Merge pull request KelvinTegelaar#1538 from kris6673/feat-HiddenFromExchangeClientsEnabled

KelvinTegelaar · web-flow · commit ae4c8262138e · 2025-06-29T12:14:48.000-04:00
Feat: Enhance group management functions to support hideFromOutlookClients
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1
@@ -15,7 +15,8 @@ function Invoke-EditGroup {
     $Results = [System.Collections.Generic.List[string]]@()
     $UserObj = $Request.Body
     $GroupType = $UserObj.groupId.addedFields.groupType ? $UserObj.groupId.addedFields.groupType : $UserObj.groupType
-    $GroupName = $UserObj.groupName ? $UserObj.groupName : $UserObj.groupId.addedFields.groupName
+    # groupName is used in the Add to Group user action, displayName is used in the Edit Group page
+    $GroupName = $UserObj.groupName ?? $UserObj.displayName ?? $UserObj.groupId.addedFields.groupName
     $GroupId = $UserObj.groupId.value ?? $UserObj.groupId
     $OrgGroup = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $UserObj.tenantFilter
 
@@ -406,6 +407,28 @@ function Invoke-EditGroup {
         }
     }
 
+    # Only process hideFromOutlookClients if it was explicitly sent and is a Microsoft 365 group
+    if ($null -ne $UserObj.hideFromOutlookClients -and $GroupType -eq 'Microsoft 365') {
+        try {
+            $Params = @{ Identity = $GroupId; HiddenFromExchangeClientsEnabled = $UserObj.hideFromOutlookClients }
+            $null = New-ExoRequest -tenantid $TenantId -cmdlet 'Set-UnifiedGroup' -cmdParams $Params -useSystemMailbox $true
+
+            if ($UserObj.hideFromOutlookClients -eq $true) {
+                $Results.Add("Successfully hidden group mailbox from Outlook for $($GroupName).")
+                Write-LogMessage -headers $Headers -API $APIName -tenant $TenantId -message "Successfully hidden group mailbox from Outlook for $($GroupName)." -Sev 'Info'
+            } else {
+                $Results.Add("Successfully made group mailbox visible in Outlook for $($GroupName).")
+                Write-LogMessage -headers $Headers -API $APIName -tenant $TenantId -message "Successfully made group mailbox visible in Outlook for $($GroupName)." -Sev 'Info'
+            }
+        } catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-Warning "Error in hideFromOutlookClients: $($ErrorMessage.NormalizedError) - $($_.InvocationInfo.ScriptLineNumber)"
+            $action = if ($UserObj.hideFromOutlookClients -eq $true) { 'hide' } else { 'show' }
+            $Results.Add("Failed to $action group mailbox in Outlook for $($GroupName).")
+            Write-LogMessage -headers $Headers -API $APIName -tenant $TenantId -message "Failed to $action group mailbox in Outlook for $($GroupName). Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
+        }
+    }
+
     $body = @{'Results' = @($Results) }
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroups.ps1
@@ -69,14 +69,14 @@ function Invoke-ListGroups {
         # get the outside the organization RequireSenderAuthenticationEnabled setting
         $OnlyAllowInternal = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-DistributionGroup' -cmdParams @{Identity = $GroupID } -Select 'RequireSenderAuthenticationEnabled' -useSystemMailbox $true | Select-Object -ExpandProperty RequireSenderAuthenticationEnabled
     } elseif ($GroupType -eq 'Microsoft 365') {
-        $UnifiedGroup = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-UnifiedGroup' -cmdParams @{Identity = $GroupID } -Select 'RequireSenderAuthenticationEnabled,subscriptionEnabled,AutoSubscribeNewMembers' -useSystemMailbox $true
-        $OnlyAllowInternal = $UnifiedGroup.RequireSenderAuthenticationEnabled
+        $UnifiedGroupInfo = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-UnifiedGroup' -cmdParams @{Identity = $GroupID } -Select 'RequireSenderAuthenticationEnabled,subscriptionEnabled,AutoSubscribeNewMembers,HiddenFromExchangeClientsEnabled' -useSystemMailbox $true
+        $OnlyAllowInternal = $UnifiedGroupInfo.RequireSenderAuthenticationEnabled
     } else {
         $OnlyAllowInternal = $null
     }
 
     if ($GroupType -eq 'Microsoft 365') {
-        if ($UnifiedGroup.subscriptionEnabled -eq $true -and $UnifiedGroup.AutoSubscribeNewMembers -eq $true) { $SendCopies = $true } else { $SendCopies = $false }
+        if ($UnifiedGroupInfo.subscriptionEnabled -eq $true -and $UnifiedGroupInfo.AutoSubscribeNewMembers -eq $true) { $SendCopies = $true } else { $SendCopies = $false }
     } else {
         $SendCopies = $null
     }
@@ -85,7 +85,7 @@ function Invoke-ListGroups {
         if ($BulkRequestArrayList.Count -gt 0) {
             $RawGraphRequest = New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($BulkRequestArrayList) -asapp $true
             $GraphRequest = [PSCustomObject]@{
-                groupInfo     = ($RawGraphRequest | Where-Object { $_.id -eq 1 }).body | Select-Object *, @{ Name = 'primDomain'; Expression = { $_.mail -split '@' | Select-Object -Last 1 } },
+                groupInfo              = ($RawGraphRequest | Where-Object { $_.id -eq 1 }).body | Select-Object *, @{ Name = 'primDomain'; Expression = { $_.mail -split '@' | Select-Object -Last 1 } },
                 @{Name = 'teamsEnabled'; Expression = { if ($_.resourceProvisioningOptions -Like '*Team*') { $true } else { $false } } },
                 @{Name = 'calculatedGroupType'; Expression = {
                         if ($_.mailEnabled -and $_.securityEnabled) { 'Mail-Enabled Security' }
@@ -94,10 +94,11 @@ function Invoke-ListGroups {
                         if (([string]::isNullOrEmpty($_.groupTypes)) -and ($_.mailEnabled) -and (!$_.securityEnabled)) { 'Distribution List' }
                     }
                 }, @{Name = 'dynamicGroupBool'; Expression = { if ($_.groupTypes -contains 'DynamicMembership') { $true } else { $false } } }
-                members       = ($RawGraphRequest | Where-Object { $_.id -eq 2 }).body.value
-                owners        = ($RawGraphRequest | Where-Object { $_.id -eq 3 }).body.value
-                allowExternal = (!$OnlyAllowInternal)
-                sendCopies    = $SendCopies
+                members                = ($RawGraphRequest | Where-Object { $_.id -eq 2 }).body.value
+                owners                 = ($RawGraphRequest | Where-Object { $_.id -eq 3 }).body.value
+                allowExternal          = (!$OnlyAllowInternal)
+                sendCopies             = $SendCopies
+                hideFromOutlookClients = if ($GroupType -eq 'Microsoft 365') { $UnifiedGroupInfo.HiddenFromExchangeClientsEnabled } else { $null }
             }
         } else {
             $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupID)/$($members)?`$top=999&select=$SelectString" -tenantid $TenantFilter | Select-Object *, @{ Name = 'primDomain'; Expression = { $_.mail -split '@' | Select-Object -Last 1 } },
