Merge branch 'KelvinTegelaar:master' into master

Author: luke255

.gitignore

@@ -9,3 +9,7 @@ Logs
 ExcludedTenants
 SendNotifications/config.json
 .env
+
+
+# Cursor IDE
+.cursor/rules

AddMSPApp/datto.app.xml

@@ -1,15 +1,15 @@
-<ApplicationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ToolVersion="1.8.3.0">
-  <Name>install.ps1</Name>
-  <UnencryptedContentSize>705</UnencryptedContentSize>
-  <FileName>datto.intunewin</FileName>
-  <SetupFile>install.ps1</SetupFile>
-  <EncryptionInfo>
-    <EncryptionKey>sL/LP/JZ4F4cBSykm6usgJoV1PMoqd62C6JUwuo2z24=</EncryptionKey>
-    <MacKey>PEpeqeoX7jAWxb0xHGfCkKFxh4/YRfoMTVXrP+uZWzM=</MacKey>
-    <InitializationVector>ulFPA+vYjaxX0pvq0BMAKQ==</InitializationVector>
-    <Mac>28ZFU4AT1OznwF8pfqO8i+WFUNSf9024H4Jw2H7UJWs=</Mac>
-    <ProfileIdentifier>ProfileVersion1</ProfileIdentifier>
-    <FileDigest>YEb+QNQCko/uZyedA+JfcP/RDm+nZOIjFN04CfhwN4c=</FileDigest>
-    <FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
-  </EncryptionInfo>
+<ApplicationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ToolVersion="1.8.3.0">
+  <Name>install.ps1</Name>
+  <UnencryptedContentSize>693</UnencryptedContentSize>
+  <FileName>datto.intunewin</FileName>
+  <SetupFile>install.ps1</SetupFile>
+  <EncryptionInfo>
+    <EncryptionKey>jobB9Ga7J3CbO6acWJyvBRE56nFXwqGfcnGfZRMsJC4=</EncryptionKey>
+    <MacKey>53SOzs0l6Po2btsGFSMZgkV8vwhH+PxTN8BZDUcfWfg=</MacKey>
+    <InitializationVector>VjM/osrvPElbu79J+mdXuw==</InitializationVector>
+    <Mac>UZZXO53Np/tG6Ms+qvwLcNOeD1GRH6NRPFg/TuMz39M=</Mac>
+    <ProfileIdentifier>ProfileVersion1</ProfileIdentifier>
+    <FileDigest>KtAWAl29064LG0eyDinbDs0JUbK+EK7GsJovu8obBM4=</FileDigest>
+    <FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
+  </EncryptionInfo>
 </ApplicationInfo>

AddMSPApp/datto.intunewin

@@ -81,12 +81,13 @@
     "PreferredProcessor": "standards"
   },
   {
-    "Id": "5113c66d-c040-42df-9565-39dff90ddd55",
-    "Command": "Start-CIPPGraphSubscriptionCleanupTimer",
-    "Description": "Orchestrator to cleanup old Graph subscriptions",
-    "Cron": "0 0 0 * * *",
+    "Id": "4d80205c-674d-4fc1-abeb-a1ec37e0d796",
+    "Command": "Start-DriftStandardsOrchestrator",
+    "Description": "Orchestrator to process drift standards",
+    "Cron": "0 0 */1 * * *",
     "Priority": 5,
-    "RunOnProcessor": true
+    "RunOnProcessor": true,
+    "PreferredProcessor": "standards"
   },
   {
     "Id": "97145a1d-28f0-4bb2-b929-5a43517d23cc",
@@ -205,4 +206,4 @@
     "RunOnProcessor": true,
     "IsSystem": true
   }
-]
+]

CIPP-Permissions.json

@@ -1,26 +1,27 @@
 function Add-CIPPAlias {
     [CmdletBinding()]
     param (
-        $user,
+        $User,
         $Aliases,
-        $UserprincipalName,
+        $UserPrincipalName,
         $TenantFilter,
-        $APIName = 'Set Manager',
+        $APIName = 'Add Alias',
         $Headers
     )
 
     try {
         foreach ($Alias in $Aliases) {
-            Write-Host "Adding alias $Alias to $user"
-            New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$user" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -verbose
+            Write-Host "Adding alias $Alias to $User"
+            New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$User" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -verbose
         }
         Write-Host "Resetting primary alias to $User"
-        New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($user)" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$User`"}" -verbose
-        Write-LogMessage -headers $Headers -API $APINAME -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserprincipalName)" -Sev 'Info'
+        New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$User" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$User`"}" -verbose
+        Write-LogMessage -headers $Headers -API $APIName -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserPrincipalName)" -Sev 'Info'
         return ("Added Aliases: $($Aliases -join ',')")
     } catch {
-        Write-LogMessage -headers $Headers -API $APINAME -tenant $($TenantFilter) -message "Failed to set alias. Error:$($_.Exception.Message)" -Sev 'Error'
-        throw "Failed to set alias: $($_.Exception.Message)"
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -headers $Headers -API $APIName -tenant $($TenantFilter) -message "Failed to set alias. Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
+        throw "Failed to set alias: $($ErrorMessage.NormalizedError)"
     }
 }
 

CIPPTimers.json

@@ -114,6 +114,10 @@ function Add-CIPPDelegatedPermission {
         $OldScope = ($CurrentDelegatedScopes | Where-Object -Property Resourceid -EQ $svcPrincipalId.id)
 
         if (!$OldScope) {
+            if ([string]::IsNullOrEmpty($NewScope) -or $NewScope -eq ' ') {
+                $Results.add("No delegated permissions to add for $($svcPrincipalId.displayName)")
+                continue
+            }
             try {
                 $Createbody = @{
                     clientId    = $ourSVCPrincipal.id
@@ -147,6 +151,13 @@ function Add-CIPPDelegatedPermission {
                 $Results.add("All delegated permissions exist for $($svcPrincipalId.displayName)")
                 continue
             }
+
+            if ([string]::IsNullOrEmpty($NewScope) -or $NewScope -eq ' ') {
+                # No permissions to update
+                $Results.add("No delegated permissions to update for $($svcPrincipalId.displayName)")
+                continue
+            }
+
             $Patchbody = @{
                 scope = "$NewScope"
             } | ConvertTo-Json -Compress

Config/standards.json

@@ -7,21 +7,22 @@ function Add-CIPPGroupMember(
     [string]$APIName = 'Add Group Member'
 ) {
     try {
-        if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) }
-        $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id
-        $addmemberbody = "{ `"members@odata.bind`": $(ConvertTo-Json @($MemberIDs)) }"
+        if ($Member -like '*#EXT#*') { $Member = [System.Web.HttpUtility]::UrlEncode($Member) }
+        $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($Member)" -tenantid $TenantFilter).id
+        $AddMemberBody = "{ `"members@odata.bind`": $(ConvertTo-Json @($MemberIDs)) }"
         if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') {
-            $Params = @{ Identity = $GroupId; Member = $member; BypassSecurityGroupManagerCheck = $true }
-            $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true
+            $Params = @{ Identity = $GroupId; Member = $Member; BypassSecurityGroupManagerCheck = $true }
+            $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $Params -UseSystemMailbox $true
         } else {
-            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose
+            $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $AddMemberBody -Verbose
         }
-        $Message = "Successfully added user $($Member) to $($GroupId)."
-        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
-        return $message
+        $Results = "Successfully added user $($Member) to $($GroupId)."
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Results -Sev 'Info'
+        return $Results
     } catch {
-        $message = "Failed to add user $($Member) to $($GroupId) - $($_.Exception.Message)"
-        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData (Get-CippException -Exception $_)
-        return $message
+        $ErrorMessage = Get-CippException -Exception $_
+        $Results = "Failed to add user $($Member) to $($GroupId) - $($ErrorMessage.NormalizedError)"
+        Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Results -Sev 'error' -LogData $ErrorMessage
+        throw $Results
     }
 }