tmppush

Author: KelvinTegelaar

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListStandardsCompare.ps1

@@ -0,0 +1,71 @@
+using namespace System.Net
+
+Function Invoke-ListStandardsCompare {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Tenant.BestPracticeAnalyser.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    # Create mock data for testing with the correct API structure
+    # Only tenant data with values, no compliance information or standard values
+    $Results = @(
+        @{
+            tenantFilter     = 'TenantOne'
+            standardsResults = @(
+                @{
+                    standardId   = 'standards.MailContacts'
+                    standardName = 'Mail Contacts'
+                    value        = @{
+                        GeneralContact   = '[email protected]'
+                        SecurityContact  = '[email protected]'
+                        MarketingContact = '[email protected]'
+                        TechContact      = '[email protected]'
+                    }
+                },
+                @{
+                    standardId   = 'standards.AuditLog'
+                    standardName = 'Audit Log'
+                    value        = $true
+                },
+                @{
+                    standardId   = 'standards.ProfilePhotos'
+                    standardName = 'Profile Photos'
+                    value        = @{
+                        state = @{
+                            label = 'Enabled'
+                            value = 'enabled'
+                        }
+                    }
+                }
+            )
+        },
+        @{
+            tenantFilter     = 'dev.johnwduprey.com'
+            standardsResults = @(
+                @{
+                    standardId   = 'standards.MailContacts'
+                    standardName = 'Mail Contacts'
+                    value        = @{
+                        GeneralContact  = '[email protected]'
+                        SecurityContact = '[email protected]'
+                    }
+                },
+                @{
+                    standardId   = 'standards.AuditLog'
+                    standardName = 'Audit Log'
+                    value        = $false
+                }
+            )
+        }
+    )
+    
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = (ConvertTo-Json -Depth 15 -InputObject $Results)
+        })
+
+}

Modules/CIPPCore/Public/Set-StandardCompareField.ps1

@@ -0,0 +1,32 @@
+function Set-CIPPStandardsCompareField {
+    param (
+        $FieldName,
+        $FieldValue,
+        $TenantFilter
+    )
+    $Table = Get-CippTable -tablename 'CippStandardsReports'
+    $TenantName = Get-Tenants | Where-Object -Property defaultDomainName -EQ $Tenant
+    $FieldValue = ConvertTo-Json -Compress -InputObject $FieldValue | Out-String
+
+    $Existing = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'StandardReport' and RowKey eq '$($TenantName.defaultDomainName)'"
+    if ($Existing) {
+        $Existing = $Existing | Select-Object * -ExcludeProperty ETag, TimeStamp | ConvertTo-Json -Compress | ConvertFrom-Json -AsHashtable
+        $Existing[$FieldName] = "$FieldValue"
+        $Existing['LastRefresh'] = [string]$(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')  
+        $Existing = [PSCustomObject]$Existing
+
+        Add-CIPPAzDataTableEntity @Table -Entity $Existing -Force
+    } else {
+        $Result = @{
+            tenantFilter = "$($TenantName.defaultDomainName)"
+            GUID         = "$($TenantName.customerId)"
+            RowKey       = "$($TenantName.defaultDomainName)"
+            PartitionKey = 'StandardReport'
+            LastRefresh  = [string]$(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
+        } 
+        $Result[$FieldName] = "$FieldValue"
+        Add-CIPPAzDataTableEntity @Table -Entity $Result -Force
+
+    }
+    Write-Information "Adding $FieldName to StandardCompare for $Tenant. content is $FieldValue"
+}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1

@@ -43,9 +43,6 @@ function Invoke-CIPPStandardActivityBasedTimeout {
         Return
     }
 
-    # Backwards compatibility for v5.7.0 and older
-    if ($null -eq $timeout ) { $timeout = '01:00:00' }
-
     $CurrentState = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies' -tenantid $Tenant
     $StateIsCorrect = if ($CurrentState.definition -like "*$timeout*") { $true } else { $false }
 
@@ -90,7 +87,7 @@ function Invoke-CIPPStandardActivityBasedTimeout {
     }
 
     if ($Settings.report -eq $true) {
-
+        Set-CIPPStandardsCompareField -FieldName 'standards.ActivityBasedTimeout' -FieldValue $StateIsCorrect -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'ActivityBasedTimeout' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $Tenant
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1

@@ -101,13 +101,14 @@ function Invoke-CIPPStandardAddDKIM {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is enabled for all available domains' -sev Info
         } else {
             $NoDKIM = ($NewDomains + $SetDomains.Domain) -join ';'
-            Write-StandardsAlert -message "DKIM is not enabled for: $NoDKIM" -object @{NewDomains = $NewDomains; SetDomains = $SetDomains} -tenant $tenant -standardName 'AddDKIM' -standardId $Settings.standardId
+            Write-StandardsAlert -message "DKIM is not enabled for: $NoDKIM" -object @{NewDomains = $NewDomains; SetDomains = $SetDomains } -tenant $tenant -standardName 'AddDKIM' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message "DKIM is not enabled for: $NoDKIM" -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
         $DKIMState = if ($null -eq $NewDomains -and $null -eq $SetDomains) { $true } else { $false }
+        Set-CIPPStandardsCompareField -FieldName 'standards.AddDKIM' -FieldValue $DKIMState -TenantFilter $tenant
         Add-CIPPBPAField -FieldName 'DKIM' -FieldValue $DKIMState -StoreAs bool -Tenant $tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1

@@ -52,11 +52,13 @@ function Invoke-CIPPStandardAnonReportDisable {
         if ($CurrentInfo.displayConcealedNames -eq $false) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports is disabled' -sev Info
         } else {
-            Write-StandardsAlert -message "Anonymous Reports is not disabled" -object $CurrentInfo -tenant $tenant -standardName 'AnonReportDisable' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Anonymous Reports is not disabled' -object $CurrentInfo -tenant $tenant -standardName 'AnonReportDisable' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports is not disabled' -sev Info
         }
     }
     if ($Settings.report -eq $true) {
+        $stateisCorrrect = $CurrentInfo.displayConcealedNames ? $false : $true
+        Set-CIPPStandardsCompareField -FieldName 'standard.AnonReportDisable' -FieldValue $stateisCorrrect -TenantFilter $tenant
         Add-CIPPBPAField -FieldName 'AnonReport' -FieldValue $CurrentInfo.displayConcealedNames -StoreAs bool -Tenant $tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1

@@ -218,6 +218,7 @@ function Invoke-CIPPStandardAntiPhishPolicy {
     }
 
     if ($Settings.report -eq $true) {
+        Set-CIPPStandardsCompareField -FieldName 'standard.AntiPhishPolicy' -FieldValue $StateIsCorrect -TenantFilter $tenant
         Add-CIPPBPAField -FieldName 'AntiPhishPolicy' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiSpamSafeList.ps1

@@ -49,6 +49,7 @@ function Invoke-CIPPStandardAntiSpamSafeList {
     $StateIsCorrect = if ($CurrentState -eq $WantedState) { $true } else { $false }
 
     if ($Settings.report -eq $true) {
+        Set-CIPPStandardsCompareField -FieldName 'standard.AntiSpamSafeList' -FieldValue $StateIsCorrect -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'AntiSpamSafeList' -FieldValue $CurrentState -StoreAs bool -Tenant $Tenant
     }
 
@@ -74,7 +75,7 @@ function Invoke-CIPPStandardAntiSpamSafeList {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "The Anti-Spam Connection Filter Safe List is set correctly to $WantedState" -sev Info
         } else {
-            Write-StandardsAlert -message "The Anti-Spam Connection Filter Safe List is not set correctly to $WantedState" -object @{CurrentState = $CurrentState; WantedState = $WantedState} -tenant $Tenant -standardName 'AntiSpamSafeList' -standardId $Settings.standardId
+            Write-StandardsAlert -message "The Anti-Spam Connection Filter Safe List is not set correctly to $WantedState" -object @{CurrentState = $CurrentState; WantedState = $WantedState } -tenant $Tenant -standardName 'AntiSpamSafeList' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "The Anti-Spam Connection Filter Safe List is not set correctly to $WantedState" -sev Info
         }
     }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1

@@ -67,4 +67,10 @@ function Invoke-CIPPStandardAppDeploy {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'All applications are deployed' -sev Info
         }
     }
+
+    if ($Settings.report -eq $true) {
+        $StateIsCorrect = $MissingApps.Count -eq 0 ? $true : $MissingApps
+        Set-CIPPStandardsCompareField -FieldName 'standard.AppDeploy' -FieldValue $StateIsCorrect -TenantFilter $tenant
+        Add-CIPPBPAField -FieldName 'AppDeploy' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
+    }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1

@@ -65,12 +65,14 @@ function Invoke-CIPPStandardAtpPolicyForO365 {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 is enabled' -sev Info
         } else {
-            Write-StandardsAlert -message "Atp Policy For O365 is not enabled" -object $CurrentState -tenant $Tenant -standardName 'AtpPolicyForO365' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Atp Policy For O365 is not enabled' -object $CurrentState -tenant $Tenant -standardName 'AtpPolicyForO365' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 is not enabled' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
+        $state = $StateIsCorrect -eq $true ? $true : $CurrentState
+        Set-CIPPStandardsCompareField -FieldName 'standard.AtpPolicyForO365' -FieldValue $state -TenantFilter $tenant
         Add-CIPPBPAField -FieldName 'AtpPolicyForO365' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1

@@ -43,39 +43,40 @@ function Invoke-CIPPStandardAuditLog {
         $DehydratedTenant = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' -Select IsDehydrated).IsDehydrated
         if ($DehydratedTenant -eq $true) {
             try {
-                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization'
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Organization customization enabled.' -sev Info
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization'
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Organization customization enabled.' -sev Info
             } catch {
-                $ErrorMessage = Get-CippException -Exception $_
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable organization customization. Error: $($ErrorMessage.NormalizedError)" -sev Debug -LogData $ErrorMessage
+                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable organization customization. Error: $ErrorMessage" -sev Debug
             }
         }
 
         try {
             if ($AuditLogEnabled -eq $true) {
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log already enabled.' -sev Info
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log already enabled.' -sev Info
             } else {
-                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams @{UnifiedAuditLogIngestionEnabled = $true }
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log Enabled.' -sev Info
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams @{UnifiedAuditLogIngestionEnabled = $true }
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log Enabled.' -sev Info
             }
 
         } catch {
-            $ErrorMessage = Get-CippException -Exception $_
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Unified Audit Log. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
+            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Unified Audit Log. Error: $ErrorMessage" -sev Error
         }
     }
     if ($Settings.alert -eq $true) {
 
         if ($AuditLogEnabled -eq $true) {
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log is enabled' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log is enabled' -sev Info
         } else {
-            Write-StandardsAlert -message "Unified Audit Log is not enabled" -object @{AuditLogEnabled = $AuditLogEnabled} -tenant $Tenant -standardName 'AuditLog' -standardId $Settings.standardId
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log is not enabled' -sev Info
+            Write-StandardsAlert -message 'Unified Audit Log is not enabled' -object @{AuditLogEnabled = $AuditLogEnabled } -tenant $Tenant -standardName 'AuditLog' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log is not enabled' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
-
-        Add-CIPPBPAField -FieldName 'AuditLog' -FieldValue $AuditLogEnabled -StoreAs bool -Tenant $Tenant
+        $state = $AuditLogEnabled -eq $true ? $true : $AuditLogEnabled
+        Set-CIPPStandardsCompareField -FieldName 'standard.AuditLog' -FieldValue $state -TenantFilter $Tenant
+        Add-CIPPBPAField -FieldName 'AuditLog' -FieldValue $AuditLogEnabled -StoreAs bool -Tenant $tenant
     }
 }