prerelease push

KelvinTegelaar · KelvinTegelaar · commit baa663e25e63 · 2025-08-01T15:39:54.000+02:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecUpdateDriftDeviation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecUpdateDriftDeviation.ps1
@@ -72,20 +72,19 @@ function Invoke-ExecUpdateDriftDeviation {
                         Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Scheduled drift remediation task for $Setting" -Sev 'Info'
                     }
                     if ($Deviation.status -eq 'deniedDelete') {
-                        if ($Deviation.standardName -like 'ConditionalAccessTemplate*') {
-                            $ID = $Deviation.standardName -replace 'ConditionalAccessTemplates.', ''
-                            Write-Host "Going to delete CA Policy with ID $ID. Deviation Name is $($Deviation.standardName)"
-                            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/$($ID)" -type DELETE -tenant $TenantFilter -asapp $true
-                            "Deleted CA Policy $($ID)"
-                            Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Deleted Conditional Access Policy with ID $($ID)" -Sev 'Info'
+                        $Policy = $Deviation.receivedValue | ConvertFrom-Json -ErrorAction SilentlyContinue
+                        Write-Host "Policy is $($Policy)"
+                        $URLName = Get-CIPPURLName -Template $Policy
+                        if ($Policy -and $URLName) {
+                            Write-Host "Going to delete Policy with ID $($policy.ID) Deviation Name is $($Deviation.standardName)"
+                            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/$($URLName)/$($policy.id)" -type DELETE -tenant $TenantFilter
+                            "Deleted Policy $($ID)"
+                            Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Deleted Policy with ID $($ID)" -Sev 'Info'
+                        } else {
+                            "could not find policy with ID $($ID)"
+                            Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not find Policy with ID $($ID) to delete for remediation" -Sev 'Warning'
                         }
 
-                        if ($Deviation.standardName -like 'IntuneTemplates*') {
-                            New-GraphPostRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($UrlName)('$($PolicyId)')" -type DELETE -tenant $TenantFilter
-                            "Deleted Intune Policy $($ID)"
-                            Write-LogMessage -tenant $TenantFilter -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Deleted Intune Policy with ID $($ID)" -Sev 'Info'
-
-                        }
 
                     }
                 } catch {
diff --git a/Modules/CIPPCore/Public/Functions/Get-CIPPURLName.ps1 b/Modules/CIPPCore/Public/Functions/Get-CIPPURLName.ps1
@@ -0,0 +1,155 @@
+function Get-CIPPURLName {
+    <#
+    .SYNOPSIS
+        Gets the correct Microsoft Graph URL based on the OData type of a template
+    .DESCRIPTION
+        This function examines the @odata.type property of a JSON template object and returns
+        the appropriate full Microsoft Graph API URL for that resource type.
+    .PARAMETER Template
+        The template object containing the @odata.type property to analyze
+    .FUNCTIONALITY
+        Internal
+    .EXAMPLE
+        Get-CIPPURLName -Template $MyTemplate
+    .EXAMPLE
+        $Template | Get-CIPPURLName
+    #>
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [PSCustomObject]$Template
+    )
+
+    # Extract the OData type from the template
+    $ODataType = $Template.'@odata.type'
+    if ($Template.urlName) { return $Template.urlName }
+
+    if (-not $ODataType) {
+        Write-Warning 'No @odata.type property found in template'
+        return $null
+    }
+
+    # Determine the full Microsoft Graph URL based on the OData type
+    $URLName = switch -wildcard ($ODataType) {
+        # Device Compliance Policies
+        '*CompliancePolicy' {
+            'deviceManagement/deviceCompliancePolicies'
+        }
+        '*deviceCompliancePolicy' {
+            'deviceManagement/deviceCompliancePolicies'
+        }
+
+        # Managed App Policies (App Protection)
+        '*ManagedAppProtection' {
+            'deviceAppManagement/managedAppPolicies'
+        }
+        '*managedAppPolicies' {
+            'deviceAppManagement/managedAppPolicies'
+        }
+        '*managedAppPolicy' {
+            'deviceAppManagement/managedAppPolicies'
+        }
+        '*appProtectionPolicy' {
+            'deviceAppManagement/managedAppPolicies'
+        }
+
+        # Configuration Policies (Settings Catalog)
+        '*configurationPolicies' {
+            'deviceManagement/configurationPolicies'
+        }
+        '*deviceManagementConfigurationPolicy' {
+            'deviceManagement/configurationPolicies'
+        }
+
+        # Windows Driver Update Profiles
+        '*windowsDriverUpdateProfiles' {
+            'deviceManagement/windowsDriverUpdateProfiles'
+        }
+        '*windowsDriverUpdateProfile' {
+            'deviceManagement/windowsDriverUpdateProfiles'
+        }
+
+        # Device Configurations
+        '*deviceConfigurations' {
+            'deviceManagement/deviceConfigurations'
+        }
+        '*deviceConfiguration' {
+            'deviceManagement/deviceConfigurations'
+        }
+
+        # Group Policy Configurations (Administrative Templates)
+        '*groupPolicyConfigurations' {
+            'deviceManagement/groupPolicyConfigurations'
+        }
+        '*groupPolicyConfiguration' {
+            'deviceManagement/groupPolicyConfigurations'
+        }
+
+        # Conditional Access Policies
+        '*conditionalAccessPolicy' {
+            'identity/conditionalAccess/policies'
+        }
+
+        # Device Enrollment Configurations
+        '*deviceEnrollmentConfiguration' {
+            'deviceManagement/deviceEnrollmentConfigurations'
+        }
+        '*enrollmentConfiguration' {
+            'deviceManagement/deviceEnrollmentConfigurations'
+        }
+
+        # Mobile App Configurations
+        '*mobileAppConfiguration' {
+            'deviceAppManagement/mobileAppConfigurations'
+        }
+        '*appConfiguration' {
+            'deviceAppManagement/mobileAppConfigurations'
+        }
+
+        # Windows Feature Update Profiles
+        '*windowsFeatureUpdateProfile' {
+            'deviceManagement/windowsFeatureUpdateProfiles'
+        }
+
+        # Device Health Scripts (Remediation Scripts)
+        '*deviceHealthScript' {
+            'deviceManagement/deviceHealthScripts'
+        }
+
+        # Device Management Scripts (PowerShell Scripts)
+        '*deviceManagementScript' {
+            'deviceManagement/deviceManagementScripts'
+        }
+
+        # Mobile Applications
+        '*mobileApp' {
+            'deviceAppManagement/mobileApps'
+        }
+        '*winGetApp' {
+            'deviceAppManagement/mobileApps'
+        }
+        '*officeSuiteApp' {
+            'deviceAppManagement/mobileApps'
+        }
+
+        # Named Locations
+        '*namedLocation' {
+            'identity/conditionalAccess/namedLocations'
+        }
+        '*ipNamedLocation' {
+            'identity/conditionalAccess/namedLocations'
+        }
+        '*countryNamedLocation' {
+            'identity/conditionalAccess/namedLocations'
+        }
+
+        # Default fallback
+        default {
+            Write-Warning "Unknown OData type: $ODataType"
+            $null
+        }
+    }
+
+    return $URLName
+}
+
diff --git a/Modules/CIPPCore/Public/Get-CIPPDrift.ps1 b/Modules/CIPPCore/Public/Get-CIPPDrift.ps1
@@ -84,47 +84,47 @@ function Get-CIPPDrift {
             # Always get live data when not in AllTenants mode
             $IntuneRequests = @(
                 @{
-                    id     = 'deviceAppManagement'
+                    id     = 'deviceAppManagement/managedAppPolicies'
                     url    = 'deviceAppManagement/managedAppPolicies'
                     method = 'GET'
                 }
                 @{
-                    id     = 'deviceCompliancePolicies'
+                    id     = 'deviceManagement/deviceCompliancePolicies'
                     url    = 'deviceManagement/deviceCompliancePolicies'
                     method = 'GET'
                 }
                 @{
-                    id     = 'groupPolicyConfigurations'
+                    id     = 'deviceManagement/groupPolicyConfigurations'
                     url    = 'deviceManagement/groupPolicyConfigurations'
                     method = 'GET'
                 }
                 @{
-                    id     = 'deviceConfigurations'
+                    id     = 'deviceManagement/deviceConfigurations'
                     url    = 'deviceManagement/deviceConfigurations'
                     method = 'GET'
                 }
                 @{
-                    id     = 'configurationPolicies'
+                    id     = 'deviceManagement/configurationPolicies'
                     url    = 'deviceManagement/configurationPolicies'
                     method = 'GET'
                 }
                 @{
-                    id     = 'windowsDriverUpdateProfiles'
+                    id     = 'deviceManagement/windowsDriverUpdateProfiles'
                     url    = 'deviceManagement/windowsDriverUpdateProfiles'
                     method = 'GET'
                 }
                 @{
-                    id     = 'windowsFeatureUpdateProfiles'
+                    id     = 'deviceManagement/windowsFeatureUpdateProfiles'
                     url    = 'deviceManagement/windowsFeatureUpdateProfiles'
                     method = 'GET'
                 }
                 @{
-                    id     = 'windowsQualityUpdatePolicies'
+                    id     = 'deviceManagement/windowsQualityUpdatePolicies'
                     url    = 'deviceManagement/windowsQualityUpdatePolicies'
                     method = 'GET'
                 }
                 @{
-                    id     = 'windowsQualityUpdateProfiles'
+                    id     = 'deviceManagement/windowsQualityUpdateProfiles'
                     url    = 'deviceManagement/windowsQualityUpdateProfiles'
                     method = 'GET'
                 }
@@ -220,6 +220,7 @@ function Get-CIPPDrift {
             # Check for extra Intune policies not in template
             foreach ($TenantPolicy in $TenantIntunePolicies) {
                 $PolicyFound = $false
+                $tenantPolicy.policy | Add-Member -MemberType NoteProperty -Name 'URLName' -Value $TenantPolicy.Type -Force
                 $TenantPolicyName = if ($TenantPolicy.Policy.displayName) { $TenantPolicy.Policy.displayName } else { $TenantPolicy.Policy.name }
 
                 foreach ($TemplatePolicy in $TemplateIntuneTemplates) {
