage" -sev 'Error'
             }
         }
-
-
+    }
+    if ($Settings.report -eq $true) {
+        $Policies = $Settings.TemplateList.JSON | ConvertFrom-Json -Depth 10
+        #check if all groups.displayName are in the existingGroups, if not $fieldvalue should contain all missing groups, else it should be true.
+        $MissingPolicies = foreach ($policy in $Policies) {
+            $CheckExististing = $AllCAPolicies | Where-Object -Property displayName -EQ $policy.displayname
+            if (!$CheckExististing) {
+                $policy.displayname
+            }
+        }
+        if ($MissingPolicies.Count -eq 0) {
+            $fieldValue = $true
+        } else {
+            $fieldValue = $MissingPolicies -join ', '
+        }
+        Set-CIPPStandardsCompareField -FieldName 'standards.GroupTemplate' -FieldValue $fieldValue -Tenant $Tenant
     }
 }
