bmsimp
diff --git a/‎Config/standards.json‎
Lines changed: 53 additions & 0 deletions b/‎Config/standards.json‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddAssignmentFilter.ps1‎
Lines changed: 44 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddAssignmentFilter.ps1‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddAssignmentFilterTemplate.ps1‎
Lines changed: 67 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddAssignmentFilterTemplate.ps1‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditAssignmentFilter.ps1‎
Lines changed: 62 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditAssignmentFilter.ps1‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignmentFilter.ps1‎
Lines changed: 54 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignmentFilter.ps1‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListAssignmentFilterTemplates.ps1‎
Lines changed: 45 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListAssignmentFilterTemplates.ps1‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListAssignmentFilters.ps1‎
Lines changed: 43 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListAssignmentFilters.ps1‎
Lines changed: 43 additions & 0 deletions
@@ -4772,6 +4772,30 @@
         "type": "textField",
         "required": false,
         "helpText": "Enter the group name to exclude from the assignment. Wildcards are allowed."
+      },
+      {
+        "type": "textField",
+        "required": false,
+        "name": "assignmentFilter",
+        "label": "Assignment Filter Name (Optional)",
+        "helpText": "Enter the assignment filter name to apply to this policy assignment. Wildcards are allowed."
+      },
+      {
+        "name": "assignmentFilterType",
+        "label": "Assignment Filter Mode (Optional)",
+        "type": "radio",
+        "required": false,
+        "helpText": "Choose whether to include or exclude devices matching the filter. Only applies if you specified a filter name above. Defaults to Include if not specified.",
+        "options": [
+          {
+            "label": "Include - Assign to devices matching the filter",
+            "value": "include"
+          },
+          {
+            "label": "Exclude - Assign to devices NOT matching the filter",
+            "value": "exclude"
+          }
+        ]
       }
     ]
   },
@@ -4915,6 +4939,35 @@
       }
     ]
   },
+  {
+    "name": "standards.AssignmentFilterTemplate",
+    "label": "Assignment Filter Template",
+    "multi": true,
+    "cat": "Templates",
+    "disabledFeatures": {
+      "report": true,
+      "warn": true,
+      "remediate": false
+    },
+    "impact": "Medium Impact",
+    "addedDate": "2025-10-04",
+    "helpText": "Deploy and manage assignment filter templates.",
+    "executiveText": "Creates standardized assignment filters with predefined settings. These templates ensure consistent assignment filter configurations across the organization, streamlining assignment management.",
+    "addedComponent": [
+      {
+        "type": "autoComplete",
+        "name": "assignmentFilterTemplate",
+        "label": "Select Assignment Filter Template",
+        "api": {
+          "url": "/api/ListAssignmentFilterTemplates",
+          "labelField": "Displayname",
+          "altLabelField": "displayName",
+          "valueField": "GUID",
+          "queryKey": "ListAssignmentFilterTemplates"
+        }
+      }
+    ]
+  },
   {
     "name": "standards.MailboxRecipientLimits",
     "cat": "Exchange Standards",
 
@@ -0,0 +1,44 @@
+using namespace System.Net
+
+function Invoke-AddAssignmentFilter {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.MEM.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $SelectedTenants = if ('AllTenants' -in $Request.body.tenantFilter) { (Get-Tenants).defaultDomainName } else { $Request.body.tenantFilter.value ? $Request.body.tenantFilter.value : $Request.body.tenantFilter }
+    Write-LogMessage -headers $Request.Headers -API $APIName -message 'Accessed this API' -Sev Debug
+
+
+    $FilterObject = $Request.body
+
+    $Results = foreach ($tenant in $SelectedTenants) {
+        try {
+            # Use the centralized New-CIPPAssignmentFilter function
+            $Result = New-CIPPAssignmentFilter -FilterObject $FilterObject -TenantFilter $tenant -APIName $APIName -ExecutingUser $Request.Headers.'x-ms-client-principal-name'
+
+            if ($Result.Success) {
+                "Successfully created assignment filter $($FilterObject.displayName) for $($tenant)"
+                $StatusCode = [HttpStatusCode]::OK
+            } else {
+                throw $Result.Message
+            }
+        } catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-LogMessage -headers $Request.Headers -API $APIName -tenant $tenant -message "Assignment filter creation API failed. $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+            "Failed to create assignment filter $($FilterObject.displayName) for $($tenant): $($ErrorMessage.NormalizedError)"
+            $StatusCode = [HttpStatusCode]::InternalServerError
+        }
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    return ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{'Results' = @($Results) }
+        })
+}
@@ -0,0 +1,67 @@
+using namespace System.Net
+
+function Invoke-AddAssignmentFilterTemplate {
+    <#
+    .FUNCTIONALITY
+        Entrypoint,AnyTenant
+    .ROLE
+        Endpoint.MEM.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+
+    $GUID = $Request.Body.GUID ?? (New-Guid).GUID
+    try {
+        if (!$Request.Body.displayName) {
+            throw 'You must enter a displayname'
+        }
+
+        if (!$Request.Body.rule) {
+            throw 'You must enter a filter rule'
+        }
+
+        if (!$Request.Body.platform) {
+            throw 'You must select a platform'
+        }
+
+        # Normalize field names to handle different casing from various forms
+        $displayName = $Request.Body.displayName ?? $Request.Body.Displayname ?? $Request.Body.displayname
+        $description = $Request.Body.description ?? $Request.Body.Description
+        $platform = $Request.Body.platform
+        $rule = $Request.Body.rule
+        $assignmentFilterManagementType = $Request.Body.assignmentFilterManagementType ?? 'devices'
+
+        $object = [PSCustomObject]@{
+            displayName                     = $displayName
+            description                     = $description
+            platform                        = $platform
+            rule                            = $rule
+            assignmentFilterManagementType  = $assignmentFilterManagementType
+            GUID                            = $GUID
+        } | ConvertTo-Json
+        $Table = Get-CippTable -tablename 'templates'
+        $Table.Force = $true
+        Add-CIPPAzDataTableEntity @Table -Force -Entity @{
+            JSON         = "$object"
+            RowKey       = "$GUID"
+            PartitionKey = 'AssignmentFilterTemplate'
+        }
+        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Created Assignment Filter template named $displayName with GUID $GUID" -Sev 'Debug'
+
+        $body = [pscustomobject]@{'Results' = 'Successfully added template' }
+    } catch {
+        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Assignment Filter Template Creation failed: $($_.Exception.Message)" -Sev 'Error'
+        $body = [pscustomobject]@{'Results' = "Assignment Filter Template Creation failed: $($_.Exception.Message)" }
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    return ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $body
+        })
+
+}
@@ -0,0 +1,62 @@
+using namespace System.Net
+
+function Invoke-EditAssignmentFilter {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.MEM.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+    Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev Debug
+
+    $TenantFilter = $Request.Body.tenantFilter
+
+    try {
+        $FilterId = $Request.Body.filterId
+
+        if (!$FilterId) {
+            throw 'Filter ID is required'
+        }
+
+        # Build the update body
+        # Note: Platform and assignmentFilterManagementType cannot be changed after creation per Graph API restrictions
+        $UpdateBody = @{}
+        
+        if ($Request.Body.displayName) {
+            $UpdateBody.displayName = $Request.Body.displayName
+        }
+        
+        if ($null -ne $Request.Body.description) {
+            $UpdateBody.description = $Request.Body.description
+        }
+        
+        if ($Request.Body.rule) {
+            $UpdateBody.rule = $Request.Body.rule
+        }
+
+        # Update the assignment filter
+        $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/$FilterId" -tenantid $TenantFilter -type PATCH -body ($UpdateBody | ConvertTo-Json -Depth 10)
+
+        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message "Updated assignment filter $($Request.Body.displayName)" -Sev Info
+
+        $Result = "Successfully updated assignment filter $($Request.Body.displayName)"
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message "Failed to update assignment filter: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        $Result = "Failed to update assignment filter: $($ErrorMessage.NormalizedError)"
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    return ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{'Results' = $Result }
+        })
+}
@@ -0,0 +1,54 @@
+using namespace System.Net
+
+function Invoke-ExecAssignmentFilter {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.MEM.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+    Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev Debug
+
+    $TenantFilter = $Request.Query.TenantFilter ?? $Request.Body.tenantFilter
+
+    try {
+        $FilterId = $Request.Body.ID
+        $Action = $Request.Body.Action
+
+        if (!$FilterId) {
+            throw 'Filter ID is required'
+        }
+
+        switch ($Action) {
+            'Delete' {
+                # Delete the assignment filter
+                $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/$FilterId" -tenantid $TenantFilter -type DELETE
+
+                Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message "Deleted assignment filter with ID $FilterId" -Sev Info
+
+                $Result = "Successfully deleted assignment filter"
+                $StatusCode = [HttpStatusCode]::OK
+            }
+            default {
+                throw "Unknown action: $Action"
+            }
+        }
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $TenantFilter -message "Failed to execute assignment filter action: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        $Result = "Failed to execute assignment filter action: $($ErrorMessage.NormalizedError)"
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    return ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @{'Results' = $Result }
+        })
+}
@@ -0,0 +1,45 @@
+using namespace System.Net
+
+function Invoke-ListAssignmentFilterTemplates {
+    <#
+    .FUNCTIONALITY
+        Entrypoint,AnyTenant
+    .ROLE
+        Endpoint.MEM.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+
+
+    Write-Host $Request.query.id
+
+    #List assignment filter templates
+    $Table = Get-CippTable -tablename 'templates'
+    $Filter = "PartitionKey eq 'AssignmentFilterTemplate'"
+    $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object {
+        $data = $_.JSON | ConvertFrom-Json
+
+        [PSCustomObject]@{
+            displayName                     = $data.displayName
+            description                     = $data.description
+            platform                        = $data.platform
+            rule                            = $data.rule
+            assignmentFilterManagementType  = $data.assignmentFilterManagementType
+            GUID                            = $_.RowKey
+        }
+    } | Sort-Object -Property displayName
+
+    if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property GUID -EQ $Request.query.id }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    return ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @($Templates)
+        })
+
+}
@@ -0,0 +1,43 @@
+using namespace System.Net
+
+function Invoke-ListAssignmentFilters {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Endpoint.MEM.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $Request.Params.CIPPEndpoint
+    $Headers = $Request.Headers
+
+    Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev Debug
+
+    # Get the tenant filter
+    $TenantFilter = $Request.Query.TenantFilter
+
+    try {
+        if ($Request.Query.filterId) {
+            # Get specific filter
+            $AssignmentFilters = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/$($Request.Query.filterId)" -tenantid $TenantFilter
+        } else {
+            # Get all filters
+            $AssignmentFilters = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/assignmentFilters' -tenantid $TenantFilter
+        }
+
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -headers $Request.Headers -API $APINAME -message "Failed to retrieve assignment filters: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        $AssignmentFilters = @()
+        $StatusCode = [HttpStatusCode]::InternalServerError
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    return ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @($AssignmentFilters)
+        })
+}