Merge pull request #375 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1

@@ -31,17 +31,17 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'ConditionalAccess'
     $TestResult = Test-CIPPStandardLicense -StandardName 'ConditionalAccessTemplate' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
+    $Table = Get-CippTable -tablename 'templates'
 
     if ($TestResult -eq $false) {
         Write-Host "We're exiting as the correct license is not present for this standard."
         return $true
     } #we're done.
+    $AllCAPolicies = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies?$top=999' -tenantid $Tenant
 
     if ($Settings.remediate -eq $true) {
-        $AllCAPolicies = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies?$top=999' -tenantid $Tenant
         foreach ($Setting in $Settings) {
             try {
-                $Table = Get-CippTable -tablename 'templates'
                 $Filter = "PartitionKey eq 'CATemplate' and RowKey eq '$($Setting.TemplateList.value)'"
                 $JSONObj = (Get-CippAzDataTableEntity @Table -Filter $Filter).JSON
                 $null = New-CIPPCAPolicy -replacePattern 'displayName' -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -Headers $Request.Headers -DisableSD $Setting.DisableSD
@@ -51,20 +51,24 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
             }
         }
     }
-    if ($Settings.report -eq $true) {
-        $Policies = $Settings.TemplateList.JSON | ConvertFrom-Json -Depth 10
+    if ($Settings.report -eq $true -or $Settings.remediate -eq $true) {
+        $Filter = "PartitionKey eq 'CATemplate'"
+        $Policies = (Get-CippAzDataTableEntity @Table -Filter $Filter | Where-Object RowKey -In $Settings.TemplateList.value).JSON | ConvertFrom-Json -Depth 10
         #check if all groups.displayName are in the existingGroups, if not $fieldvalue should contain all missing groups, else it should be true.
-        $MissingPolicies = foreach ($policy in $Policies) {
-            $CheckExististing = $AllCAPolicies | Where-Object -Property displayName -EQ $policy.displayname
+        $MissingPolicies = foreach ($Setting in $Settings.TemplateList) {
+            $policy = $Policies | Where-Object { $_.displayName -eq $Setting.label }
+            $CheckExististing = $AllCAPolicies | Where-Object -Property displayName -EQ $Setting.label
             if (!$CheckExististing) {
-                $policy.displayname
+                Set-CIPPStandardsCompareField -FieldName "standards.ConditionalAccessTemplate.$($Setting.value)" -FieldValue "Policy $($Setting.label) is missing from this tenant." -Tenant $Tenant
+            } else {
+                $CompareObj = ConvertFrom-Json -ErrorAction SilentlyContinue -InputObject (New-CIPPCATemplate -TenantFilter $tenant -JSON $CheckExististing)
+                $Compare = Compare-CIPPIntuneObject -ReferenceObject $policy -DifferenceObject $CompareObj
+                if (!$Compare) {
+                    Set-CIPPStandardsCompareField -FieldName "standards.ConditionalAccessTemplate.$($Setting.value)" -FieldValue $true -Tenant $Tenant
+                } else {
+                    Set-CIPPStandardsCompareField -FieldName "standards.ConditionalAccessTemplate.$($Setting.value)" -FieldValue $Compare -Tenant $Tenant
+                }
             }
         }
-        if ($MissingPolicies.Count -eq 0) {
-            $fieldValue = $true
-        } else {
-            $fieldValue = $MissingPolicies -join ', '
-        }
-        Set-CIPPStandardsCompareField -FieldName 'standards.ConditionalAccessTemplate' -FieldValue $fieldValue -Tenant $Tenant
     }
 }