Merge pull request #309 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecModifyCalPerms.ps1

@@ -5,21 +5,21 @@ Function Invoke-ExecModifyCalPerms {
     .FUNCTIONALITY
         Entrypoint
     .ROLE
-        Exchange.Calendar.ReadWrite
+        Exchange.Mailbox.ReadWrite
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
     $APIName = $Request.Params.CIPPEndpoint
     Write-LogMessage -headers $Request.Headers -API $APINAME-message 'Accessed this API' -Sev 'Debug'
-
+    
     $Username = $request.body.userID
     $Tenantfilter = $request.body.tenantfilter
     $Permissions = $request.body.permissions
 
     Write-LogMessage -headers $Request.Headers -API $APINAME-message "Processing request for user: $Username, tenant: $Tenantfilter" -Sev 'Debug'
 
-    if ($username -eq $null) {
+    if ($username -eq $null) { 
         Write-LogMessage -headers $Request.Headers -API $APINAME-message 'Username is null' -Sev 'Error'
         $body = [pscustomobject]@{'Results' = @('Username is required') }
         Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
@@ -28,11 +28,12 @@ Function Invoke-ExecModifyCalPerms {
             })
         return
     }
-
+    
     try {
         $userid = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($username)" -tenantid $Tenantfilter).id
         Write-LogMessage -headers $Request.Headers -API $APINAME-message "Retrieved user ID: $userid" -Sev 'Debug'
-    } catch {
+    }
+    catch {
         Write-LogMessage -headers $Request.Headers -API $APINAME-message "Failed to get user ID: $($_.Exception.Message)" -Sev 'Error'
         $body = [pscustomobject]@{'Results' = @("Failed to get user ID: $($_.Exception.Message)") }
         Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
@@ -49,7 +50,8 @@ Function Invoke-ExecModifyCalPerms {
     if ($Permissions -is [PSCustomObject]) {
         if ($Permissions.PSObject.Properties.Name -match '^\d+$') {
             $Permissions = $Permissions.PSObject.Properties.Value
-        } else {
+        }
+        else {
             $Permissions = @($Permissions)
         }
     }
@@ -58,14 +60,13 @@ Function Invoke-ExecModifyCalPerms {
 
     foreach ($Permission in $Permissions) {
         Write-LogMessage -headers $Request.Headers -API $APINAME-message "Processing permission: $($Permission | ConvertTo-Json)" -Sev 'Debug'
-
+        
         $PermissionLevel = $Permission.PermissionLevel.value ?? $Permission.PermissionLevel
         $Modification = $Permission.Modification
         $CanViewPrivateItems = $Permission.CanViewPrivateItems ?? $false
-        $FolderName = $Permission.FolderName ?? 'Calendar'
-
-        Write-LogMessage -headers $Request.Headers -API $APINAME-message "Permission Level: $PermissionLevel, Modification: $Modification, CanViewPrivateItems: $CanViewPrivateItems, FolderName: $FolderName" -Sev 'Debug'
-
+        
+        Write-LogMessage -headers $Request.Headers -API $APINAME-message "Permission Level: $PermissionLevel, Modification: $Modification, CanViewPrivateItems: $CanViewPrivateItems" -Sev 'Debug'
+        
         # Handle UserID as array or single value
         $TargetUsers = @($Permission.UserID | ForEach-Object { $_.value ?? $_ })
 
@@ -74,24 +75,48 @@ Function Invoke-ExecModifyCalPerms {
         foreach ($TargetUser in $TargetUsers) {
             try {
                 Write-LogMessage -headers $Request.Headers -API $APINAME-message "Processing target user: $TargetUser" -Sev 'Debug'
-                $Params = @{
-                    APIName              = $APIName
-                    Headers              = $Request.Headers
-                    RemoveAccess         = if ($Modification -eq 'Remove') { $TargetUser } else { $null }
-                    TenantFilter         = $Tenantfilter
-                    UserID               = $userid
-                    folderName           = $FolderName
-                    UserToGetPermissions = $TargetUser
-                    LoggingName          = $TargetUser
-                    Permissions          = $PermissionLevel
-                    CanViewPrivateItems  = $CanViewPrivateItems
+                
+                if ($Modification -eq 'Remove') {
+                    try {
+                        $CalPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Remove-MailboxFolderPermission' -cmdParams @{
+                            Identity = "$($userid):\Calendar"
+                            User     = $TargetUser
+                            Confirm  = $false
+                        }
+                        $null = $results.Add("Removed $($TargetUser) from $($username) Calendar permissions")
+                    }
+                    catch {
+                        $null = $results.Add("No existing permissions to remove for $($TargetUser)")
+                    }
+                }
+                else {
+                    Write-LogMessage -headers $Request.Headers -API $APINAME-message "Setting permissions with AccessRights: $PermissionLevel" -Sev 'Debug'
+
+                    $cmdParams = @{
+                        Identity     = "$($userid):\Calendar"
+                        User         = $TargetUser
+                        AccessRights = $PermissionLevel
+                        Confirm      = $false
+                    }
+
+                    if ($CanViewPrivateItems) {
+                        $cmdParams['SharingPermissionFlags'] = 'Delegate,CanViewPrivateItems'
+                    }
+
+                    try {
+                        # Try Add first
+                        $CalPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Add-MailboxFolderPermission' -cmdParams $cmdParams
+                        $null = $results.Add("Granted $($TargetUser) $($PermissionLevel) access to $($username) Calendar$($CanViewPrivateItems ? ' with access to private items' : '')")
+                    }
+                    catch {
+                        # If Add fails, try Set
+                        $CalPerms = New-ExoRequest -Anchor $username -tenantid $Tenantfilter -cmdlet 'Set-MailboxFolderPermission' -cmdParams $cmdParams
+                        $null = $results.Add("Updated $($TargetUser) $($PermissionLevel) access to $($username) Calendar$($CanViewPrivateItems ? ' with access to private items' : '')")
+                    }
                 }
-
-                $Result = Set-CIPPCalendarPermission @Params
-
-                $null = $results.Add($Result)
                 Write-LogMessage -headers $Request.Headers -API $APINAME-message "Successfully executed $($PermissionLevel) permission modification for $($TargetUser) on $($username)" -Sev 'Info' -tenant $TenantFilter
-            } catch {
+            }
+            catch {
                 $HasErrors = $true
                 Write-LogMessage -headers $Request.Headers -API $APINAME-message "Could not execute $($PermissionLevel) permission modification for $($TargetUser) on $($username). Error: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter
                 $null = $results.Add("Could not execute $($PermissionLevel) permission modification for $($TargetUser) on $($username). Error: $($_.Exception.Message)")
@@ -112,4 +137,4 @@ Function Invoke-ExecModifyCalPerms {
             StatusCode = if ($HasErrors) { [HttpStatusCode]::InternalServerError } else { [HttpStatusCode]::OK }
             Body       = $Body
         })
-}
+} 

Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1

@@ -7,7 +7,7 @@ function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $N
     if ($NoAuthCheck -or (Get-AuthorisedRequest -Uri $uri -TenantID $tenantid)) {
         $headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp -SkipCache $skipTokenCache
         if ($AddedHeaders) {
-            foreach ($header in $AddedHeaders.getenumerator()) {
+            foreach ($header in $AddedHeaders.GetEnumerator()) {
                 $headers.Add($header.Key, $header.Value)
             }
         }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1

@@ -18,7 +18,7 @@ function Invoke-CIPPStandardAutopilotProfile {
         ADDEDCOMPONENT
             {"type":"textField","name":"standards.AutopilotProfile.DisplayName","label":"Profile Display Name"}
             {"type":"textField","name":"standards.AutopilotProfile.Description","label":"Profile Description"}
-            {"type":"textField","name":"standards.AutopilotProfile.DeviceNameTemplate","label":"Unique Device Name Template"}
+            {"type":"textField","name":"standards.AutopilotProfile.DeviceNameTemplate","label":"Unique Device Name Template","required":false}
             {"type":"autoComplete","multiple":false,"creatable":false,"required":false,"name":"standards.AutopilotProfile.Languages","label":"Languages","api":{"url":"/languageList.json","labelField":"language","valueField":"tag"}}
             {"type":"switch","name":"standards.AutopilotProfile.CollectHash","label":"Convert all targeted devices to Autopilot","defaultValue":true}
             {"type":"switch","name":"standards.AutopilotProfile.AssignToAllDevices","label":"Assign to all devices","defaultValue":true}

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeployContactTemplates.ps1

@@ -5,22 +5,22 @@ function Invoke-CIPPStandardDeployContactTemplates {
     .COMPONENT
         (APIName) DeployContactTemplates
     .SYNOPSIS
-        (Label) Deploy Contact Templates
+        (Label) Deploy Mail Contact Template
     .DESCRIPTION
-        (Helptext) Creates a new contacts in Exchange Online across all selected tenants from saved contact templates. The contact will be visible in the Global Address List unless hidden.
-        (DocsDescription) This standard creates new contacts in Exchange Online from saved contact templates. Mail contacts are useful for adding external email addresses to your organization's address book. They can be used for distribution lists, shared mailboxes, and other collaboration scenarios.
+        (Helptext) Creates new mail contacts in Exchange Online across all selected tenants based on the selected templates. The contact will be visible in the Global Address List unless hidden.
+        (DocsDescription) This standard creates new mail contacts in Exchange Online based on the selected templates. Mail contacts are useful for adding external email addresses to your organization's address book. They can be used for distribution lists, shared mailboxes, and other collaboration scenarios.
     .NOTES
         CAT
             Exchange Standards
         TAG
         ADDEDCOMPONENT
-            {"type":"textField","name":"TemplateGUID","label":"Contact Template GUID","required":true}
-        MULTIPLE
-            True
+            {"type":"autoComplete","multiple":true,"creatable":false,"label":"Select Mail Contact Templates","name":"standards.DeployContactTemplates.templateIds","api":{"url":"/api/ListContactTemplates","labelField":"name","valueField":"GUID","queryKey":"Contact Templates"}}
+        DISABLEDFEATURES
+            {"report":false,"warn":false,"remediate":false}
         IMPACT
             Low Impact
         ADDEDDATE
-            2024-03-19
+            2025-05-31
         POWERSHELLEQUIVALENT
             New-MailContact
         RECOMMENDEDBY

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeployMailContact.ps1

@@ -21,11 +21,15 @@ function Invoke-CIPPStandardDeployMailContact {
         IMPACT
             Low Impact
         ADDEDDATE
-            2025-05-28
+            2024-03-19
         POWERSHELLEQUIVALENT
             New-MailContact
         RECOMMENDEDBY
             "CIPP"
+        UPDATECOMMENTBLOCK
+            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    .LINK
+        https://docs.cipp.app/user-documentation/tenant/standards/list-standards
     #>
 
     param($Tenant, $Settings)

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1

@@ -33,38 +33,38 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'DisableAdditionalStorageProviders'
 
-    $AdditionalStorageProvidersState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' }
+    $AdditionalStorageProvidersState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' } -Select 'Identity, AdditionalStorageProvidersAvailable'
 
     if ($Settings.remediate -eq $true) {
 
         try {
             if ($AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable) {
-                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{ Identity = $AdditionalStorageProvidersState.Identity; AdditionalStorageProvidersAvailable = $false } -useSystemMailbox $true
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers have been disabled.' -sev Info
+                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OwaMailboxPolicy' -cmdParams @{ Identity = $AdditionalStorageProvidersState.Identity; AdditionalStorageProvidersAvailable = $false } -useSystemMailbox $true
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers has been disabled.' -sev Info
                 $AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable = $false
             } else {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are already disabled.' -sev Info
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers are already disabled.' -sev Info
             }
         } catch {
-            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable OWA additional storage providers. Error: $ErrorMessage" -sev Error
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable OWA additional storage providers. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
         }
 
     }
 
     if ($Settings.alert -eq $true) {
         if ($AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable) {
             $Object = $AdditionalStorageProvidersState | Select-Object -Property AdditionalStorageProvidersAvailable
-            Write-StandardsAlert -message 'OWA additional storage providers are enabled' -object $Object -tenant $tenant -standardName 'DisableAdditionalStorageProviders' -standardId $Settings.standardId
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are enabled' -sev Info
+            Write-StandardsAlert -message 'OWA additional storage providers are enabled' -object $Object -tenant $Tenant -standardName 'DisableAdditionalStorageProviders' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers are enabled' -sev Info
         } else {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are disabled' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'OWA additional storage providers are disabled' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
-        $state = $AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled ? $false : $true
-        Set-CIPPStandardsCompareField -FieldName 'standards.DisableAdditionalStorageProviders' -FieldValue $state -TenantFilter $Tenant
-        Add-CIPPBPAField -FieldName 'AdditionalStorageProvidersEnabled' -FieldValue $AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled -StoreAs bool -Tenant $tenant
+        $State = $AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled ? $false : $true
+        Set-CIPPStandardsCompareField -FieldName 'standards.DisableAdditionalStorageProviders' -FieldValue $State -TenantFilter $Tenant
+        Add-CIPPBPAField -FieldName 'AdditionalStorageProvidersEnabled' -FieldValue $State -StoreAs bool -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1

@@ -37,37 +37,37 @@ function Invoke-CIPPStandardDisableTenantCreation {
     $StateIsCorrect = ($CurrentState.defaultUserRolePermissions.allowedToCreateTenants -eq $false)
 
     If ($Settings.remediate -eq $true) {
+        Write-Host "Time to remediate DisableTenantCreation standard for tenant $Tenant"
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are already disabled from creating tenants.' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Users are already disabled from creating tenants.' -sev Info
         } else {
             try {
                 $GraphRequest = @{
-                    tenantid    = $tenant
-                    uri         = 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy'
-                    AsApp       = $false
-                    Type        = 'PATCH'
-                    ContentType = 'application/json'
-                    Body        = '{"defaultUserRolePermissions":{"allowedToCreateTenants":false}}'
+                    tenantid = $Tenant
+                    uri      = 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy'
+                    Type     = 'PATCH'
+                    Body     = '{"defaultUserRolePermissions":{"allowedToCreateTenants":false}}'
                 }
-                New-GraphPostRequest @GraphRequest
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled users from creating tenants.' -sev Info
+                New-GraphPOSTRequest @GraphRequest
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Successfully disabled users from creating tenants.' -sev Info
             } catch {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Failed to disable users from creating tenants' -sev 'Error' -LogData $_
+                $ErrorMessage = Get-CippException -Exception $_
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable users from creating tenants. Error: $($ErrorMessage.NormalizedError)" -sev 'Error' -LogData $ErrorMessage
             }
         }
     }
 
     if ($Settings.alert -eq $true) {
         if ($StateIsCorrect -eq $true) {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not allowed to create tenants.' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Users are not allowed to create tenants.' -sev Info
         } else {
-            Write-StandardsAlert -message 'Users are allowed to create tenants' -object $CurrentState -tenant $tenant -standardName 'DisableTenantCreation' -standardId $Settings.standardId
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are allowed to create tenants.' -sev Info
+            Write-StandardsAlert -message 'Users are allowed to create tenants' -object $CurrentState -tenant $Tenant -standardName 'DisableTenantCreation' -standardId $Settings.standardId
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Users are allowed to create tenants.' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
         Set-CIPPStandardsCompareField -FieldName 'standards.DisableTenantCreation' -FieldValue $StateIsCorrect -TenantFilter $Tenant
-        Add-CIPPBPAField -FieldName 'DisableTenantCreation' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
+        Add-CIPPBPAField -FieldName 'DisableTenantCreation' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableNamePronunciation.ps1

@@ -19,6 +19,7 @@ function Invoke-CIPPStandardEnableNamePronunciation {
         ADDEDDATE
             2025-06-06
         RECOMMENDEDBY
+            "CIPP"
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK