Merge pull request KelvinTegelaar#1402 from Ren-Roros-Digital/fix-compare

chore: tweak standards report/alert compare

Author: KelvinTegelaar

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDefaultPlatformRestrictions.ps1

@@ -58,6 +58,19 @@ function Invoke-CIPPStandardDefaultPlatformRestrictions {
         ($CurrentState.windowsRestriction.platformBlocked -eq $Settings.platformWindowsBlocked) -and
         ($CurrentState.windowsRestriction.personalDeviceEnrollmentBlocked -eq $Settings.personalWindowsBlocked)
 
+    $CompareField = [PSCustomObject]@{
+        platformAndroidForWorkBlocked   = $CurrentState.androidForWorkRestriction.platformBlocked
+        personalAndroidForWorkBlocked   = $CurrentState.androidForWorkRestriction.personalDeviceEnrollmentBlocked
+        platformAndroidBlocked          = $CurrentState.androidRestriction.platformBlocked
+        personalAndroidBlocked          = $CurrentState.androidRestriction.personalDeviceEnrollmentBlocked
+        platformiOSBlocked              = $CurrentState.iosRestriction.platformBlocked
+        personaliOSBlocked              = $CurrentState.iosRestriction.personalDeviceEnrollmentBlocked
+        platformMacOSBlocked            = $CurrentState.macOSRestriction.platformBlocked
+        personalMacOSBlocked            = $CurrentState.macOSRestriction.personalDeviceEnrollmentBlocked
+        platformWindowsBlocked          = $CurrentState.windowsRestriction.platformBlocked
+        personalWindowsBlocked          = $CurrentState.windowsRestriction.personalDeviceEnrollmentBlocked
+    }
+
     If ($Settings.remediate -eq $true) {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'DefaultPlatformRestrictions is already applied correctly.' -Sev Info
@@ -109,29 +122,17 @@ function Invoke-CIPPStandardDefaultPlatformRestrictions {
     }
 
     If ($Settings.alert -eq $true) {
-
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'DefaultPlatformRestrictions is correctly set.' -Sev Info
         } else {
-            Write-StandardsAlert -message 'DefaultPlatformRestrictions is incorrectly set.' -object $StateIsCorrect -tenant $Tenant -standardName 'DefaultPlatformRestrictions' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'DefaultPlatformRestrictions is incorrectly set.' -object $CompareField -tenant $Tenant -standardName 'DefaultPlatformRestrictions' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'DefaultPlatformRestrictions is incorrectly set.' -Sev Info
         }
     }
 
     If ($Settings.report -eq $true) {
-        $Table = [PSCustomObject]@{
-            platformAndroidForWorkBlocked   = $CurrentState.androidForWorkRestriction.platformBlocked
-            personalAndroidForWorkBlocked   = $CurrentState.androidForWorkRestriction.personalDeviceEnrollmentBlocked
-            platformAndroidBlocked          = $CurrentState.androidRestriction.platformBlocked
-            personalAndroidBlocked          = $CurrentState.androidRestriction.personalDeviceEnrollmentBlocked
-            platformiOSBlocked              = $CurrentState.iosRestriction.platformBlocked
-            personaliOSBlocked              = $CurrentState.iosRestriction.personalDeviceEnrollmentBlocked
-            platformMacOSBlocked            = $CurrentState.macOSRestriction.platformBlocked
-            personalMacOSBlocked            = $CurrentState.macOSRestriction.personalDeviceEnrollmentBlocked
-            platformWindowsBlocked          = $CurrentState.windowsRestriction.platformBlocked
-            personalWindowsBlocked          = $CurrentState.windowsRestriction.personalDeviceEnrollmentBlocked
-        }
-        Set-CIPPStandardsCompareField -FieldName 'standards.DefaultPlatformRestrictions' -FieldValue $Table -TenantFilter $Tenant
+        $FieldValue = $StateIsCorrect ? $true : $CompareField
+        Set-CIPPStandardsCompareField -FieldName 'standards.DefaultPlatformRestrictions' -FieldValue $FieldValue -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'DefaultPlatformRestrictions' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMDMScope.ps1

@@ -34,10 +34,18 @@ function Invoke-CIPPStandardMDMScope {
     $CurrentInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/0000000a-0000-0000-c000-000000000000?$expand=includedGroups' -tenantid $Tenant
 
     $StateIsCorrect = ($CurrentInfo.termsOfUseUrl -eq 'https://portal.manage.microsoft.com/TermsofUse.aspx') -and
-                        ($CurrentInfo.discoveryUrl -eq 'https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc') -and
-                        ($CurrentInfo.complianceUrl -eq 'https://portal.manage.microsoft.com/?portalAction=Compliance') -and
-                        ($CurrentInfo.appliesTo -eq $Settings.appliesTo) -and
-                        ($Settings.appliesTo -ne 'selected' -or ($CurrentInfo.includedGroups.displayName -contains $Settings.customGroup))
+        ($CurrentInfo.discoveryUrl -eq 'https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc') -and
+        ($CurrentInfo.complianceUrl -eq 'https://portal.manage.microsoft.com/?portalAction=Compliance') -and
+        ($CurrentInfo.appliesTo -eq $Settings.appliesTo) -and
+        ($Settings.appliesTo -ne 'selected' -or ($CurrentInfo.includedGroups.displayName -contains $Settings.customGroup))
+
+    $CompareField = [PSCustomObject]@{
+        termsOfUseUrl = $CurrentInfo.termsOfUseUrl
+        discoveryUrl  = $CurrentInfo.discoveryUrl
+        complianceUrl = $CurrentInfo.complianceUrl
+        appliesTo     = $CurrentInfo.appliesTo
+        customGroup   = $CurrentInfo.includedGroups.displayName
+    }
 
     If ($Settings.remediate -eq $true) {
         if ($StateIsCorrect -eq $true) {
@@ -112,17 +120,17 @@ function Invoke-CIPPStandardMDMScope {
     }
 
     if ($Settings.alert -eq $true) {
-        if ($StateIsCorrect) {
+        if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'MDM Scope is correctly configured' -sev Info
         } else {
-            Write-StandardsAlert -message 'MDM Scope is not correctly configured' -object $CurrentInfo -tenant $tenant -standardName 'MDMScope' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'MDM Scope is not correctly configured' -object $CompareField -tenant $tenant -standardName 'MDMScope' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'MDM Scope is not correctly configured' -sev Info
         }
     }
 
     if ($Settings.report -eq $true) {
-        $state = $StateIsCorrect ? $true : $CurrentInfo
-        Set-CIPPStandardsCompareField -FieldName 'standards.MDMScope' -FieldValue $state -TenantFilter $Tenant
+        $FieldValue = $StateIsCorrect ? $true : $CompareField
+        Set-CIPPStandardsCompareField -FieldName 'standards.MDMScope' -FieldValue $FieldValue -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'MDMScope' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $tenant
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishSimSpoofIntelligence.ps1

@@ -40,6 +40,11 @@ function Invoke-CIPPStandardPhishSimSpoofIntelligence {
 
     $StateIsCorrect = ($AddDomain.Count -eq 0 -and $RemoveDomain.Count -eq 0)
 
+    $CompareField = [PSCustomObject]@{
+        "Missing Domains"   = $AddDomain -join ', '
+        "Incorrect Domains" = $RemoveDomain.SendingInfrastructure -join ', '
+    }
+
     If ($Settings.remediate -eq $true) {
         If ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spoof Intelligence Allow list already correctly configured' -sev Info
@@ -89,15 +94,14 @@ function Invoke-CIPPStandardPhishSimSpoofIntelligence {
         If ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spoof Intelligence Allow list is correctly configured' -sev Info
         } Else {
-            Write-StandardsAlert -message 'Spoof Intelligence Allow list is not correctly configured' -object $CurrentState -tenant $Tenant -standardName 'PhishSimSpoofIntelligence' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Spoof Intelligence Allow list is not correctly configured' -object $CompareField -tenant $Tenant -standardName 'PhishSimSpoofIntelligence' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Spoof Intelligence Allow list is not correctly configured' -sev Info
         }
     }
 
     If ($Settings.report -eq $true) {
-        $CurrentState = $StateIsCorrect ? $true : $DomainState.SendingInfrastructure
-
-        Set-CIPPStandardsCompareField -FieldName 'standards.PhishSimSpoofIntelligence' -FieldValue $CurrentState -Tenant $Tenant
+        $FieldValue = $StateIsCorrect ? $true : $CompareField
+        Set-CIPPStandardsCompareField -FieldName 'standards.PhishSimSpoofIntelligence' -FieldValue $FieldValue -Tenant $Tenant
         Add-CIPPBPAField -FieldName 'PhishSimSpoofIntelligence' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPhishingSimulations.ps1

@@ -66,6 +66,12 @@ function Invoke-CIPPStandardPhishingSimulations {
     # Check state for all components
     $StateIsCorrect = $PolicyIsCorrect -and $RuleIsCorrect -and $PhishingSimUrlsIsCorrect
 
+    $CompareField = [PSCustomObject]@{
+        Domains         = $RuleState.Domains -join ', '
+        SenderIpRanges  = $RuleState.SenderIpRanges -join ', '
+        PhishingSimUrls = $SimUrlState.value -join ', '
+    }
+
     If ($Settings.remediate -eq $true) {
         If ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Advanced Phishing Simulations already correctly configured' -sev Info
@@ -157,22 +163,14 @@ function Invoke-CIPPStandardPhishingSimulations {
         If ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Phishing Simulation Configuration is correctly configured' -sev Info
         } Else {
-            Write-StandardsAlert -message 'Phishing Simulation Configuration is not correctly configured' -object $CurrentState -tenant $Tenant -standardName 'PhishingSimulations' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'Phishing Simulation Configuration is not correctly configured' -object $CompareField -tenant $Tenant -standardName 'PhishingSimulations' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -Tenant $Tenant -message 'Phishing Simulation Configuration is not correctly configured' -sev Info
         }
     }
 
     If ($Settings.report -eq $true) {
+        $FieldValue = $StateIsCorrect ? $true : $CompareField
         Add-CIPPBPAField -FieldName 'PhishingSimulations' -FieldValue $StateIsCorrect -StoreAs bool -Tenant $Tenant
-        If ($StateIsCorrect -eq $true) {
-            $FieldValue = $true
-        } Else {
-            $FieldValue = [PSCustomObject]@{
-                Domains = $RuleState.Domains
-                SenderIpRanges = $RuleState.SenderIpRanges
-                PhishingSimUrls = $SimUrlState.value
-            }
-        }
         Set-CIPPStandardsCompareField -FieldName 'standards.PhishingSimulations' -FieldValue $FieldValue -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSharePointMassDeletionAlert.ps1

@@ -42,9 +42,15 @@ function Invoke-CIPPStandardSharePointMassDeletionAlert {
     $MissingEmailsInSettings = $Settings.NotifyUser.value | Where-Object { $_ -notin $CurrentState.NotifyUser }
 
     $StateIsCorrect = ($EmailsOutsideSettings.Count -eq 0) -and
-                      ($MissingEmailsInSettings.Count -eq 0) -and
-                      ($CurrentState.Threshold -eq $Settings.Threshold) -and
-                      ($CurrentState.TimeWindow -eq $Settings.TimeWindow)
+        ($MissingEmailsInSettings.Count -eq 0) -and
+        ($CurrentState.Threshold -eq $Settings.Threshold) -and
+        ($CurrentState.TimeWindow -eq $Settings.TimeWindow)
+
+    $CompareField = [PSCustomObject]@{
+        'Threshold'  = $CurrentState.Threshold
+        'TimeWindow' = $CurrentState.TimeWindow
+        'NotifyUser' = $CurrentState.NotifyUser -join ', '
+    }
 
     If ($Settings.remediate -eq $true) {
         If ($StateIsCorrect -eq $true) {
@@ -88,22 +94,14 @@ function Invoke-CIPPStandardSharePointMassDeletionAlert {
         If ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint mass deletion of files alert is enabled' -sev Info
         } Else {
+            Write-StandardsAlert -message 'SharePoint mass deletion of files alert is disabled' -object $CompareField -tenant $tenant -standardName 'SharePointMassDeletionAlert' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -Tenant $Tenant -Message 'SharePoint mass deletion of files alert is disabled' -sev Info
         }
     }
 
     If ($Settings.report -eq $true) {
-        If ($StateIsCorrect -eq $true) {
-            $Table = $true
-        } Else {
-            $Table = [PSCustomObject]@{
-                Threshold  = $CurrentState.Threshold
-                TimeWindow = $CurrentState.TimeWindow
-                NotifyUser = $CurrentState.NotifyUser
-            }
-        }
-
-        Set-CIPPStandardsCompareField -FieldName 'standards.SharePointMassDeletionAlert' -FieldValue $Table -TenantFilter $Tenant
+        $FieldValue = $StateIsCorrect ? $true : $CompareField
+        Set-CIPPStandardsCompareField -FieldName 'standards.SharePointMassDeletionAlert' -FieldValue $FieldValue -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'SharePointMassDeletionAlert' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $Tenant
     }
 }