bmsimp
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1‎
Lines changed: 52 additions & 2 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1‎
Lines changed: 52 additions & 2 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1‎
Lines changed: 16 additions & 11 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1‎
Lines changed: 16 additions & 11 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1‎
Lines changed: 21 additions & 14 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1‎
Lines changed: 21 additions & 14 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1‎
Lines changed: 70 additions & 19 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1‎
Lines changed: 70 additions & 19 deletions
@@ -1,4 +1,4 @@
-Function Invoke-ListApps {
+function Invoke-ListApps {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -10,7 +10,57 @@ Function Invoke-ListApps {
     # Interact with query parameters or the body of the request.
     $TenantFilter = $Request.Query.TenantFilter
     try {
-        $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps?`$top=999&`$filter=(microsoft.graph.managedApp/appAvailability%20eq%20null%20or%20microsoft.graph.managedApp/appAvailability%20eq%20%27lineOfBusiness%27%20or%20isAssigned%20eq%20true)&`$orderby=displayName&" -tenantid $TenantFilter
+        # Use bulk requests to get groups and apps with assignments
+        $BulkRequests = @(
+            @{
+                id     = 'Groups'
+                method = 'GET'
+                url    = '/groups?$top=999&$select=id,displayName'
+            }
+            @{
+                id     = 'Apps'
+                method = 'GET'
+                url    = "/deviceAppManagement/mobileApps?`$top=999&`$expand=assignments&`$filter=(microsoft.graph.managedApp/appAvailability%20eq%20null%20or%20microsoft.graph.managedApp/appAvailability%20eq%20%27lineOfBusiness%27%20or%20isAssigned%20eq%20true)&`$orderby=displayName"
+            }
+        )
+
+        $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter
+
+        # Extract groups for resolving assignment names
+        $Groups = ($BulkResults | Where-Object { $_.id -eq 'Groups' }).body.value
+        $Apps = ($BulkResults | Where-Object { $_.id -eq 'Apps' }).body.value
+
+        $GraphRequest = foreach ($App in $Apps) {
+            # Process assignments
+            $AppAssignment = [System.Collections.Generic.List[string]]::new()
+            $AppExclude = [System.Collections.Generic.List[string]]::new()
+
+            if ($App.assignments) {
+                foreach ($Assignment in $App.assignments) {
+                    $target = $Assignment.target
+                    $intent = $Assignment.intent
+                    $intentSuffix = if ($intent) { " ($intent)" } else { '' }
+
+                    switch ($target.'@odata.type') {
+                        '#microsoft.graph.allDevicesAssignmentTarget' { $AppAssignment.Add("All Devices$intentSuffix") }
+                        '#microsoft.graph.allLicensedUsersAssignmentTarget' { $AppAssignment.Add("All Licensed Users$intentSuffix") }
+                        '#microsoft.graph.groupAssignmentTarget' {
+                            $groupName = ($Groups | Where-Object { $_.id -eq $target.groupId }).displayName
+                            if ($groupName) { $AppAssignment.Add("$groupName$intentSuffix") }
+                        }
+                        '#microsoft.graph.exclusionGroupAssignmentTarget' {
+                            $groupName = ($Groups | Where-Object { $_.id -eq $target.groupId }).displayName
+                            if ($groupName) { $AppExclude.Add($groupName) }
+                        }
+                    }
+                }
+            }
+
+            $App | Add-Member -NotePropertyName 'AppAssignment' -NotePropertyValue ($AppAssignment -join ', ') -Force
+            $App | Add-Member -NotePropertyName 'AppExclude' -NotePropertyValue ($AppExclude -join ', ') -Force
+            $App
+        }
+
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
 
@@ -1,4 +1,4 @@
-Function Invoke-AddIntuneTemplate {
+function Invoke-AddIntuneTemplate {
     <#
     .FUNCTIONALITY
         Entrypoint,AnyTenant
@@ -9,10 +9,12 @@ Function Invoke-AddIntuneTemplate {
     param($Request, $TriggerMetadata)
 
     $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
     $GUID = (New-Guid).GUID
     try {
         if ($Request.Body.RawJSON) {
-            if (!$Request.Body.displayName) { throw 'You must enter a displayname' }
+            if (!$Request.Body.displayName) { throw 'You must enter a displayName' }
             if ($null -eq ($Request.Body.RawJSON | ConvertFrom-Json)) { throw 'the JSON is invalid' }
 
 
@@ -30,9 +32,10 @@ Function Invoke-AddIntuneTemplate {
                 RowKey       = "$GUID"
                 PartitionKey = 'IntuneTemplate'
             }
-            Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created intune policy template named $($Request.Body.displayName) with GUID $GUID" -Sev 'Debug'
+            Write-LogMessage -headers $Headers -API $APIName -message "Created intune policy template named $($Request.Body.displayName) with GUID $GUID" -Sev 'Debug'
 
-            $body = [pscustomobject]@{'Results' = 'Successfully added template' }
+            $Result = 'Successfully added template'
+            $StatusCode = [HttpStatusCode]::OK
         } else {
             $TenantFilter = $Request.Body.tenantFilter ?? $Request.Query.tenantFilter
             $URLName = $Request.Body.URLName ?? $Request.Query.URLName
@@ -54,19 +57,21 @@ Function Invoke-AddIntuneTemplate {
                 RowKey       = "$GUID"
                 PartitionKey = 'IntuneTemplate'
             }
-            Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created intune policy template $($Request.Body.displayName) with GUID $GUID using an original policy from a tenant" -Sev 'Debug'
+            Write-LogMessage -headers $Headers -API $APIName -message "Created intune policy template $($Request.Body.displayName) with GUID $GUID using an original policy from a tenant" -Sev 'Debug'
 
-            $body = [pscustomobject]@{'Results' = 'Successfully added template' }
+            $Result = 'Successfully added template'
+            $StatusCode = [HttpStatusCode]::OK
         }
     } catch {
-        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Intune Template Deployment failed: $($_.Exception.Message)" -Sev 'Error'
-        $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" }
+        $StatusCode = [HttpStatusCode]::InternalServerError
+        $ErrorMessage = Get-CippException -Exception $_
+        $Result = "Intune Template Deployment failed: $($ErrorMessage.NormalizedMessage)"
+        Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Error' -LogData $ErrorMessage
     }
 
 
     return ([HttpResponseContext]@{
-            StatusCode = [HttpStatusCode]::OK
-            Body       = $body
+            StatusCode = $StatusCode
+            Body       = @{'Results' = $Result }
         })
-
 }
@@ -9,36 +9,43 @@ function Invoke-AddPolicy {
     param($Request, $TriggerMetadata)
 
     $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
     $Tenants = $Request.Body.tenantFilter.value ? $Request.Body.tenantFilter.value : $Request.Body.tenantFilter
-    if ('AllTenants' -in $Tenants) { $Tetnants = (Get-Tenants).defaultDomainName }
-    $displayname = $Request.Body.displayName
+    if ('AllTenants' -in $Tenants) { $Tenants = (Get-Tenants).defaultDomainName }
+
+    $DisplayName = $Request.Body.displayName
     $description = $Request.Body.Description
     $AssignTo = if ($Request.Body.AssignTo -ne 'on') { $Request.Body.AssignTo }
     $ExcludeGroup = $Request.Body.excludeGroup
-    $Request.body.customGroup ? ($AssignTo = $Request.body.customGroup) : $null
+    $Request.Body.customGroup ? ($AssignTo = $Request.Body.customGroup) : $null
     $RawJSON = $Request.Body.RAWJson
 
-    $results = foreach ($Tenant in $tenants) {
-        if ($Request.Body.replacemap.$tenant) {
-            ([pscustomobject]$Request.Body.replacemap.$tenant).psobject.properties | ForEach-Object { $RawJson = $RawJson -replace $_.name, $_.value }
+    $Results = foreach ($Tenant in $Tenants) {
+        if ($Request.Body.replacemap.$Tenant) {
+            ([pscustomobject]$Request.Body.replacemap.$Tenant).PSObject.Properties | ForEach-Object { $RawJSON = $RawJSON -replace $_.name, $_.value }
         }
         try {
             Write-Host 'Calling Adding policy'
-            Set-CIPPIntunePolicy -TemplateType $Request.body.TemplateType -Description $description -DisplayName $displayname -RawJSON $RawJSON -AssignTo $AssignTo -ExcludeGroup $ExcludeGroup -tenantFilter $Tenant -Headers $Request.Headers
-            Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Added policy $($Displayname)" -Sev 'Info'
+            $params = @{
+                TemplateType = $Request.Body.TemplateType
+                Description  = $description
+                DisplayName  = $DisplayName
+                RawJSON      = $RawJSON
+                AssignTo     = $AssignTo
+                ExcludeGroup = $ExcludeGroup
+                tenantFilter = $Tenant
+                Headers      = $Headers
+                APIName      = $APIName
+            }
+            Set-CIPPIntunePolicy @params
         } catch {
             "$($_.Exception.Message)"
-            Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error'
             continue
         }
-
     }
 
-    $body = [pscustomobject]@{'Results' = @($results) }
-
     return ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
-            Body       = $body
+            Body       = @{'Results' = @($Results) }
         })
-
 }
@@ -1,4 +1,4 @@
-Function Invoke-ExecAssignPolicy {
+function Invoke-ExecAssignPolicy {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -10,44 +10,95 @@ Function Invoke-ExecAssignPolicy {
 
     $APIName = $Request.Params.CIPPEndpoint
     $Headers = $Request.Headers
-    Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     # Interact with the body of the request
     $TenantFilter = $Request.Body.tenantFilter
     $ID = $request.Body.ID
     $Type = $Request.Body.Type
     $AssignTo = $Request.Body.AssignTo
+    $PlatformType = $Request.Body.platformType
+    $ExcludeGroup = $Request.Body.excludeGroup
+    $GroupIdsRaw = $Request.Body.GroupIds
+    $GroupNamesRaw = $Request.Body.GroupNames
+    $AssignmentMode = $Request.Body.assignmentMode
+    $AssignmentFilterName = $Request.Body.AssignmentFilterName
+    $AssignmentFilterType = $Request.Body.AssignmentFilterType
+
+    # Standardize GroupIds input (can be array or comma-separated string)
+    function Get-StandardizedList {
+        param($InputObject)
+        if ($null -eq $InputObject -or ($InputObject -is [string] -and [string]::IsNullOrWhiteSpace($InputObject))) {
+            return @()
+        }
+        if ($InputObject -is [string]) {
+            return ($InputObject -split ',') | ForEach-Object { $_.Trim() } | Where-Object { $_ }
+        }
+        if ($InputObject -is [System.Collections.IEnumerable]) {
+            return @($InputObject | Where-Object { $_ })
+        }
+        return @($InputObject)
+    }
+
+    $GroupIds = Get-StandardizedList -InputObject $GroupIdsRaw
+    $GroupNames = Get-StandardizedList -InputObject $GroupNamesRaw
+
+    # Validate and default AssignmentMode
+    if ([string]::IsNullOrWhiteSpace($AssignmentMode)) {
+        $AssignmentMode = 'replace'
+    }
 
     $AssignTo = if ($AssignTo -ne 'on') { $AssignTo }
 
-    $results = try {
-        if ($AssignTo) {
-            $AssignmentResult = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $TenantFilter -GroupName $AssignTo -Type $Type -Headers $Headers
-            if ($AssignmentResult) {
-                # Check if it's a warning message (no groups found)
-                if ($AssignmentResult -like "*No groups found*") {
-                    $StatusCode = [HttpStatusCode]::BadRequest
-                } else {
-                    $StatusCode = [HttpStatusCode]::OK
-                }
-                $AssignmentResult
-            } else {
-                $StatusCode = [HttpStatusCode]::OK
-                "Successfully edited policy for $($TenantFilter)"
+    $Results = try {
+        if ($AssignTo -or @($GroupIds).Count -gt 0) {
+            $params = @{
+                PolicyId       = $ID
+                TenantFilter   = $TenantFilter
+                GroupName      = $AssignTo
+                Type           = $Type
+                Headers        = $Headers
+                AssignmentMode = $AssignmentMode
+            }
+
+            if (@($GroupIds).Count -gt 0) {
+                $params.GroupIds = @($GroupIds)
+            }
+
+            if (@($GroupNames).Count -gt 0) {
+                $params.GroupNames = @($GroupNames)
+            }
+
+            if (-not [string]::IsNullOrWhiteSpace($PlatformType)) {
+                $params.PlatformType = $PlatformType
             }
+
+            if (-not [string]::IsNullOrWhiteSpace($ExcludeGroup)) {
+                $params.ExcludeGroup = $ExcludeGroup
+            }
+
+            if (-not [string]::IsNullOrWhiteSpace($AssignmentFilterName)) {
+                $params.AssignmentFilterName = $AssignmentFilterName
+            }
+
+            if (-not [string]::IsNullOrWhiteSpace($AssignmentFilterType)) {
+                $params.AssignmentFilterType = $AssignmentFilterType
+            }
+
+            Set-CIPPAssignedPolicy @params
+            $StatusCode = [HttpStatusCode]::OK
         } else {
+            'No assignments specified. No action taken.'
             $StatusCode = [HttpStatusCode]::OK
-            "Successfully edited policy for $($TenantFilter)"
         }
     } catch {
+        "$($_.Exception.Message)"
         $StatusCode = [HttpStatusCode]::InternalServerError
-        "Failed to add policy for $($TenantFilter): $($_.Exception.Message)"
     }
 
 
     return ([HttpResponseContext]@{
             StatusCode = $StatusCode
-            Body       = @{Results = $results }
+            Body       = @{Results = $Results }
         })
 
 }