bmsimp
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPDriftManagement.ps1‎
Lines changed: 77 additions & 0 deletions b/‎Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPDriftManagement.ps1‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1‎
Lines changed: 3 additions & 3 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemovePolicy.ps1‎
Lines changed: 1 addition & 1 deletion b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-RemovePolicy.ps1‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecUpdateDriftDeviation.ps1‎
Lines changed: 5 additions & 2 deletions b/‎Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecUpdateDriftDeviation.ps1‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1‎
Lines changed: 7 additions & 1 deletion b/‎Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1‎
Lines changed: 15 additions & 0 deletions b/‎Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1‎
Lines changed: 15 additions & 0 deletions
@@ -0,0 +1,77 @@
+function Push-CippDriftManagement {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    param (
+        $Item
+    )
+
+    Write-Information "Received queue item for $($Item.Tenant)"
+
+    try {
+        $Drift = Get-CIPPDrift -TenantFilter $item.tenant
+        if ($Drift.newDeviationsCount -gt 0) {
+            $email = (Get-CIPPTenantAlignment -TenantFilter $Item.Tenant | Where-Object -Property standardType -EQ 'drift').standardSettings.email
+            $webhook = (Get-CIPPTenantAlignment -TenantFilter $Item.Tenant | Where-Object -Property standardType -EQ 'drift').standardSettings.webhook
+            $CippConfigTable = Get-CippTable -tablename Config
+            $CippConfig = Get-CIPPAzDataTableEntity @CippConfigTable -Filter "PartitionKey eq 'InstanceProperties' and RowKey eq 'CIPPURL'"
+            $CIPPURL = 'https://{0}' -f $CippConfig.Value
+            $Data = $Drift.currentDeviations | ForEach-Object {
+                $currentValue = if ($_.receivedValue -and $_.receivedValue.Length -gt 200) {
+                    $_.receivedValue.Substring(0, 200) + '...'
+                } else {
+                    $_.receivedValue
+                }
+                [PSCustomObject]@{
+                    Standard         = $_.standardDisplayName ? $_.standardDisplayName : $_.standardName
+                    'Expected Value' = $_.expectedValue
+                    'Current Value'  = $currentValue
+                    Status           = $_.status
+                }
+            }
+            $GenerateEmail = New-CIPPAlertTemplate -format 'html' -data $Data -CIPPURL $CIPPURL -Tenant $item.tenant -InputObject 'driftStandard'
+            $CIPPAlert = @{
+                Type         = 'email'
+                Title        = $GenerateEmail.title
+                HTMLContent  = $GenerateEmail.htmlcontent
+                TenantFilter = $item.Tenant
+            }
+            Write-Host 'Going to send the mail'
+            Send-CIPPAlert @CIPPAlert -altEmail $email
+            $WebhookData = @{
+                Title      = $GenerateEmail.title
+                ActionUrl  = $GenerateEmail.ButtonUrl
+                ActionText = $GenerateEmail.ButtonText
+                AlertData  = $Data
+                Tenant     = $Item.Tenant
+            } | ConvertTo-Json -Depth 15 -Compress
+            $CippAlert = @{
+                Type         = 'webhook'
+                Title        = $GenerateEmail.title
+                JSONContent  = $WebhookData
+                TenantFilter = $item.tenant
+            }
+            Write-Host 'Sending Webhook Content'
+            Send-CIPPAlert @CippAlert -altWebhook $webhook
+            #Always do PSA.
+            $CIPPAlert = @{
+                Type         = 'psa'
+                Title        = $GenerateEmail.title
+                HTMLContent  = $GenerateEmail.htmlcontent
+                TenantFilter = $TenantFilter
+            }
+            Send-CIPPAlert @CIPPAlert
+            return $true
+        } else {
+            Write-LogMessage -API 'DriftStandards' -tenant $Item.Tenant -message "No new drift deviations found for tenant $($Item.Tenant)" -sev Info
+            return $true
+        }
+        Write-Information "Drift management completed for tenant $($Item.Tenant)"
+    } catch {
+        Write-LogMessage -API 'DriftStandards' -tenant $Item.Tenant -message "Error running Drift Check for tenant $($Item.Tenant) - $($_.Exception.Message)" -sev Error -LogData (Get-CippException -Exception $_)
+        Write-Warning "Error running standard $($Item.Standard) for tenant $($Item.Tenant) - $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
+        throw $_.Exception.Message
+    }
+}
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecRestoreBackup {
+function Invoke-ExecRestoreBackup {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -27,7 +27,7 @@ Function Invoke-ExecRestoreBackup {
                     $Table.Entity = $ht2
                     Add-CIPPAzDataTableEntity @Table -Force
                 }
-                Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Created backup' -Sev 'Debug'
+                Write-LogMessage -headers $Request.Headers -API $APINAME -message "Restored backup $($Request.Body.BackupName)" -Sev 'Info'
                 $body = [pscustomobject]@{
                     'Results' = 'Successfully restored backup.'
                 }
@@ -44,7 +44,7 @@ Function Invoke-ExecRestoreBackup {
                 $Table.Entity = $ht2
                 Add-AzDataTableEntity @Table -Force
             }
-            Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Created backup' -Sev 'Debug'
+            Write-LogMessage -headers $Request.Headers -API $APINAME -message "Restored backup $($Request.Body.BackupName)" -Sev 'Info'
 
             $body = [pscustomobject]@{
                 'Results' = 'Successfully restored backup.'
 
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-RemovePolicy {
+function Invoke-RemovePolicy {
     <#
     .FUNCTIONALITY
         Entrypoint
 
@@ -30,14 +30,17 @@ function Invoke-ExecUpdateDriftDeviation {
             Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Removed all drift customizations for tenant $TenantFilter" -Sev 'Info'
         } else {
             $Deviations = $Request.Body.deviations
+            $Reason = $Request.Body.reason
             $Results = foreach ($Deviation in $Deviations) {
                 try {
-                    $Result = Set-CIPPDriftDeviation -TenantFilter $TenantFilter -StandardName $Deviation.standardName -Status $Deviation.status
+                    $user = $request.headers.'x-ms-client-principal'
+                    $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails
+                    $Result = Set-CIPPDriftDeviation -TenantFilter $TenantFilter -StandardName $Deviation.standardName -Status $Deviation.status -Reason $Reason -user $username
                     [PSCustomObject]@{
                         success = $true
                         result  = $Result
                     }
-                    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Updated drift deviation status for $($Deviation.standardName) to $($Deviation.status)" -Sev 'Info'
+                    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Updated drift deviation status for $($Deviation.standardName) to $($Deviation.status) with reason: $Reason" -Sev 'Info'
                     if ($Deviation.status -eq 'DeniedRemediate') {
                         $Setting = $Deviation.standardName -replace 'standards.', ''
                         $StandardTemplate = Get-CIPPTenantAlignment -TenantFilter $TenantFilter | Where-Object -Property standardType -EQ 'drift'
 
@@ -28,6 +28,7 @@ function Invoke-ListLogs {
             $LogLevel = if ($Request.Query.Severity) { ($Request.query.Severity).split(',') } else { 'Info', 'Warn', 'Error', 'Critical', 'Alert' }
             $PartitionKey = $Request.Query.DateFilter
             $username = $Request.Query.User ?? '*'
+            $TenantFilter = $Request.Query.Tenant
 
             $StartDate = $Request.Query.StartDate ?? $Request.Query.DateFilter
             $EndDate = $Request.Query.EndDate ?? $Request.Query.DateFilter
@@ -48,12 +49,17 @@ function Invoke-ListLogs {
             $LogLevel = 'Info', 'Warn', 'Error', 'Critical', 'Alert'
             $PartitionKey = Get-Date -UFormat '%Y%m%d'
             $username = '*'
+            $TenantFilter = $null
             $Filter = "PartitionKey eq '{0}'" -f $PartitionKey
         }
         $AllowedTenants = Test-CIPPAccess -Request $Request -TenantList
         Write-Host "Getting logs for filter: $Filter, LogLevel: $LogLevel, Username: $username"
 
-        $Rows = Get-AzDataTableEntity @Table -Filter $Filter | Where-Object { $_.Severity -in $LogLevel -and $_.Username -like $username }
+        $Rows = Get-AzDataTableEntity @Table -Filter $Filter | Where-Object {
+            $_.Severity -in $LogLevel -and
+            $_.Username -like $username -and
+            ($TenantFilter -eq $null -or $TenantFilter -eq 'AllTenants' -or $_.Tenant -like "*$TenantFilter*" -or $_.TenantID -eq $TenantFilter)
+        }
 
         if ($AllowedTenants -notcontains 'AllTenants') {
             $TenantList = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -in $AllowedTenants }
 
@@ -150,6 +150,21 @@ function Get-CIPPTenantAlignment {
                             }
                         }
                     }
+                }
+                # Handle Conditional Access templates specially
+                elseif ($StandardKey -eq 'ConditionalAccessTemplate' -and $StandardConfig -is [array]) {
+                    foreach ($CATemplate in $StandardConfig) {
+                        if ($CATemplate.TemplateList.value) {
+                            $CAStandardId = "standards.ConditionalAccessTemplate.$($CATemplate.TemplateList.value)"
+                            $CAActions = if ($CATemplate.action) { $CATemplate.action } else { @() }
+                            $CAReportingEnabled = ($CAActions | Where-Object { $_.value -and ($_.value.ToLower() -eq 'report' -or $_.value.ToLower() -eq 'remediate') }).Count -gt 0
+
+                            [PSCustomObject]@{
+                                StandardId       = $CAStandardId
+                                ReportingEnabled = $CAReportingEnabled
+                            }
+                        }
+                    }
                 } else {
                     [PSCustomObject]@{
                         StandardId       = $StandardId