Merge pull request #129 from KelvinTegelaar/dev

pull[bot] · web-flow · commit 65c879ea7472 · 2025-03-12T06:41:05.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1
@@ -27,8 +27,10 @@ function Push-UpdatePermissionsQueue {
         Add-CIPPDelegatedPermission -RequiredResourceAccess 'CIPPDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId
         Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.displayName)" -Sev 'Info' -API 'UpdatePermissionsQueue'
 
-        Write-Information 'Pushing CIPP-SAM admin roles'
-        Set-CIPPSAMAdminRoles -TenantFilter $Item.customerId
+        if ($Item.defaultDomainName -ne 'PartnerTenant') {
+            Write-Information 'Pushing CIPP-SAM admin roles'
+            Set-CIPPSAMAdminRoles -TenantFilter $Item.customerId
+        }
 
         $Table = Get-CIPPTable -TableName cpvtenants
         $unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
diff --git a/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UpdatePermissionsOrchestrator.ps1 b/Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-UpdatePermissionsOrchestrator.ps1
@@ -8,7 +8,24 @@ function Start-UpdatePermissionsOrchestrator {
 
     try {
         Write-Information 'Updating Permissions'
-        $Tenants = Get-Tenants -IncludeAll | Where-Object { $_.customerId -ne $env:TenantID -and $_.Excluded -eq $false }
+
+        $PartnerTenant = @{
+            'customerId' = $env:TenantID
+            'defaultDomainName' = 'PartnerTenant'
+            'displayName' = '*Partner Tenant'
+        }
+
+        $TenantList = Get-Tenants -IncludeAll | Where-Object { $_.Excluded -eq $false }
+
+        $Tenants = [System.Collections.Generic.List[object]]::new()
+        foreach ($Tenant in $TenantList) {
+            $Tenants.Add($Tenant)
+        }
+
+        if ($Tenants.customerId -notcontains $env:TenantID) {
+            $Tenants.Add($PartnerTenant)
+        }
+
         $CPVTable = Get-CIPPTable -TableName cpvtenants
         $CPVRows = Get-CIPPAzDataTableEntity @CPVTable
         $LastCPV = ($CPVRows | Sort-Object -Property Timestamp -Descending | Select-Object -First 1).Timestamp.DateTime
diff --git a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1
@@ -66,7 +66,11 @@ function New-ExoRequest {
             if ($cmdlet -in 'Set-AdminAuditLogConfig') {
                 $MailboxGuid = '8cc370d3-822a-4ab8-a926-bb94bd0641a9'
             }
-            $anchor = "APP:SystemMailbox{$MailboxGuid}@$($tenant.customerId)"
+            if ($Compliance.IsPresent) {
+                $Anchor = "UPN:SystemMailbox{$MailboxGuid}@$($tenant.initialDomainName)"
+            } else {
+                $anchor = "APP:SystemMailbox{$MailboxGuid}@$($tenant.customerId)"
+            }
         }
         #if the anchor is a GUID, try looking up the user.
         if ($Anchor -match '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$') {

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,11 @@ function New-ExoRequest {`
`66`	`66`	`if ($cmdlet -in 'Set-AdminAuditLogConfig') {`
`67`	`67`	`$MailboxGuid = '8cc370d3-822a-4ab8-a926-bb94bd0641a9'`
`68`	`68`	`}`
`69`		`- $anchor = "APP:SystemMailbox{$MailboxGuid}@$($tenant.customerId)"`
	`69`	`+ if ($Compliance.IsPresent) {`
	`70`	`+ $Anchor = "UPN:SystemMailbox{$MailboxGuid}@$($tenant.initialDomainName)"`
	`71`	`+ } else {`
	`72`	`+ $anchor = "APP:SystemMailbox{$MailboxGuid}@$($tenant.customerId)"`
	`73`	`+ }`
`70`	`74`	`}`
`71`	`75`	`#if the anchor is a GUID, try looking up the user.`
`72`	`76`	`if ($Anchor -match '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$') {`