change how drift detection works

KelvinTegelaar · KelvinTegelaar · commit 41cb7f9d12d3 · 2025-07-28T23:54:55.000+02:00
diff --git a/Modules/CIPPCore/Public/Get-CIPPDrift.ps1 b/Modules/CIPPCore/Public/Get-CIPPDrift.ps1
@@ -30,7 +30,7 @@ function Get-CIPPDrift {
     )
 
     try {
-        $AlignmentData = Get-CIPPTenantAlignment -TenantFilter $TenantFilter -TemplateId $TemplateId
+        $AlignmentData = Get-CIPPTenantAlignment -TenantFilter $TenantFilter -TemplateId $TemplateId | Where-Object -Property standardType -EQ 'drift'
         if (-not $AlignmentData) {
             Write-Warning "No alignment data found for tenant $TenantFilter"
             return @()
@@ -58,7 +58,7 @@ function Get-CIPPDrift {
             # Process standards compliance deviations
             if ($Alignment.ComparisonDetails) {
                 foreach ($ComparisonItem in $Alignment.ComparisonDetails) {
-                    if ($ComparisonItem.Compliant -eq $false -and $ComparisonItem.ComplianceStatus -eq 'Non-Compliant') {
+                    if ($ComparisonItem.Compliant -ne $true) {
                         $Status = if ($ExistingDriftStates.ContainsKey($ComparisonItem.StandardName)) {
                             $ExistingDriftStates[$ComparisonItem.StandardName]
                         } else {
@@ -196,9 +196,9 @@ function Get-CIPPDrift {
 
                     $CacheEntity = @{
                         PartitionKey = 'drift'
-                        RowKey = $TenantFilter
-                        IntuneJson = $IntuneJsonString
-                        CAJson = $CAJsonString
+                        RowKey       = $TenantFilter
+                        IntuneJson   = $IntuneJsonString
+                        CAJson       = $CAJsonString
                     }
                     Add-CIPPAzDataTableEntity @CacheTable -Entity $CacheEntity -Force
                 } catch {
@@ -285,7 +285,7 @@ function Get-CIPPDrift {
                     $PolicyDeviation = [PSCustomObject]@{
                         standardName        = $PolicyKey
                         standardDisplayName = "Intune - $TenantPolicyName"
-                        expectedValue       = 'Not defined in template'
+                        expectedValue       = 'This policy only exists in the tenant, not in the template.'
                         receivedValue       = ($TenantPolicy.Policy | ConvertTo-Json -Depth 10 -Compress)
                         state               = 'current'
                         Status              = $Status
@@ -315,7 +315,7 @@ function Get-CIPPDrift {
                     $PolicyDeviation = [PSCustomObject]@{
                         standardName        = $PolicyKey
                         standardDisplayName = "Conditional Access - $($TenantCAPolicy.displayName)"
-                        expectedValue       = 'Not defined in template'
+                        expectedValue       = 'This policy only exists in the tenant, not in the template.'
                         receivedValue       = ($TenantCAPolicy | ConvertTo-Json -Depth 10 -Compress)
                         state               = 'current'
                         Status              = $Status
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1
@@ -30,10 +30,13 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
     #>
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'ConditionalAccess'
-    $TestResult = Test-CIPPStandardLicense -StandardName 'ConditionalAccessTemplate' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
     $Table = Get-CippTable -tablename 'templates'
-
+    $TestResult = Test-CIPPStandardLicense -StandardName 'ConditionalAccessTemplate' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
     if ($TestResult -eq $false) {
+        #writing to each item that the license is not present.
+        $settings.TemplateList | ForEach-Object {
+            Set-CIPPStandardsCompareField -FieldName "standards.ConditionalAccessTemplate.$($_.value)" -FieldValue 'This tenant does not have the required license for this standard.' -Tenant $Tenant
+        }
         Write-Host "We're exiting as the correct license is not present for this standard."
         return $true
     } #we're done.
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1
@@ -35,6 +35,10 @@ function Invoke-CIPPStandardIntuneTemplate {
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'intuneTemplate'
 
     if ($TestResult -eq $false) {
+        #writing to each item that the license is not present.
+        $settings.TemplateList | ForEach-Object {
+            Set-CIPPStandardsCompareField -FieldName "standards.IntuneTemplate.$($_.value)" -FieldValue 'This tenant does not have the required license for this standard.' -Tenant $Tenant
+        }
         Write-Host "We're exiting as the correct license is not present for this standard."
         return $true
     } #we're done.
