Merge pull request #635 from KelvinTegelaar/dev

pull[bot] · web-flow · commit e37b4edae15b · 2025-12-20T00:41:27.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertQuarantineReleaseRequests.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertQuarantineReleaseRequests.ps1
@@ -38,7 +38,7 @@
                     MessageId         = $Message.MessageId
                     Subject           = $Message.Subject
                     SenderAddress     = $Message.SenderAddress
-                    RecipientAddress  = $Message.RecipientAddress
+                    RecipientAddress  = $Message.RecipientAddress -join '; '
                     Type              = $Message.Type
                     PolicyName        = $Message.PolicyName
                     ReleaseStatus     = $Message.ReleaseStatus
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1
@@ -21,11 +21,21 @@ function Invoke-ExecListBackup {
 
     if ($NameOnly) {
         $Processed = foreach ($item in $Result) {
-            $properties = $item.PSObject.Properties | Where-Object { $_.Name -notin @('TenantFilter', 'ETag', 'PartitionKey', 'RowKey', 'Timestamp') -and $_.Value }
-            [PSCustomObject]@{
-                BackupName = $item.RowKey
-                Timestamp  = $item.Timestamp
-                Items      = $properties.Name
+            $properties = $item.PSObject.Properties | Where-Object { $_.Name -notin @('TenantFilter', 'ETag', 'PartitionKey', 'RowKey', 'Timestamp', 'OriginalEntityId', 'SplitOverProps', 'PartIndex') -and $_.Value }
+
+            if ($Type -eq 'Scheduled') {
+                [PSCustomObject]@{
+                    TenantFilter = $item.RowKey -match '^(.*?)_' | ForEach-Object { $matches[1] }
+                    BackupName   = $item.RowKey
+                    Timestamp    = $item.Timestamp
+                    Items        = $properties.Name
+                }
+            } else {
+                [PSCustomObject]@{
+                    BackupName = $item.RowKey
+                    Timestamp  = $item.Timestamp
+                }
+
             }
         }
         $Result = $Processed | Sort-Object Timestamp -Descending
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneTemplates.ps1
@@ -39,7 +39,8 @@ function Invoke-ListIntuneTemplates {
                 $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force
                 $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force
                 $data | Add-Member -NotePropertyName 'package' -NotePropertyValue $_.Package -Force
-                $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA))
+                $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force
+                $data | Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force
                 $data
             } catch {
 
@@ -65,6 +66,8 @@ function Invoke-ListIntuneTemplates {
                                 $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force
                                 $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force
                                 $data | Add-Member -NotePropertyName 'package' -NotePropertyValue $_.Package -Force
+                                $data | Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force
+                                $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force
                                 $data
                             } catch {
 
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupTemplates.ps1
@@ -48,6 +48,8 @@ function Invoke-ListGroupTemplates {
                 allowExternal   = $data.allowExternal
                 username        = $data.username
                 GUID            = $_.RowKey
+                source          = $_.Source
+                isSynced        = (![string]::IsNullOrEmpty($_.SHA))
             }
         } catch {
             Write-Information "Could not parse group template $($_.RowKey): $($_.Exception.Message)"
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1
@@ -35,6 +35,8 @@ function Invoke-ListCAtemplates {
             $row = $_
             $data = $row.JSON | ConvertFrom-Json -Depth 100 -ErrorAction Stop
             $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $row.GUID -Force
+            $data | Add-Member -NotePropertyName 'source' -NotePropertyValue $row.Source -Force
+            $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($row.SHA)) -Force
             $data
         } catch {
             Write-Warning "Failed to process CA template: $($row.RowKey) - $($_.Exception.Message)"
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1
@@ -23,6 +23,8 @@ function Invoke-listStandardTemplates {
         }
         if ($Data) {
             $Data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force
+            $Data | Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force
+            $Data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force
 
             if (!$Data.excludedTenants) {
                 $Data | Add-Member -NotePropertyName 'excludedTenants' -NotePropertyValue @() -Force
diff --git a/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-UpdateTokensTimer.ps1 b/Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-UpdateTokensTimer.ps1
@@ -68,7 +68,7 @@ function Start-UpdateTokensTimer {
                 Write-Information "Found $($ExpiredSecrets.Count) expired application secrets for $AppId. Removing them."
                 foreach ($Secret in $ExpiredSecrets) {
                     try {
-                        New-GraphPostRequest -type DELETE -uri "https://graph.microsoft.com/v1.0/applications/$($PasswordCredentials.id)/removePassword" -Body "{`"keyId`":`"$($Secret.keyId)`"}" -NoAuthCheck $true -AsApp $true -ErrorAction Stop
+                        New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/applications/$($PasswordCredentials.id)/removePassword" -Body "{`"keyId`":`"$($Secret.keyId)`"}" -NoAuthCheck $true -AsApp $true -ErrorAction Stop
                         Write-Information "Removed expired application secret with keyId $($Secret.keyId)."
                     } catch {
                         Write-LogMessage -API 'Update Tokens' -message "Error removing expired application secret with keyId $($Secret.keyId), see Log Data for details." -sev 'CRITICAL' -LogData (Get-CippException -Exception $_)
diff --git a/Modules/CIPPCore/Public/Get-CIPPBackup.ps1 b/Modules/CIPPCore/Public/Get-CIPPBackup.ps1
@@ -18,14 +18,22 @@ function Get-CIPPBackup {
     }
 
     if ($NameOnly.IsPresent) {
-        $Table.Property = @('PartitionKey', 'RowKey', 'Timestamp', 'OriginalEntityId')
+        $Table.Property = @('RowKey')
     }
 
     $Filter = $Conditions -join ' and '
     $Table.Filter = $Filter
-    $Info = Get-CIPPAzDataTableEntity @Table -Debug
-    if ($TenantFilter) {
-        $Info = $Info | Where-Object { $_.TenantFilter -eq $TenantFilter }
+    $Info = Get-CIPPAzDataTableEntity @Table
+
+    if ($NameOnly.IsPresent) {
+        $Info = $Info | Where-Object { $_.RowKey -notmatch '-part[0-9]+$' }
+        if ($TenantFilter) {
+            $Info = $Info | Where-Object { $_.RowKey -match "^$($TenantFilter)_" }
+        }
+    } else {
+        if ($TenantFilter -and $TenantFilter -ne 'AllTenants') {
+            $Info = $Info | Where-Object { $_.TenantFilter -eq $TenantFilter }
+        }
     }
     return $Info
 }
diff --git a/Modules/CIPPCore/Public/Get-CIPPDrift.ps1 b/Modules/CIPPCore/Public/Get-CIPPDrift.ps1
@@ -280,13 +280,17 @@ function Get-CIPPDrift {
                     } else {
                         'New'
                     }
+                    $reason = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].Reason }
+                    $User = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].User }
                     $PolicyDeviation = [PSCustomObject]@{
                         standardName        = $PolicyKey
                         standardDisplayName = "Intune - $TenantPolicyName"
                         expectedValue       = 'This policy only exists in the tenant, not in the template.'
                         receivedValue       = $TenantPolicy.Policy
                         state               = 'current'
                         Status              = $Status
+                        Reason              = $reason
+                        lastChangedByUser   = $User
                     }
                     $PolicyDeviations.Add($PolicyDeviation)
                 }
@@ -310,13 +314,17 @@ function Get-CIPPDrift {
                     } else {
                         'New'
                     }
+                    $reason = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].Reason }
+                    $User = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].User }
                     $PolicyDeviation = [PSCustomObject]@{
                         standardName        = $PolicyKey
                         standardDisplayName = "Conditional Access - $($TenantCAPolicy.displayName)"
                         expectedValue       = 'This policy only exists in the tenant, not in the template.'
                         receivedValue       = $TenantCAPolicy | Out-String
                         state               = 'current'
                         Status              = $Status
+                        Reason              = $reason
+                        lastChangedByUser   = $User
                     }
                     $PolicyDeviations.Add($PolicyDeviation)
                 }
diff --git a/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1 b/Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1
@@ -64,7 +64,7 @@ function New-CIPPTemplateRun {
 
                 if (!$ExistingTemplate -or $UpdateNeeded) {
                     $Template = (Get-GitHubFileContents -FullName $TemplateSettings.templateRepo.value -Branch $TemplateSettings.templateRepoBranch.value -Path $File.path).content | ConvertFrom-Json
-                    Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable -LocationData $LocationData
+                    Import-CommunityTemplate -Template $Template -SHA $File.sha -MigrationTable $MigrationTable -LocationData $LocationData -Source $TemplateSettings.templateRepo.value
                     if ($UpdateNeeded) {
                         Write-Information "Template $($File.name) needs to be updated as the SHA is different"
                         "Template $($File.name) updated"
@@ -114,7 +114,7 @@ function New-CIPPTemplateRun {
                     foreach ($policy in $policies) {
                         try {
                             $Hash = Get-StringHash -String ($policy | ConvertTo-Json -Depth 100 -Compress)
-                            $ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'CATemplate' -and $_.displayName -eq $policy.displayName } | Select-Object -First 1
+                            $ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'CATemplate' -and $_.displayName -eq $policy.displayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
                             if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
                                 "CA Policy $($policy.displayName) found, SHA matches, skipping template creation"
                                 continue
@@ -184,16 +184,16 @@ function New-CIPPTemplateRun {
                                     $Hash = Get-StringHash -String ($Policy | ConvertTo-Json -Depth 100 -Compress)
                                     $DisplayName = $Policy.displayName ?? $Policy.name
 
-                                    $ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'IntuneTemplate' -and $_.displayName -eq $DisplayName } | Select-Object -First 1
+                                    $ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'IntuneTemplate' -and $_.displayName -eq $DisplayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
 
                                     Write-Information "Processing Intune Configuration Policy $($DisplayName) - $($ExistingPolicy ? 'Existing template found' : 'No existing template found')"
 
                                     if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
-                                        "Intune Configuration Policy $($Policy.displayName) found, SHA matches, skipping template creation"
+                                        "Intune Configuration Policy $($DisplayName) found, SHA matches, skipping template creation"
                                         continue
                                     }
 
-                                    $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.ID
+                                    $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.id
                                     if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
                                         "Policy $($Template.DisplayName) found, updating template"
                                         $object = [PSCustomObject]@{
@@ -246,14 +246,15 @@ function New-CIPPTemplateRun {
                 'intunecompliance' {
                     Write-Information "Create Intune Compliance Policy Templates for $TenantFilter"
                     New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
+                        $Policy = $_
                         $Hash = Get-StringHash -String (ConvertTo-Json -Depth 100 -Compress -InputObject $_)
-                        $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $_.DisplayName } | Select-Object -First 1
+                        $ExistingPolicy = $ExistingTemplates | Where-Object { $Policy.displayName -eq $_.DisplayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
                         if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
                             "Intune Compliance Policy $($_.DisplayName) found, SHA matches, skipping template creation"
                             continue
                         }
 
-                        $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $_.ID
+                        $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $Policy.id
                         if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
                             "Intune Compliance Policy $($Template.DisplayName) found, updating template"
                             $object = [PSCustomObject]@{
@@ -299,14 +300,15 @@ function New-CIPPTemplateRun {
                 'intuneprotection' {
                     Write-Information "Create Intune Protection Policy Templates for $TenantFilter"
                     New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/managedAppPolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
+                        $Policy = $_
                         $Hash = Get-StringHash -String (ConvertTo-Json -Depth 100 -Compress -InputObject $_)
-                        $ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $_.DisplayName } | Select-Object -First 1
+                        $ExistingPolicy = $ExistingTemplates | Where-Object { $Policy.displayName -eq $_.DisplayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
                         if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
                             "Intune Protection Policy $($_.DisplayName) found, SHA matches, skipping template creation"
                             continue
                         }
 
-                        $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $_.ID
+                        $Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $Policy.id
                         if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
                             "Intune Protection Policy $($Template.DisplayName) found, updating template"
                             $object = [PSCustomObject]@{
diff --git a/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1 b/Modules/CIPPCore/Public/Tools/Import-CommunityTemplate.ps1
@@ -9,6 +9,7 @@ function Import-CommunityTemplate {
         $SHA,
         $MigrationTable,
         $LocationData,
+        $Source,
         [switch]$Force
     )
 
@@ -64,6 +65,7 @@ function Import-CommunityTemplate {
             $NewJSON = [string]($NewJSON | ConvertTo-Json -Depth 100 -Compress)
             $Template.JSON = $NewJSON
             $Template | Add-Member -MemberType NoteProperty -Name SHA -Value $SHA -Force
+            $Template | Add-Member -MemberType NoteProperty -Name Source -Value $Source -Force
             Add-CIPPAzDataTableEntity @Table -Entity $Template -Force
         } else {
             if ($Template.mailNickname) { $Type = 'Group' }
@@ -86,6 +88,7 @@ function Import-CommunityTemplate {
                         SHA          = $SHA
                         GUID         = $Template.id
                         RowKey       = $Template.id
+                        Source       = $Source
                     }
                     Add-CIPPAzDataTableEntity @Table -Entity $entity -Force
                     break
@@ -121,13 +124,13 @@ function Import-CommunityTemplate {
                         }
                     }
 
-
                     $entity = @{
                         JSON         = "$RawJson"
                         PartitionKey = 'CATemplate'
                         SHA          = $SHA
                         GUID         = $ID
                         RowKey       = $ID
+                        Source       = $Source
                     }
                     Add-CIPPAzDataTableEntity @Table -Entity $entity -Force
                     break
@@ -162,6 +165,7 @@ function Import-CommunityTemplate {
                         SHA          = $SHA
                         GUID         = $ID
                         RowKey       = $ID
+                        Source       = $Source
                     }
 
                     if ($Existing -and $Existing.Package) {
diff --git a/host.json b/host.json
@@ -16,9 +16,9 @@
         "distributedTracingEnabled": false,
         "version": "None"
       },
-      "defaultVersion": "8.8.1",
+      "defaultVersion": "8.8.2",
       "versionMatchStrategy": "Strict",
       "versionFailureStrategy": "Fail"
     }
   }
-}
+}
diff --git a/version_latest.txt b/version_latest.txt
@@ -1 +1 @@
-8.8.1
+8.8.2

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,8 @@ function Invoke-ListGroupTemplates {`
`48`	`48`	`allowExternal = $data.allowExternal`
`49`	`49`	`username = $data.username`
`50`	`50`	`GUID = $_.RowKey`
	`51`	`+ source = $_.Source`
	`52`	`+ isSynced = (![string]::IsNullOrEmpty($_.SHA))`
`51`	`53`	`}`
`52`	`54`	`} catch {`
`53`	`55`	`Write-Information "Could not parse group template $($_.RowKey): $($_.Exception.Message)"`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@ function Invoke-listStandardTemplates {`
`23`	`23`	`}`
`24`	`24`	`if ($Data) {`
`25`	`25`	`$Data \| Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force`
	`26`	`+ $Data \| Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force`
	`27`	`+ $Data \| Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force`
`26`	`28`
`27`	`29`	`if (!$Data.excludedTenants) {`
`28`	`30`	`$Data \| Add-Member -NotePropertyName 'excludedTenants' -NotePropertyValue @() -Force`