Merge pull request #139 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/GraphHelper/Get-CippException.ps1

@@ -1,5 +1,6 @@
 function Get-CippException {
     Param(
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0)]
         $Exception
     )
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1

@@ -43,38 +43,38 @@ function Invoke-CIPPStandardAuditLog {
         $DehydratedTenant = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' -Select IsDehydrated).IsDehydrated
         if ($DehydratedTenant -eq $true) {
             try {
-                New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization'
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Organization customization enabled.' -sev Info
+                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization'
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Organization customization enabled.' -sev Info
             } catch {
-                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable organization customization. Error: $ErrorMessage" -sev Debug
+                $ErrorMessage = Get-CippException -Exception $_
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable organization customization. Error: $($ErrorMessage.NormalizedError)" -sev Debug -LogData $ErrorMessage
             }
         }
 
         try {
             if ($AuditLogEnabled -eq $true) {
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log already enabled.' -sev Info
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log already enabled.' -sev Info
             } else {
-                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams @{UnifiedAuditLogIngestionEnabled = $true }
-                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log Enabled.' -sev Info
+                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams @{UnifiedAuditLogIngestionEnabled = $true }
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log Enabled.' -sev Info
             }
 
         } catch {
-            $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Unified Audit Log. Error: $ErrorMessage" -sev Error
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to apply Unified Audit Log. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
         }
     }
     if ($Settings.alert -eq $true) {
 
         if ($AuditLogEnabled -eq $true) {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log is enabled' -sev Info
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log is enabled' -sev Info
         } else {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log is not enabled' -sev Alert
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Unified Audit Log is not enabled' -sev Alert
         }
     }
 
     if ($Settings.report -eq $true) {
 
-        Add-CIPPBPAField -FieldName 'AuditLog' -FieldValue $AuditLogEnabled -StoreAs bool -Tenant $tenant
+        Add-CIPPBPAField -FieldName 'AuditLog' -FieldValue $AuditLogEnabled -StoreAs bool -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1

@@ -42,6 +42,24 @@ function Invoke-CIPPStandardSpoofWarn {
 
     # Get state value using null-coalescing operator
     $state = $Settings.state.value ?? $Settings.state
+    $AllowListAdd = $Settings.AllowListAdd.value ?? $Settings.AllowListAdd
+
+    # Test if all entries in the AllowListAdd variable are in the AllowList
+    $AllowListCorrect = $true
+    $AllowListAddEntries = foreach ($entry in $AllowListAdd) {
+        if ($CurrentInfo.AllowList -notcontains $entry) {
+            $AllowListCorrect = $false
+            Write-Host "AllowList entry $entry not found in current AllowList"
+            $entry
+        } else {
+            Write-Host "AllowList entry $entry found in current AllowList."
+        }
+    }
+    $AllowListAdd = @{'@odata.type' = '#Exchange.GenericHashTable'; Add = $AllowListAddEntries }
+
+    # Debug output
+    # Write-Host ($CurrentInfo | ConvertTo-Json -Depth 10)
+    # Write-Host ($AllowListAdd | ConvertTo-Json -Depth 10)
 
     # Input validation
     if (([string]::IsNullOrWhiteSpace($state) -or $state -eq 'Select a value') -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) {
@@ -50,22 +68,37 @@ function Invoke-CIPPStandardSpoofWarn {
     }
 
     If ($Settings.remediate -eq $true) {
+        Write-Host 'Time to remediate!'
         $status = if ($Settings.enable -and $Settings.disable) {
             # Handle pre standards v2.0 legacy settings when this was 2 separate standards
             Write-LogMessage -API 'Standards' -tenant $Tenant -message 'You cannot both enable and disable the Spoof Warnings setting' -sev Error
             Return
         } elseif ($state -eq 'enabled' -or $Settings.enable) { $true } else { $false }
 
-        if ($CurrentInfo.Enabled -eq $status) {
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Outlook external spoof warnings are already set to $status." -sev Info
-        } else {
-            try {
+        try {
+            if ($CurrentInfo.Enabled -eq $status -and $AllowListCorrect -eq $true) {
+                # Status correct, AllowList correct
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Outlook external spoof warnings are already set to $status and the AllowList is correct." -sev Info
+
+            } elseif ($CurrentInfo.Enabled -eq $status -and $AllowListCorrect -eq $false) {
+                # Status correct, AllowList incorrect
+                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ExternalInOutlook' -cmdParams @{ AllowList = $AllowListAdd; }
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Outlook external spoof warnings already set to $status. Added $($AllowListAdd.Add -join ', ') to the AllowList." -sev Info
+
+            } elseif ($CurrentInfo.Enabled -ne $status -and $AllowListCorrect -eq $false) {
+                # Status incorrect, AllowList incorrect
+                $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ExternalInOutlook' -cmdParams @{ Enabled = $status; AllowList = $AllowListAdd; }
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Outlook external spoof warnings set to $status. Added $($AllowListAdd.Add -join ', ') to the AllowList." -sev Info
+
+            } else {
+                # Status incorrect, AllowList correct
                 $null = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ExternalInOutlook' -cmdParams @{ Enabled = $status; }
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Outlook external spoof warnings set to $status." -sev Info
-            } catch {
-                $ErrorMessage = Get-CippException -Exception $_
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set Outlook external spoof warnings to $status. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
+
             }
+        } catch {
+            $ErrorMessage = Get-CippException -Exception $_
+            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set Outlook external spoof warnings to $status. Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
         }
     }