improved appid

KelvinTegelaar · KelvinTegelaar · commit 756ffe1088b0 · 2025-03-17T10:30:06.000+01:00
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1
@@ -116,7 +116,7 @@ function Invoke-CIPPStandardIntuneTemplate {
     }
 
     if ($Settings.report) {
-        #think about how to store this.
+        #think about how to store this. Consideration: standards are stored seperately from BPA so they can be stored in the same format as the input.
         Add-CIPPBPAField -FieldName "policy-$displayname" -FieldValue $Compare -StoreAs bool -Tenant $tenant
     }
 }
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOauthConsent.ps1
@@ -44,7 +44,8 @@ function Invoke-CIPPStandardOauthConsent {
                 $Existing = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/permissionGrantPolicies/' -tenantid $tenant) | Where-Object -Property id -EQ 'cipp-consent-policy'
                 if (!$Existing) {
                     New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/permissionGrantPolicies' -Type POST -Body '{ "id":"cipp-consent-policy", "displayName":"Application Consent Policy", "description":"This policy controls the current application consent policies."}' -ContentType 'application/json'
-                    New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/permissionGrantPolicies/cipp-consent-policy/includes' -Type POST -Body '{"permissionClassification":"all","permissionType":"delegated","clientApplicationIds":["d414ee2d-73e5-4e5b-bb16-03ef55fea597"]}' -ContentType 'application/json'
+                    #Replaced static web app appid with Office 365 Management by Microsofts recommendation; this application is always consented, cannot be removed nor elevated as the portals run on this app id.
+                    New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/permissionGrantPolicies/cipp-consent-policy/includes' -Type POST -Body '{"permissionClassification":"all","permissionType":"delegated","clientApplicationIds":["00b41c95-dab0-4487-9791-b9d2c32c80f2"]}' -ContentType 'application/json'
                 }
                 try {
                     foreach ($AllowedApp in $AllowedAppIdsForTenant) {

Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ function Invoke-CIPPStandardIntuneTemplate {`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`if ($Settings.report) {`
`119`		`- #think about how to store this.`
	`119`	`+ #think about how to store this. Consideration: standards are stored seperately from BPA so they can be stored in the same format as the input.`
`120`	`120`	`Add-CIPPBPAField -FieldName "policy-$displayname" -FieldValue $Compare -StoreAs bool -Tenant $tenant`
`121`	`121`	`}`
`122`	`122`	`}`