Merge pull request KelvinTegelaar#1801 from KelvinTegelaar/dev

Only run DB update if change was made

Author: KelvinTegelaar

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1

@@ -111,6 +111,7 @@ function Invoke-CIPPStandardAppDeploy {
     $CurrentValue = if ($MissingApps.Count -eq 0) { [PSCustomObject]@{'state' = 'Configured correctly' } } else { [PSCustomObject]@{'MissingApps' = $MissingApps } }
 
     if ($Settings.remediate -eq $true) {
+        $UpdateDB = $false
         if ($Mode -eq 'copy') {
             foreach ($App in $AppsToAdd) {
                 $App = $App.Trim()
@@ -121,6 +122,7 @@ function Invoke-CIPPStandardAppDeploy {
                 try {
                     New-CIPPApplicationCopy -App $App -Tenant $Tenant
                     Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($Application.displayName) ($App) to $Tenant and updated it's permissions" -sev Info
+                    $UpdateDB = $true
                 } catch {
                     $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                     Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add app $($Application.displayName) ($App). Error: $ErrorMessage" -sev Error
@@ -175,6 +177,7 @@ function Invoke-CIPPStandardAppDeploy {
                         if ($InstantiateResult.application.appId) {
                             Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully deployed Gallery Template $($TemplateData.AppName) to tenant $Tenant. Application ID: $($InstantiateResult.application.appId)" -sev Info
                             New-CIPPApplicationCopy -App $InstantiateResult.application.appId -Tenant $Tenant
+                            $UpdateDB = $true
                         } else {
                             Write-LogMessage -API 'Standards' -tenant $tenant -message "Gallery Template deployment completed but application ID not returned for $($TemplateData.AppName) in tenant $Tenant" -sev Warning
                         }
@@ -243,6 +246,7 @@ function Invoke-CIPPStandardAppDeploy {
                                     Add-CIPPDelegatedPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant
                                     Add-CIPPApplicationPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant
                                 }
+                                $UpdateDB = $true
                             } else {
                                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Application Manifest deployment failed - no application ID returned for $($TemplateData.AppName) in tenant $Tenant" -sev Error
                             }
@@ -263,6 +267,7 @@ function Invoke-CIPPStandardAppDeploy {
                         Add-CIPPApplicationPermission -TemplateId $TemplateId -TenantFilter $Tenant
                         Add-CIPPDelegatedPermission -TemplateId $TemplateId -TenantFilter $Tenant
                         Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($TemplateData.AppName) from Enterprise App template and updated its permissions" -sev Info
+                        $UpdateDB = $true
                     }
 
                 } catch {
@@ -272,11 +277,13 @@ function Invoke-CIPPStandardAppDeploy {
             }
         }
 
-        # Refresh service principals cache after remediation
-        try {
-            Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant
-        } catch {
-            Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning
+        # Refresh service principals cache after remediation only if changes were made
+        if ($UpdateDB) {
+            try {
+                Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning
+            }
         }
     }
 

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1

@@ -57,6 +57,7 @@ function Invoke-CIPPStandardDisableResourceMailbox {
     }
 
     if ($Settings.remediate -eq $true) {
+        $UpdateDB = $false
         if ($ResourceMailboxList.Count -gt 0) {
             $int = 0
             $BulkRequests = foreach ($Mailbox in $ResourceMailboxList) {
@@ -80,6 +81,7 @@ function Invoke-CIPPStandardDisableResourceMailbox {
 
                     if ($result.status -eq 200 -or $result.status -eq 204) {
                         Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName) disabled." -sev Info
+                        $UpdateDB = $true
                     } else {
                         $errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" }
                         Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName): $errorMsg" -sev Error
@@ -90,11 +92,13 @@ function Invoke-CIPPStandardDisableResourceMailbox {
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable resource mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
             }
 
-            # Refresh user cache after remediation
-            try {
-                Set-CIPPDBCacheUsers -TenantFilter $Tenant
-            } catch {
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+            # Refresh user cache after remediation only if changes were made
+            if ($UpdateDB) {
+                try {
+                    Set-CIPPDBCacheUsers -TenantFilter $Tenant
+                } catch {
+                    Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+                }
             }
         } else {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for resource mailboxes are already disabled.' -sev Info

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1

@@ -50,6 +50,7 @@ function Invoke-CIPPStandardDisableSharedMailbox {
     }
 
     if ($Settings.remediate -eq $true) {
+        $UpdateDB = $false
         if ($SharedMailboxList.Count -gt 0) {
             $int = 0
             $BulkRequests = foreach ($Mailbox in $SharedMailboxList) {
@@ -73,6 +74,7 @@ function Invoke-CIPPStandardDisableSharedMailbox {
 
                     if ($result.status -eq 200 -or $result.status -eq 204) {
                         Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)) disabled." -sev Info
+                        $UpdateDB = $true
                     } else {
                         $errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" }
                         Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)): $errorMsg" -sev Error
@@ -82,12 +84,14 @@ function Invoke-CIPPStandardDisableSharedMailbox {
                 $ErrorMessage = Get-CippException -Exception $_
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable shared mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
             }
-            
-            # Refresh user cache after remediation
-            try {
-                Set-CIPPDBCacheUsers -TenantFilter $Tenant
-            } catch {
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+
+            # Refresh user cache after remediation only if changes were made
+            if ($UpdateDB) {
+                try {
+                    Set-CIPPDBCacheUsers -TenantFilter $Tenant
+                } catch {
+                    Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+                }
             }
         } else {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for shared mailboxes are already disabled.' -sev Info

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1

@@ -55,20 +55,24 @@ function Invoke-CIPPStandardPerUserMFA {
     $UsersWithoutMFA = $GraphRequest | Where-Object -Property perUserMfaState -NE 'enforced' | Select-Object -Property userPrincipalName, displayName, accountEnabled, perUserMfaState
 
     if ($Settings.remediate -eq $true) {
+        $UpdateDB = $false
         if (($UsersWithoutMFA | Measure-Object).Count -gt 0) {
             try {
                 $MFAMessage = Set-CIPPPerUserMFA -TenantFilter $Tenant -userId @($UsersWithoutMFA.userPrincipalName) -State 'enforced'
                 Write-LogMessage -API 'Standards' -tenant $tenant -message $MFAMessage -sev Info
+                $UpdateDB = $true
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enforce MFA for all users: $ErrorMessage" -sev Error
             }
-            
-            # Refresh user cache after remediation
-            try {
-                Set-CIPPDBCacheUsers -TenantFilter $Tenant
-            } catch {
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+
+            # Refresh user cache after remediation only if changes were made
+            if ($UpdateDB) {
+                try {
+                    Set-CIPPDBCacheUsers -TenantFilter $Tenant
+                } catch {
+                    Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+                }
             }
         }
     }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1

@@ -46,6 +46,7 @@ function Invoke-CIPPStandardUserPreferredLanguage {
     }
 
     if ($Settings.remediate -eq $true) {
+        $UpdateDB = $false
         if (($IncorrectUsers | Measure-Object).Count -gt 0) {
             try {
                 foreach ($user in $IncorrectUsers) {
@@ -61,17 +62,20 @@ function Invoke-CIPPStandardUserPreferredLanguage {
                     }
                     $null = New-GraphPOSTRequest @cmdParams
                     Write-LogMessage -API 'Standards' -tenant $Tenant -message "Preferred language for $($user.userPrincipalName) has been set to $preferredLanguage" -sev Info
+                    $UpdateDB = $true
                 }
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set preferred language to $preferredLanguage for all users." -sev Error -LogData $ErrorMessage
             }
 
-            # Refresh user cache after remediation
-            try {
-                Set-CIPPDBCacheUsers -TenantFilter $Tenant
-            } catch {
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+            # Refresh user cache after remediation only if changes were made
+            if ($UpdateDB) {
+                try {
+                    Set-CIPPDBCacheUsers -TenantFilter $Tenant
+                } catch {
+                    Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
+                }
             }
         }
     }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1

@@ -50,6 +50,7 @@ function Invoke-CIPPStandardcalDefault {
     }
 
     if ($Settings.remediate -eq $true) {
+        $UpdateDB = $false
         try {
             # Get calendar permissions from cache - this contains the calendar Identity we need
             $CalendarPermissions = New-CIPPDbRequest -TenantFilter $Tenant -Type 'CalendarPermissions'
@@ -89,6 +90,7 @@ function Invoke-CIPPStandardcalDefault {
                     }
                     Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default calendar permission for $($Calendar.Identity) to $permissionLevel" -sev Debug
                     $SuccessCounter++
+                    $UpdateDB = $true
                 } catch {
                     $ErrorCounter++
                     $ErrorMessage = Get-CippException -Exception $_
@@ -98,11 +100,13 @@ function Invoke-CIPPStandardcalDefault {
 
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter calendars. $ErrorCounter failed." -sev Info
 
-            # Refresh calendar permissions cache after remediation
-            try {
-                Set-CIPPDBCacheMailboxes -TenantFilter $Tenant
-            } catch {
-                Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning
+            # Refresh calendar permissions cache after remediation only if changes were made
+            if ($UpdateDB) {
+                try {
+                    Set-CIPPDBCacheMailboxes -TenantFilter $Tenant
+                } catch {
+                    Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning
+                }
             }
 
         } catch {