Merge pull request #358 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardCloudMessageRecall.ps1

@@ -32,7 +32,7 @@ function Invoke-CIPPStandardCloudMessageRecall {
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'CloudMessageRecall'
 
     # Get state value using null-coalescing operator
-    $state = $Settings.state.value ?? $Settings.state
+    $state = $Settings.state.value
 
     $CurrentState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').MessageRecallEnabled
     $WantedState = if ($state -eq 'true') { $true } else { $false }
@@ -41,14 +41,14 @@ function Invoke-CIPPStandardCloudMessageRecall {
     if ($Settings.report -eq $true) {
         # Default is not set, not set means it's enabled
         if ($null -eq $CurrentState ) { $CurrentState = $true }
-        Set-CIPPStandardsCompareField -FieldName 'standards.CloudMessageRecall' -FieldValue $CurrentState -TenantFilter $Tenant
+        Set-CIPPStandardsCompareField -FieldName 'standards.CloudMessageRecall' -FieldValue $StateIsCorrect -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'MessageRecall' -FieldValue $CurrentState -StoreAs bool -Tenant $Tenant
     }
 
     # Input validation
     if (([string]::IsNullOrWhiteSpace($state) -or $state -eq 'Select a value') -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) {
         Write-LogMessage -API 'Standards' -tenant $Tenant -message 'MessageRecallEnabled: Invalid state parameter set' -sev Error
-        Return
+        return
     }
 
     if ($Settings.remediate -eq $true) {

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1

@@ -43,7 +43,7 @@ function Invoke-CIPPStandardExternalMFATrusted {
     # Input validation
     if (([string]::IsNullOrWhiteSpace($state) -or $state -eq 'Select a value') -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) {
         Write-LogMessage -API 'Standards' -tenant $Tenant -message 'ExternalMFATrusted: Invalid state parameter set' -sev Error
-        Return
+        return
     }
 
     if ($Settings.remediate -eq $true) {
@@ -66,7 +66,8 @@ function Invoke-CIPPStandardExternalMFATrusted {
     }
     if ($Settings.report -eq $true) {
         $state = $ExternalMFATrusted.inboundTrust.isMfaAccepted ? $true : $ExternalMFATrusted.inboundTrust
-        Set-CIPPStandardsCompareField -FieldName 'standards.ExternalMFATrusted' -FieldValue $ExternalMFATrusted.inboundTrust.isMfaAccepted -TenantFilter $Tenant
+        $ReportState = $ExternalMFATrusted.inboundTrust.isMfaAccepted -eq $WantedState
+        Set-CIPPStandardsCompareField -FieldName 'standards.ExternalMFATrusted' -FieldValue $ReportState -TenantFilter $Tenant
         Add-CIPPBPAField -FieldName 'ExternalMFATrusted' -FieldValue $ExternalMFATrusted.inboundTrust.isMfaAccepted -StoreAs bool -Tenant $Tenant
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1

@@ -29,7 +29,7 @@ function Invoke-CIPPStandardGroupTemplate {
     #>
     param($Tenant, $Settings)
     ##$Rerun -Type Standard -Tenant $Tenant -Settings $Settings 'GroupTemplate'
-
+    $existingGroups = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/groups?$top=999' -tenantid $tenant
     if ($Settings.remediate -eq $true) {
         #Because the list name changed from TemplateList to groupTemplate by someone :@, we'll need to set it back to TemplateList
         $Settings.groupTemplate ? ($Settings | Add-Member -NotePropertyName 'TemplateList' -NotePropertyValue $Settings.groupTemplate) : $null
@@ -40,7 +40,7 @@ function Invoke-CIPPStandardGroupTemplate {
                 $Filter = "PartitionKey eq 'GroupTemplate' and RowKey eq '$($Template.value)'"
                 $groupobj = (Get-AzDataTableEntity @Table -Filter $Filter).JSON | ConvertFrom-Json
                 $email = if ($groupobj.domain) { "$($groupobj.username)@$($groupobj.domain)" } else { "$($groupobj.username)@$($Tenant)" }
-                $CheckExististing = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/groups?$top=999' -tenantid $tenant | Where-Object -Property displayName -EQ $groupobj.displayname
+                $CheckExististing = $existingGroups | Where-Object -Property displayName -EQ $groupobj.displayname
                 $BodyToship = [pscustomobject] @{
                     'displayName'   = $groupobj.Displayname
                     'description'   = $groupobj.Description
@@ -114,4 +114,22 @@ function Invoke-CIPPStandardGroupTemplate {
             }
         }
     }
+    if ($Settings.report -eq $true) {
+        $Groups = $Settings.groupTemplate.JSON | ConvertFrom-Json -Depth 10
+        #check if all groups.displayName are in the existingGroups, if not $fieldvalue should contain all missing groups, else it should be true.
+        $MissingGroups = foreach ($Group in $Groups) {
+            $CheckExististing = $existingGroups | Where-Object -Property displayName -EQ $Group.displayname
+            if (!$CheckExististing) {
+                $Group.displayname
+            }
+        }
+
+        if ($MissingGroups.Count -eq 0) {
+            $fieldValue = $true
+        } else {
+            $fieldValue = $MissingGroups -join ', '
+        }
+
+        Set-CIPPStandardsCompareField -FieldName 'standards.GroupTemplate' -FieldValue $fieldValue -Tenant $Tenant
+    }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailboxRecipientLimits.ps1

@@ -69,8 +69,11 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
     if ($null -ne $Mailboxes -and @($Mailboxes).Count -gt 0) {
         # Process mailboxes and categorize them based on their plan limits
         $MailboxResults = @($Mailboxes) | ForEach-Object {
-            $Mailbox = $_
 
+            $Mailbox = $_
+            if ($Mailbox.UserPrincipalName -like 'DiscoverySearchMailbox*' -or $Mailbox.UserPrincipalName -like 'SystemMailbox*') {
+                return
+            }
             # Safe hashtable lookup - check if MailboxPlanId exists and is not null
             $Plan = $null
             if ($Mailbox.MailboxPlanId -and $MailboxPlanLookup.ContainsKey($Mailbox.MailboxPlanId)) {
@@ -83,8 +86,7 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
                 # If mailbox has "Unlimited" set but has a plan, use the plan's limit as the current limit
                 $CurrentLimit = if ($Mailbox.RecipientLimits -eq 'Unlimited') {
                     $PlanMaxRecipients
-                }
-                else {
+                } else {
                     $Mailbox.RecipientLimits
                 }
 
@@ -96,15 +98,13 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
                         PlanLimit    = $PlanMaxRecipients
                         PlanName     = $Plan.DisplayName
                     }
-                }
-                elseif ($CurrentLimit -ne $Settings.RecipientLimit) {
+                } elseif ($CurrentLimit -ne $Settings.RecipientLimit) {
                     [PSCustomObject]@{
                         Type    = 'ToUpdate'
                         Mailbox = $Mailbox
                     }
                 }
-            }
-            elseif ($Mailbox.RecipientLimits -ne $Settings.RecipientLimit) {
+            } elseif ($Mailbox.RecipientLimits -ne $Settings.RecipientLimit) {
                 [PSCustomObject]@{
                     Type    = 'ToUpdate'
                     Mailbox = $Mailbox
@@ -139,11 +139,11 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
                 $MailboxChanges = $MailboxesToUpdate | ForEach-Object {
                     $CurrentLimit = if ($_.RecipientLimits -eq 'Unlimited') { 'Unlimited' } else { $_.RecipientLimits }
                     @{
-                        Identity = $_.Identity
-                        DisplayName = $_.DisplayName
+                        Identity           = $_.Identity
+                        DisplayName        = $_.DisplayName
                         PrimarySmtpAddress = $_.PrimarySmtpAddress
-                        CurrentLimit = $CurrentLimit
-                        NewLimit = $Settings.RecipientLimit
+                        CurrentLimit       = $CurrentLimit
+                        NewLimit           = $Settings.RecipientLimit
                     }
                 }
 
@@ -165,13 +165,11 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
                 # Execute batch update
                 $null = New-ExoBulkRequest -tenantid $Tenant -cmdletArray $UpdateRequests
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully applied recipient limits to $($MailboxesToUpdate.Count) mailboxes" -sev Info
-            }
-            catch {
+            } catch {
                 $ErrorMessage = Get-CippException -Exception $_
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set recipient limits. $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
             }
-        }
-        else {
+        } else {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "All mailboxes already have the correct recipient limit of $($Settings.RecipientLimit)" -sev Info
         }
     }
@@ -180,12 +178,11 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
     if ($Settings.alert -eq $true) {
         if ($MailboxesToUpdate.Count -eq 0 -and $MailboxesWithPlanIssues.Count -eq 0) {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "All mailboxes have the correct recipient limit of $($Settings.RecipientLimit)" -sev Info
-        }
-        else {
+        } else {
             # Create structured alert data
             $AlertData = @{
-                RequestedLimit = $Settings.RecipientLimit
-                MailboxesToUpdate = @()
+                RequestedLimit          = $Settings.RecipientLimit
+                MailboxesToUpdate       = @()
                 MailboxesWithPlanIssues = @()
             }
 
@@ -197,11 +194,11 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
                 $AlertData.MailboxesToUpdate = $MailboxesToUpdate | ForEach-Object {
                     $CurrentLimit = if ($_.RecipientLimits -eq 'Unlimited') { 'Unlimited' } else { $_.RecipientLimits }
                     @{
-                        Identity = $_.Identity
-                        DisplayName = $_.DisplayName
+                        Identity           = $_.Identity
+                        DisplayName        = $_.DisplayName
                         PrimarySmtpAddress = $_.PrimarySmtpAddress
-                        CurrentLimit = $CurrentLimit
-                        RequiredLimit = $Settings.RecipientLimit
+                        CurrentLimit       = $CurrentLimit
+                        RequiredLimit      = $Settings.RecipientLimit
                     }
                 }
                 # Add to alert objects list efficiently
@@ -214,10 +211,10 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
             if ($MailboxesWithPlanIssues.Count -gt 0) {
                 $AlertData.MailboxesWithPlanIssues = $MailboxesWithPlanIssues | ForEach-Object {
                     @{
-                        Identity = $_.Identity
-                        CurrentLimit = $_.CurrentLimit
-                        PlanLimit = $_.PlanLimit
-                        PlanName = $_.PlanName
+                        Identity       = $_.Identity
+                        CurrentLimit   = $_.CurrentLimit
+                        PlanLimit      = $_.PlanLimit
+                        PlanName       = $_.PlanName
                         RequestedLimit = $Settings.RecipientLimit
                     }
                 }
@@ -249,8 +246,7 @@ function Invoke-CIPPStandardMailboxRecipientLimits {
 
         if ($MailboxesToUpdate.Count -eq 0 -and $MailboxesWithPlanIssues.Count -eq 0) {
             $FieldValue = $true
-        }
-        else {
+        } else {
             $FieldValue = $ReportData
         }
         Set-CIPPStandardsCompareField -FieldName 'standards.MailboxRecipientLimits' -FieldValue $FieldValue -Tenant $Tenant

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1

@@ -62,4 +62,9 @@ function Invoke-CIPPStandardSafeSendersDisable {
         }
     }
 
+    if ($Settings.report -eq $true) {
+        #This script always returns true, as it only disables the Safe Senders list
+        Set-CIPPStandardsCompareField -FieldName 'standards.SafeSendersDisable' -FieldValue $true -Tenant $Tenant
+    }
+
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTeamsMeetingRecordingExpiration.ps1

@@ -73,9 +73,8 @@ function Invoke-CIPPStandardTeamsMeetingRecordingExpiration {
     if ($Settings.report -eq $true) {
         Add-CIPPBPAField -FieldName 'TeamsMeetingRecordingExpiration' -FieldValue $CurrentExpirationDays -StoreAs string -Tenant $Tenant
 
-        $CurrentExpirationDays = [PSCustomObject]@{
-            ExpirationDays = [string]$CurrentExpirationDays
-        }
+        $CurrentExpirationDays = if ($StateIsCorrect) { $true } else { $CurrentExpirationDays }
+
         Set-CIPPStandardsCompareField -FieldName 'standards.TeamsMeetingRecordingExpiration' -FieldValue $CurrentExpirationDays -Tenant $Tenant
     }
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1

@@ -39,10 +39,10 @@ function Invoke-CIPPStandardcalDefault {
     # Input validation
     if ([string]::IsNullOrWhiteSpace($permissionLevel) -or $permissionLevel -eq 'Select a value') {
         Write-LogMessage -API 'Standards' -tenant $tenant -message 'calDefault: Invalid permissionLevel parameter set' -sev Error
-        Return
+        return
     }
 
-    If ($Settings.remediate -eq $true) {
+    if ($Settings.remediate -eq $true) {
         $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' | Sort-Object UserPrincipalName
         $TotalMailboxes = $Mailboxes.Count
         Write-LogMessage -API 'Standards' -tenant $Tenant -message "Started setting default calendar permissions for $($TotalMailboxes) mailboxes." -sev Info
@@ -67,44 +67,48 @@ function Invoke-CIPPStandardcalDefault {
             $Mailbox = $_
             try {
                 New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxFolderStatistics' -cmdParams @{identity = $Mailbox.UserPrincipalName; FolderScope = 'Calendar' } -Anchor $Mailbox.UserPrincipalName | Where-Object { $_.FolderType -eq 'Calendar' } |
-                    ForEach-Object {
-                        try {
-                            New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdParams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $permissionLevel } -Anchor $Mailbox.UserPrincipalName
-                            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $permissionLevel" -sev Debug
-                            $SuccessCounter++
-                        } catch {
-                            $ErrorMessage = Get-CippException -Exception $_
-                            Write-Host "Setting cal failed: $ErrorMessage"
-                            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
-                        }
+                ForEach-Object {
+                    try {
+                        New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxFolderPermission' -cmdParams @{Identity = "$($Mailbox.UserPrincipalName):$($_.FolderId)"; User = 'Default'; AccessRights = $permissionLevel } -Anchor $Mailbox.UserPrincipalName
+                        Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default folder permission for $($Mailbox.UserPrincipalName):\$($_.Name) to $permissionLevel" -sev Debug
+                        $SuccessCounter++
+                    } catch {
+                        $ErrorMessage = Get-CippException -Exception $_
+                        Write-Host "Setting cal failed: $ErrorMessage"
+                        Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
                     }
-                } catch {
-                    $ErrorMessage = Get-CippException -Exception $_
-                    Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
-                }
-                $processedMailboxes++
-                if ($processedMailboxes % 25 -eq 0) {
-                    $LastRun = @{
-                        RowKey              = 'calDefaults'
-                        PartitionKey        = $Tenant
-                        totalMailboxes      = $TotalMailboxes
-                        processedMailboxes  = $processedMailboxes
-                        currentSuccessCount = $SuccessCounter
-                    }
-                    Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
-                    Write-Host "Processed $processedMailboxes mailboxes"
                 }
+            } catch {
+                $ErrorMessage = Get-CippException -Exception $_
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Could not set default calendar permissions for $($Mailbox.UserPrincipalName). Error: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
             }
-
-            $LastRun = @{
-                RowKey              = 'calDefaults'
-                PartitionKey        = $Tenant
-                totalMailboxes      = $TotalMailboxes
-                processedMailboxes  = $processedMailboxes
-                currentSuccessCount = $SuccessCounter
+            $processedMailboxes++
+            if ($processedMailboxes % 25 -eq 0) {
+                $LastRun = @{
+                    RowKey              = 'calDefaults'
+                    PartitionKey        = $Tenant
+                    totalMailboxes      = $TotalMailboxes
+                    processedMailboxes  = $processedMailboxes
+                    currentSuccessCount = $SuccessCounter
+                }
+                Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
+                Write-Host "Processed $processedMailboxes mailboxes"
             }
-            Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
+        }
 
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info
+        $LastRun = @{
+            RowKey              = 'calDefaults'
+            PartitionKey        = $Tenant
+            totalMailboxes      = $TotalMailboxes
+            processedMailboxes  = $processedMailboxes
+            currentSuccessCount = $SuccessCounter
         }
+        Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force
+
+        Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter out of $TotalMailboxes mailboxes." -sev Info
+    }
+    if ($Settings.report -eq $true) {
+        #This script always returns true, as it only disables the Safe Senders list
+        Set-CIPPStandardsCompareField -FieldName 'standards.SafeSendersDisable' -FieldValue $true -Tenant $Tenant
     }
+}