@@ -153,7 +153,7 @@ function New-CIPPCAPolicy {
153153 }
154154
155155 foreach ($location in $JSONObj.conditions.locations.includeLocations ) {
156- Write-Information " Replacing $location "
156+ Write-Information " Replacing named location - $location "
157157 $lookup = $LocationLookupTable | Where-Object - Property name -EQ $location
158158 Write-Information " Found $lookup "
159159 if (! $lookup ) { continue }
@@ -198,6 +198,11 @@ function New-CIPPCAPolicy {
198198 }
199199 }
200200
201+ if ($JSONObj.conditions.users.includeUsers.Count -eq 0 ) {
202+ Write-Information ' No users matched in this policy, setting to none'
203+ $JSONObj.conditions.users.includeUsers = ' none'
204+ }
205+
201206 } catch {
202207 $ErrorMessage = Get-CippException - Exception $_
203208 Write-LogMessage - API ' Standards' - tenant $tenant - message " Failed to replace displayNames for conditional access rule $ ( $JSONObj.displayName ) . Error: $ ( $ErrorMessage.NormalizedError ) " - sev ' Error' - LogData $ErrorMessage
@@ -229,14 +234,19 @@ function New-CIPPCAPolicy {
229234 if ($DisableSD -eq $true ) {
230235 # Send request to disable security defaults.
231236 $body = ' { "isEnabled": false }'
232- $null = New-GraphPostRequest - tenantid $tenant - Uri ' https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' - Type patch - Body $body - ContentType ' application/json'
233- Write-LogMessage - Headers $User - API ' Create CA Policy' - tenant $ ($Tenant ) - message " Disabled Security Defaults for tenant $ ( $TenantFilter ) " - Sev ' Info'
234- Start-Sleep 3
237+ try {
238+ $null = New-GraphPostRequest - tenantid $tenant - Uri ' https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' - Type patch - Body $body - asApp $true - ContentType ' application/json'
239+ Write-LogMessage - Headers $User - API ' Create CA Policy' - tenant $ ($Tenant ) - message " Disabled Security Defaults for tenant $ ( $TenantFilter ) " - Sev ' Info'
240+ Start-Sleep 3
241+ } catch {
242+ $ErrorMessage = Get-CippException - Exception $_
243+ Write-Information " Failed to disable security defaults for tenant $ ( $TenantFilter ) : $ ( $ErrorMessage.NormalizedError ) "
244+ }
235245 }
236246 $RawJSON = ConvertTo-Json - InputObject $JSONObj - Depth 10 - Compress
237247 Write-Information $RawJSON
238248 try {
239- Write-Information ' Checking'
249+ Write-Information ' Checking for existing policies '
240250 $CheckExististing = New-GraphGETRequest - uri ' https://graph.microsoft.com/beta/identity/conditionalAccess/policies' - tenantid $TenantFilter - asApp $true | Where-Object - Property displayName -EQ $displayname
241251 if ($CheckExististing ) {
242252 if ($Overwrite -ne $true ) {
@@ -249,7 +259,7 @@ function New-CIPPCAPolicy {
249259 return " Updated policy $displayname for $tenantfilter "
250260 }
251261 } else {
252- Write-Information ' Creating'
262+ Write-Information ' Creating new policy '
253263 if ($JSONobj.GrantControls.authenticationStrength.policyType -or $JSONObj .$jsonobj.LocationInfo ) {
254264 Start-Sleep 3
255265 }
@@ -260,6 +270,10 @@ function New-CIPPCAPolicy {
260270 } catch {
261271 $ErrorMessage = Get-CippException - Exception $_
262272 Write-LogMessage - API ' Standards' - tenant $tenant - message " Failed to create or update conditional access rule $ ( $JSONObj.displayName ) : $ ( $ErrorMessage.NormalizedError ) " - sev ' Error' - LogData $ErrorMessage
273+
274+ Write-Warning " Failed to create or update conditional access rule $ ( $JSONObj.displayName ) : $ ( $ErrorMessage.NormalizedError ) "
275+ Write-Information $_.InvocationInfo.PositionMessage
276+ Write-Information ($JSONObj | ConvertTo-Json - Depth 10 )
263277 throw " Failed to create or update conditional access rule $ ( $JSONObj.displayName ) : $ ( $ErrorMessage.NormalizedError ) "
264278 }
265279}
0 commit comments