Merge pull request #388 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecStandardsRun {
+function Invoke-ExecStandardsRun {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -38,7 +38,7 @@ Function Invoke-ExecStandardsRun {
 
             $ProcessorFunction = [PSCustomObject]@{
                 PartitionKey = 'Function'
-                RowKey       = "Invoke-CIPPStandardsRun-$TenantFilter"
+                RowKey       = "Invoke-CIPPStandardsRun-$TenantFilter-$TemplateId"
                 FunctionName = 'Invoke-CIPPStandardsRun'
                 Parameters   = [string](ConvertTo-Json -Compress -InputObject @{
                         TenantFilter = $TenantFilter

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecUpdateDriftDeviation.ps1

@@ -38,6 +38,21 @@ function Invoke-ExecUpdateDriftDeviation {
                         result  = $Result
                     }
                     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Updated drift deviation status for $($Deviation.standardName) to $($Deviation.status)" -Sev 'Info'
+                    if ($Deviation.status -eq 'DeniedRemediate') {
+                        $Setting = $Deviation.standardName -replace 'standards.', ''
+                        $StandardTemplate = Get-CIPPTenantAlignment -TenantFilter $TenantFilter | Where-Object -Property standardType -EQ 'drift'
+                        $StandardTemplate = $StandardTemplate.$Setting
+                        $StandardTemplate.action = @(
+                            @{label = 'Report'; value = 'Report' },
+                            @{ label = 'Remediate'; value = 'Remediate' }
+                        )
+                        #idea here is to make a system job that triggers the remediation process, so that users can click on "Deniedremediate"
+                        #That job then launches a single standard run, it gets the same input as an orch, but is just a scheduled job.
+
+                    }
+                    if ($Deviation.status -eq 'deniedDelete') {
+                        #Here we look at the policy ID received and the type, and nuke it.
+                    }
                 } catch {
                     [PSCustomObject]@{
                         standardName = $Deviation.standardName

Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1

@@ -52,7 +52,7 @@ function Get-CIPPTenantAlignment {
 
         # Get standards comparison data
         $StandardsTable = Get-CIPPTable -TableName 'CippStandardsReports'
-        $AllStandards = Get-CIPPAzDataTableEntity @StandardsTable
+        $AllStandards = Get-CIPPAzDataTableEntity @StandardsTable -Filter "PartitionKey ne 'StandardReport'"
 
         # Filter by tenant if specified
         $Standards = if ($TenantFilter) {
@@ -263,6 +263,7 @@ function Get-CIPPTenantAlignment {
         return $Results
     } catch {
         Write-Error "Error getting tenant alignment data: $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
         throw
     }
 }

Modules/CIPPCore/Public/Get-CIPPDrift.ps1

@@ -188,26 +188,10 @@ function Get-CIPPDrift {
                     $TenantCAPolicies = @()
                 }
 
-                # Always update cache with fresh data
-                try {
-                    $CacheTable = Get-CippTable -tablename 'cacheDrift'
-                    $IntuneJsonString = "`"$($TenantIntunePolicies | ConvertTo-Json -Depth 10 -Compress | ForEach-Object { $_ -replace '"', '\"' })`""
-                    $CAJsonString = "`"$($TenantCAPolicies | ConvertTo-Json -Depth 10 -Compress | ForEach-Object { $_ -replace '"', '\"' })`""
-
-                    $CacheEntity = @{
-                        PartitionKey = 'drift'
-                        RowKey       = $TenantFilter
-                        IntuneJson   = $IntuneJsonString
-                        CAJson       = $CAJsonString
-                    }
-                    Add-CIPPAzDataTableEntity @CacheTable -Entity $CacheEntity -Force
-                } catch {
-                    Write-Warning "Failed to cache policy data: $($_.Exception.Message)"
-                }
             }
 
             if ($Alignment.standardSettings) {
-                if ($Alignment.standardSettings.IntuneTemplates) {
+                if ($Alignment.standardSettings.IntuneTemplate) {
                     $IntuneTemplateIds = $Alignment.standardSettings.IntuneTemplate.TemplateList | ForEach-Object { $_.value }
                 }
                 if ($Alignment.standardSettings.ConditionalAccessTemplate) {

Modules/CIPPCore/Public/Set-CIPPDriftDeviation.ps1

@@ -27,7 +27,7 @@ function Set-CIPPDriftDeviation {
         [string]$StandardName,
 
         [Parameter(Mandatory = $true)]
-        [ValidateSet('Accepted', 'New', 'Denied', 'CustomerSpecific')]
+        [ValidateSet('Accepted', 'New', 'Denied', 'CustomerSpecific', 'DeniedRemediate', 'DeniedDelete')]
         [string]$Status
     )
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1

@@ -31,7 +31,7 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'ConditionalAccess'
     $Table = Get-CippTable -tablename 'templates'
-    $TestResult = Test-CIPPStandardLicense -StandardName 'ConditionalAccessTemplate' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
+    $TestResult = Test-CIPPStandardLicense -StandardName 'ConditionalAccessTemplates_general' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
     if ($TestResult -eq $false) {
         #writing to each item that the license is not present.
         $settings.TemplateList | ForEach-Object {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1

@@ -31,7 +31,7 @@ function Invoke-CIPPStandardIntuneTemplate {
         https://docs.cipp.app/user-documentation/tenant/standards/list-standards
     #>
     param($Tenant, $Settings)
-    $TestResult = Test-CIPPStandardLicense -StandardName 'IntuneTemplate' -TenantFilter $Tenant -RequiredCapabilities @('INTUNE_A', 'MDM_Services', 'EMS', 'SCCM', 'MICROSOFTINTUNEPLAN1')
+    $TestResult = Test-CIPPStandardLicense -StandardName 'IntuneTemplate_general' -TenantFilter $Tenant -RequiredCapabilities @('INTUNE_A', 'MDM_Services', 'EMS', 'SCCM', 'MICROSOFTINTUNEPLAN1')
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'intuneTemplate'
 
     if ($TestResult -eq $false) {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1

@@ -48,16 +48,22 @@ function Invoke-CIPPStandardSpoofWarn {
 
     # Test if all entries in the AllowListAdd variable are in the AllowList
     $AllowListCorrect = $true
-    $AllowListAddEntries = foreach ($entry in $AllowListAdd) {
-        if ($CurrentInfo.AllowList -notcontains $entry) {
-            $AllowListCorrect = $false
-            Write-Host "AllowList entry $entry not found in current AllowList"
-            $entry
-        } else {
-            Write-Host "AllowList entry $entry found in current AllowList."
+
+    if ($AllowListAdd -eq $null -or $AllowListAdd.Count -eq 0) {
+        Write-Host 'No AllowList entries provided, skipping AllowList check.'
+        $AllowListAdd = @{'@odata.type' = '#Exchange.GenericHashTable'; Add = @() }
+    } else {
+        $AllowListAddEntries = foreach ($entry in $AllowListAdd) {
+            if ($CurrentInfo.AllowList -notcontains $entry) {
+                $AllowListCorrect = $false
+                Write-Host "AllowList entry $entry not found in current AllowList"
+                $entry
+            } else {
+                Write-Host "AllowList entry $entry found in current AllowList."
+            }
         }
+        $AllowListAdd = @{'@odata.type' = '#Exchange.GenericHashTable'; Add = $AllowListAddEntries }
     }
-    $AllowListAdd = @{'@odata.type' = '#Exchange.GenericHashTable'; Add = $AllowListAddEntries }
 
     # Debug output
     # Write-Host ($CurrentInfo | ConvertTo-Json -Depth 10)