Merge pull request #471 from KelvinTegelaar/dev

pull[bot] · web-flow · commit c6fb7dd3f7f2 · 2025-09-29T18:41:23.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecUpdateSecureScore.ps1
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecUpdateSecureScore {
+function Invoke-ExecUpdateSecureScore {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -17,23 +17,28 @@ Function Invoke-ExecUpdateSecureScore {
     # Interact with query parameters or the body of the request.
     $TenantFilter = $Request.Body.TenantFilter
     $ControlName = $Request.Body.ControlName
-    $Body = @{
-        comment           = $Request.Body.reason
-        state             = $Request.Body.resolutionType.value
-        vendorInformation = $Request.Body.vendorInformation
-    }
-    try {
-        $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/security/secureScoreControlProfiles/$ControlName" -tenantid $TenantFilter -type PATCH -Body (ConvertTo-Json -InputObject $Body -Compress)
-        $StatusCode = [HttpStatusCode]::OK
-        $Result = "Successfully set control $ControlName to $($Body.state)"
-        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev 'Info'
-    } catch {
-        $ErrorMessage = Get-CippException -Exception $_
-        $Result = "Failed to set control $ControlName to $($Body.state). Error: $($ErrorMessage.NormalizedError)"
-        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
-        $StatusCode = [HttpStatusCode]::InternalServerError
-    }
 
+    if ($ControlName -match '^scid_') {
+        $Result = 'Defender controls cannot be updated via this API. Please use the Microsoft 365 Defender portal to update these controls.'
+        $StatusCode = [HttpStatusCode]::BadRequest
+    } else {
+        $Body = @{
+            comment           = $Request.Body.reason
+            state             = $Request.Body.resolutionType.value
+            vendorInformation = $Request.Body.vendorInformation
+        }
+        try {
+            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/security/secureScoreControlProfiles/$ControlName" -tenantid $TenantFilter -type PATCH -Body (ConvertTo-Json -InputObject $Body -Compress)
+            $StatusCode = [HttpStatusCode]::OK
+            $Result = "Successfully set control $ControlName to $($Body.state)"
+            Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev 'Info'
+        } catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            $Result = "Failed to set control $ControlName to $($Body.state). Error: $($ErrorMessage.NormalizedError)"
+            Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev Error -LogData $ErrorMessage
+            $StatusCode = [HttpStatusCode]::InternalServerError
+        }
+    }
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = $StatusCode
