@@ -23,16 +23,16 @@ function Get-CIPPStandards {
2323 $Table = Get-CippTable - tablename ' templates'
2424 $Filter = " PartitionKey eq 'StandardsTemplateV2'"
2525 $Templates = (Get-CIPPAzDataTableEntity @Table - Filter $Filter | Sort-Object TimeStamp).JSON |
26- ForEach-Object {
27- try {
28- # Fix old "Action" => "action"
29- $JSON = $_ -replace ' "Action":' , ' "action":' -replace ' "permissionlevel":' , ' "permissionLevel":'
30- ConvertFrom-Json - InputObject $JSON - ErrorAction SilentlyContinue
31- } catch {}
32- } |
33- Where-Object {
34- $_.GUID -like $TemplateId -and $_.runManually -eq $runManually
35- }
26+ ForEach-Object {
27+ try {
28+ # Fix old "Action" => "action"
29+ $JSON = $_ -replace ' "Action":' , ' "action":' -replace ' "permissionlevel":' , ' "permissionLevel":'
30+ ConvertFrom-Json - InputObject $JSON - ErrorAction SilentlyContinue
31+ } catch {}
32+ } |
33+ Where-Object {
34+ $_.GUID -like $TemplateId -and $_.runManually -eq $runManually
35+ }
3636
3737 # 1.5. Expand templates that contain TemplateList-Tags into multiple standards
3838 $ExpandedTemplates = foreach ($Template in $Templates ) {
@@ -243,12 +243,17 @@ function Get-CIPPStandards {
243243 }
244244 }
245245
246- # Separate AllTenants vs TenantSpecific templates
246+ # Separate templates into three tiers: AllTenants (lowest precedence), Group (middle), Tenant-Specific (highest)
247247 $AllTenantTemplatesSet = $ApplicableTemplates | Where-Object {
248248 $_.tenantFilter.value -contains ' AllTenants'
249249 }
250+ $GroupTemplatesSet = $ApplicableTemplates | Where-Object {
251+ ($_.tenantFilter.value -notcontains ' AllTenants' -and
252+ ($_.tenantFilter | Where-Object { $_.type -eq ' Group'
253+ }
250254 $TenantSpecificTemplatesSet = $ApplicableTemplates | Where-Object {
251- $_.tenantFilter.value -notcontains ' AllTenants'
255+ ($_.tenantFilter.value -notcontains ' AllTenants' -and
256+ -not ($_.tenantFilter | Where-Object { $_.type -eq ' Group'
252257 }
253258
254259 # Build merged standards keyed by (StandardName, TemplateList.value)
@@ -323,7 +328,86 @@ function Get-CIPPStandards {
323328 }
324329 }
325330
326- # Process TenantSpecific templates, merging with AllTenants base
331+ # Process Group templates, merging with AllTenants base
332+ foreach ($Template in $GroupTemplatesSet ) {
333+ $Standards = $Template.standards
334+
335+ foreach ($StandardName in $Standards.PSObject.Properties.Name ) {
336+ $Value = $Standards .$StandardName
337+ $IsArray = $Value -is [System.Collections.IEnumerable ] -and -not ($Value -is [string ])
338+
339+ if ($IsArray ) {
340+ foreach ($Item in $Value ) {
341+ $CurrentStandard = $Item.PSObject.Copy ()
342+ $CurrentStandard | Add-Member - NotePropertyName ' TemplateId' - NotePropertyValue $Template.GUID - Force
343+
344+ # Add Remediate if autoRemediate is true
345+ if ($CurrentStandard.autoRemediate -eq $true -and -not ($CurrentStandard.action.value -contains ' Remediate'
346+ $CurrentStandard.action = @ ($CurrentStandard.action ) + [pscustomobject ]@ {
347+ label = ' Remediate'
348+ value = ' Remediate'
349+ }
350+ }
351+
352+ # Add Report if Remediate present but Report missing
353+ if ($CurrentStandard.action.value -contains ' Remediate' -and -not ($CurrentStandard.action.value -contains ' Report'
354+ $CurrentStandard.action = @ ($CurrentStandard.action ) + [pscustomobject ]@ {
355+ label = ' Report'
356+ value = ' Report'
357+ }
358+ }
359+
360+ $Actions = $CurrentStandard.action.value
361+ if ($Actions -contains ' Remediate' -or $Actions -contains ' warn' -or $Actions -contains ' Report'
362+ $TemplateKey = if ($CurrentStandard.TemplateList.value ) { $CurrentStandard.TemplateList.value } else { ' '
363+ $Key = " $StandardName |$TemplateKey "
364+
365+ if ($ComputedStandards.ContainsKey ($Key )) {
366+ # Merge group-based over AllTenants base
367+ $MergedStandard = Merge-CippStandards - Existing $ComputedStandards [$Key ] - New $CurrentStandard - StandardName $StandardName
368+ $ComputedStandards [$Key ] = $MergedStandard
369+ } else {
370+ $ComputedStandards [$Key ] = $CurrentStandard
371+ }
372+ }
373+ }
374+ } else {
375+ $CurrentStandard = $Value.PSObject.Copy ()
376+ $CurrentStandard | Add-Member - NotePropertyName ' TemplateId' - NotePropertyValue $Template.GUID - Force
377+
378+ # Add Remediate if autoRemediate is true
379+ if ($CurrentStandard.autoRemediate -eq $true -and -not ($CurrentStandard.action.value -contains ' Remediate'
380+ $CurrentStandard.action = @ ($CurrentStandard.action ) + [pscustomobject ]@ {
381+ label = ' Remediate'
382+ value = ' Remediate'
383+ }
384+ }
385+
386+ # Add Report if Remediate present but Report missing
387+ if ($CurrentStandard.action.value -contains ' Remediate' -and -not ($CurrentStandard.action.value -contains ' Report'
388+ $CurrentStandard.action = @ ($CurrentStandard.action ) + [pscustomobject ]@ {
389+ label = ' Report'
390+ value = ' Report'
391+ }
392+ }
393+
394+ $Actions = $CurrentStandard.action.value
395+ if ($Actions -contains ' Remediate' -or $Actions -contains ' warn' -or $Actions -contains ' Report'
396+ $TemplateKey = if ($CurrentStandard.TemplateList.value ) { $CurrentStandard.TemplateList.value } else { ' '
397+ $Key = " $StandardName |$TemplateKey "
398+
399+ if ($ComputedStandards.ContainsKey ($Key )) {
400+ $MergedStandard = Merge-CippStandards - Existing $ComputedStandards [$Key ] - New $CurrentStandard - StandardName $StandardName
401+ $ComputedStandards [$Key ] = $MergedStandard
402+ } else {
403+ $ComputedStandards [$Key ] = $CurrentStandard
404+ }
405+ }
406+ }
407+ }
408+ }
409+
410+ # Process TenantSpecific templates, merging with Group and AllTenants base
327411 foreach ($Template in $TenantSpecificTemplatesSet ) {
328412 $Standards = $Template.standards
329413
@@ -358,7 +442,7 @@ function Get-CIPPStandards {
358442 $Key = " $StandardName |$TemplateKey "
359443
360444 if ($ComputedStandards.ContainsKey ($Key )) {
361- # Merge tenant-specific over AllTenants base
445+ # Merge tenant-specific over Group/ AllTenants base
362446 $MergedStandard = Merge-CippStandards - Existing $ComputedStandards [$Key ] - New $CurrentStandard - StandardName $StandardName
363447 $ComputedStandards [$Key ] = $MergedStandard
364448 } else {
0 commit comments