Merge pull request #394 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPDriftManagement.ps1

@@ -12,8 +12,9 @@ function Push-CippDriftManagement {
     try {
         $Drift = Get-CIPPDrift -TenantFilter $Item.Tenant
         if ($Drift.newDeviationsCount -gt 0) {
-            $email = (Get-CIPPTenantAlignment -TenantFilter $Item.Tenant | Where-Object -Property standardType -EQ 'drift').standardSettings.email
-            $webhook = (Get-CIPPTenantAlignment -TenantFilter $Item.Tenant | Where-Object -Property standardType -EQ 'drift').standardSettings.webhook
+            $Settings = (Get-CIPPTenantAlignment -TenantFilter $Item.Tenant | Where-Object -Property standardType -EQ 'drift')
+            $email = $Settings.driftAlertEmail
+            $webhook = $Settings.driftAlertWebhook
             $CippConfigTable = Get-CippTable -tablename Config
             $CippConfig = Get-CIPPAzDataTableEntity @CippConfigTable -Filter "PartitionKey eq 'InstanceProperties' and RowKey eq 'CIPPURL'"
             $CIPPURL = 'https://{0}' -f $CippConfig.Value

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecDeviceAction {
+function Invoke-ExecDeviceAction {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -22,6 +22,16 @@ Function Invoke-ExecDeviceAction {
     try {
         switch ($Action) {
             'setDeviceName' {
+                if ($Request.Body.input -match '%') {
+                    $Device = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$DeviceFilter" -tenantid $TenantFilter
+                    $Request.Body.input = Get-CIPPTextReplacement -TenantFilter $TenantFilter -Text $Request.Body.input
+                    $Request.Body.input = $Request.Body.input -replace '%SERIAL%', $Device.serialNumber
+                    # limit to 15 characters
+                    if ($Request.Body.input.Length -gt 15) {
+                        $Request.Body.input = $Request.Body.input.Substring(0, 15)
+                    }
+                }
+
                 $ActionBody = @{ deviceName = $Request.Body.input } | ConvertTo-Json -Compress
                 break
             }
@@ -30,7 +40,7 @@ Function Invoke-ExecDeviceAction {
                 Write-Host "ActionBody: $ActionBody"
                 break
             }
-            Default { $ActionBody = $Request.Body | ConvertTo-Json -Compress }
+            default { $ActionBody = $Request.Body | ConvertTo-Json -Compress }
         }
 
         $cmdParams = @{

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-CIPPStandardsRun.ps1

@@ -23,15 +23,15 @@ function Invoke-CIPPStandardsRun {
 
     if ($Drift.IsPresent) {
         Write-Information 'Drift Standards Run'
-        $AllTasks = Get-CIPPTenantAlignment | Where-Object -Property standardtype -EQ 'drift' | Select-Object -Property Tenant | Sort-Object -Unique -Property Tenant
+        $AllTasks = Get-CIPPTenantAlignment | Where-Object -Property standardtype -EQ 'drift' | Select-Object -Property TenantFilter | Sort-Object -Unique -Property TenantFilter
 
         #For each item in our object, run the queue.
         $Queue = New-CippQueueEntry -Name 'Drift Standards' -TotalTasks ($AllTasks | Measure-Object).Count
 
         $Batch = foreach ($Task in $AllTasks) {
             [PSCustomObject]@{
                 FunctionName = 'CIPPDriftManagement'
-                Tenant       = $Task.Tenant
+                Tenant       = $Task.TenantFilter
             }
         }
 
@@ -70,7 +70,6 @@ function Invoke-CIPPStandardsRun {
                 StandardParams = @{
                     TenantFilter = $TenantFilter
                     runManually  = $runManually
-                    Drift        = $Drift.IsPresent
                 }
             }
             SkipLog          = $true

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecUpdateDriftDeviation.ps1

@@ -27,7 +27,7 @@ function Invoke-ExecUpdateDriftDeviation {
                     success = $true
                     result  = "All drift customizations removed for tenant $TenantFilter"
                 })
-            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Removed all drift customizations for tenant $TenantFilter" -Sev 'Info'
+            Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Removed all drift customizations for tenant $TenantFilter" -Sev 'Info'
         } else {
             $Deviations = $Request.Body.deviations
             $Reason = $Request.Body.reason
@@ -40,18 +40,36 @@ function Invoke-ExecUpdateDriftDeviation {
                         success = $true
                         result  = $Result
                     }
-                    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Updated drift deviation status for $($Deviation.standardName) to $($Deviation.status) with reason: $Reason" -Sev 'Info'
+                    Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Updated drift deviation status for $($Deviation.standardName) to $($Deviation.status) with reason: $Reason" -Sev 'Info'
                     if ($Deviation.status -eq 'DeniedRemediate') {
                         $Setting = $Deviation.standardName -replace 'standards.', ''
                         $StandardTemplate = Get-CIPPTenantAlignment -TenantFilter $TenantFilter | Where-Object -Property standardType -EQ 'drift'
-                        $StandardTemplate = $StandardTemplate.$Setting
-                        $StandardTemplate.action = @(
-                            @{label = 'Report'; value = 'Report' },
-                            @{ label = 'Remediate'; value = 'Remediate' }
-                        )
-                        #idea here is to make a system job that triggers the remediation process, so that users can click on "Deniedremediate"
-                        #That job then launches a single standard run, it gets the same input as an orch, but is just a scheduled job.
+                        $StandardTemplate = $StandardTemplate.standardSettings.$Setting
 
+                        $StandardTemplate.standards.$Setting | Add-Member -MemberType NoteProperty -Name 'remediate' -Value $true -Force
+                        $StandardTemplate.standards.$Setting | Add-Member -MemberType NoteProperty -Name 'report' -Value $true -Force
+
+                        $TaskBody = @{
+                            TenantFilter  = $TenantFilter
+                            Name          = "One Off Drift Remediation: $Setting - $TenantFilter"
+                            Command       = @{
+                                value = "Invoke-CIPPStandard$Setting"
+                                label = "Invoke-CIPPStandard$Setting"
+                            }
+
+                            Parameters    = [pscustomobject]@{
+                                Tenant   = $TenantFilter
+                                Settings = $StandardTemplate.standards.$Setting
+                            }
+                            ScheduledTime = '0'
+                            PostExecution = @{
+                                Webhook = $false
+                                Email   = $false
+                                PSA     = $false
+                            }
+                        }
+                        Add-CIPPScheduledTask -Task $TaskBody -hidden $false
+                        Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Scheduled drift remediation task for $Setting" -Sev 'Info'
                     }
                     if ($Deviation.status -eq 'deniedDelete') {
                         #Here we look at the policy ID received and the type, and nuke it.
@@ -62,7 +80,7 @@ function Invoke-ExecUpdateDriftDeviation {
                         success      = $false
                         error        = $_.Exception.Message
                     }
-                    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to update drift deviation for $($Deviation.standardName): $($_.Exception.Message)" -Sev 'Error'
+                    Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to update drift deviation for $($Deviation.standardName): $($_.Exception.Message)" -Sev 'Error'
                 }
             }
         }

Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1

@@ -259,6 +259,8 @@ function Get-CIPPTenantAlignment {
                     StandardId               = $Template.GUID
                     standardType             = $Template.type
                     standardSettings         = $Template.Standards
+                    driftAlertEmail          = $Template.driftAlertEmail
+                    driftAlertWebhook        = $Template.driftAlertWebhook
                     AlignmentScore           = $AlignmentPercentage
                     LicenseMissingPercentage = $LicenseMissingPercentage
                     CombinedScore            = $AlignmentPercentage + $LicenseMissingPercentage

Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1

@@ -109,6 +109,40 @@ function Set-CIPPIntunePolicy {
                 $PlatformType = 'deviceManagement'
                 $TemplateTypeURL = 'configurationPolicies'
                 $DisplayName = ($RawJSON | ConvertFrom-Json).Name
+
+                $Template = $RawJSON | ConvertFrom-Json
+                if ($Template.templateReference.templateId) {
+                    Write-Information "Checking configuration policy template $($Template.templateReference.templateId) for $($DisplayName)"
+                    # Remove unavailable settings from the template
+                    $AvailableSettings = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicyTemplates('$($Template.templateReference.templateId)')/settingTemplates?`$expand=settingDefinitions&`$top=1000" -tenantid $tenantFilter
+
+                    if ($AvailableSettings) {
+                        Write-Information "Available settings for template $($Template.templateReference.templateId): $($AvailableSettings.Count)"
+                        $FilteredSettings = [system.collections.generic.list[psobject]]::new()
+                        foreach ($setting in $Template.settings) {
+                            if ($setting.settingInstance.settingInstanceTemplateReference.settingInstanceTemplateId -in $AvailableSettings.settingInstanceTemplate.settingInstanceTemplateId) {
+                                $AvailableSetting = $AvailableSettings | Where-Object { $_.settingInstanceTemplate.settingInstanceTemplateId -eq $setting.settingInstance.settingInstanceTemplateReference.settingInstanceTemplateId }
+
+                                if ($AvailableSetting.settingInstanceTemplate.settingInstanceTemplateId -cnotmatch $setting.settingInstance.settingInstanceTemplateReference.settingInstanceTemplateId) {
+                                    # update casing
+                                    Write-Information "Fixing casing for setting instance template $($AvailableSetting.settingInstanceTemplate.settingInstanceTemplateId)"
+                                    $setting.settingInstance.settingInstanceTemplateReference.settingInstanceTemplateId = $AvailableSetting.settingInstanceTemplate.settingInstanceTemplateId
+                                }
+
+                                if ($AvailableSetting.settingInstanceTemplate.choiceSettingValueTemplate -cnotmatch $setting.settingInstance.choiceSettingValue.settingValueTemplateReference.settingValueTemplateId) {
+                                    # update choice setting value template
+                                    Write-Information "Fixing casing for choice setting value template $($AvailableSetting.settingInstanceTemplate.choiceSettingValueTemplate.settingValueTemplateId)"
+                                    $setting.settingInstance.choiceSettingValue.settingValueTemplateReference.settingValueTemplateId = $AvailableSetting.settingInstanceTemplate.choiceSettingValueTemplate.settingValueTemplateId
+                                }
+
+                                $FilteredSettings.Add($setting)
+                            }
+                        }
+                        $Template.settings = $FilteredSettings
+                        $RawJSON = $Template | ConvertTo-Json -Depth 100 -Compress
+                    }
+                }
+
                 $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/$PlatformType/$TemplateTypeURL" -tenantid $tenantFilter
                 if ($DisplayName -in $CheckExististing.name) {
                     $PolicyFile = $RawJSON | ConvertFrom-Json | Select-Object * -ExcludeProperty Platform, PolicyType, CreationSource

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCustomBannedPasswordList.ps1

@@ -31,9 +31,8 @@ function Invoke-CIPPStandardCustomBannedPasswordList {
     #>
 
     param($Tenant, $Settings)
-
+    Write-Host "All params received: $Tenant, $tenant, $($Settings | ConvertTo-Json -Depth 10 -Compress)"
     $PasswordRuleTemplateId = '5cf42378-d67d-4f36-ba46-e8b86229381d'
-
     # Parse and validate banned words from input
     $BannedWordsInput = $Settings.BannedWords
     if ([string]::IsNullOrWhiteSpace($BannedWordsInput)) {