[pull] master from KelvinTegelaar:master

.github/workflows/dev_cippjta72-proc.yml

@@ -0,0 +1,30 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+
+name: Build and deploy Powershell project to Azure Function App - cippjta72-proc
+
+on:
+  push:
+    branches:
+      - dev
+  workflow_dispatch:
+
+env:
+  AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root
+
+jobs:
+  deploy:
+    runs-on: windows-latest
+
+    steps:
+      - name: 'Checkout GitHub Action'
+        uses: actions/checkout@v4
+
+      - name: 'Run Azure Functions Action'
+        uses: Azure/functions-action@v1
+        id: fa
+        with:
+          app-name: 'cippjta72-proc'
+          slot-name: 'Production'
+          package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_A53AC5C52A55459DA0A3D8F1716638CB }}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1

@@ -24,7 +24,7 @@ Function Invoke-ExecEditTemplate {
             $OriginalTemplate = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'IntuneTemplate' and RowKey eq '$GUID'"
             $OriginalTemplate = ($OriginalTemplate.JSON | ConvertFrom-Json -Depth 100)
             $RawJSON = $OriginalTemplate.RAWJson
-            Set-CIPPIntuneTemplate -RawJSON $RawJSON -GUID $GUID -DisplayName $Request.body.displayName -Description $Request.body.description -templateType $OriginalTemplate.Type
+            Set-CIPPIntuneTemplate -RawJSON $RawJSON -GUID $GUID -DisplayName $Request.body.displayName -Description $Request.body.description -templateType $OriginalTemplate.Type -Headers $Request.Headers
         } else {
             $Table.Force = $true
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1

@@ -20,7 +20,7 @@ Function Invoke-ExecAssignPolicy {
 
     $results = try {
         if ($AssignTo) {
-            $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.body.Type
+            $assign = Set-CIPPAssignedPolicy -PolicyId $ID -TenantFilter $tenant -GroupName $AssignTo -Type $Request.body.Type -Headers $Request.Headers
             Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($Tenant) -message "Assigned policy $($Displayname) to $AssignTo" -Sev 'Info'
         }
         "Successfully edited policy for $($Tenant)"

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1

@@ -31,7 +31,7 @@ Function Invoke-ListBPATemplates {
     $Templates = Get-CIPPAzDataTableEntity @Table -Filter $Filter
 
     if ($Request.Query.RawJson) {
-        $Templates
+        $Templates = $Templates.JSON | ConvertFrom-Json
     } else {
         $Templates = $Templates | ForEach-Object {
             $Template = $_.JSON | ConvertFrom-Json

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ExecGitHubAction.ps1

@@ -26,7 +26,7 @@ function Invoke-ExecGitHubAction {
     $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json).GitHub
 
     if (!$Configuration.Enabled) {
-        $Response = Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body ($Action | ConvertTo-Json -Depth 10) -ContentType 'application/json'
+        $Response = Invoke-RestMethod -Uri 'https://cippy.azurewebsites.net/api/ExecGitHubAction' -Method POST -Body ($Parameters | ConvertTo-Json -Depth 10) -ContentType 'application/json'
         $Results = $Response.Results
         $Metadata = $Response.Metadata
     } else {

Modules/CIPPCore/Public/New-CIPPRestore.ps1

@@ -11,7 +11,7 @@ function New-CIPPRestore {
     Write-Host "Scheduled Restore psproperties: $(([pscustomobject]$RestoreValues).psobject.Properties)"
     Write-LogMessage -headers $Headers -API $APINAME -message 'Restored backup' -Sev 'Debug'
     $RestoreData = foreach ($ScheduledBackup in ([pscustomobject]$RestoreValues).psobject.Properties.Name | Where-Object { $_ -notin 'email', 'webhook', 'psa', 'backup', 'overwrite' }) {
-        New-CIPPRestoreTask -Task $ScheduledBackup -TenantFilter $TenantFilter -backup $RestoreValues.backup.value -overwrite $RestoreValues.overwrite
+        New-CIPPRestoreTask -Task $ScheduledBackup -TenantFilter $TenantFilter -backup $RestoreValues.backup.value -overwrite $RestoreValues.overwrite -Headers $Headers -APIName $APIName
     }
     return $RestoreData
 }

Modules/CIPPCore/Public/New-CIPPRestoreTask.ps1

@@ -4,7 +4,9 @@ function New-CIPPRestoreTask {
         $Task,
         $TenantFilter,
         $backup,
-        $overwrite
+        $overwrite,
+        $APINAME,
+        $Headers
     )
     $Table = Get-CippTable -tablename 'ScheduledBackup'
     $BackupData = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$backup'"
@@ -99,7 +101,7 @@ function New-CIPPRestoreTask {
             $BackupConfig = $BackupData.intuneconfig | ConvertFrom-Json
             foreach ($backup in $backupConfig) {
                 try {
-                    Set-CIPPIntunePolicy -TemplateType $backup.Type -TenantFilter $TenantFilter -DisplayName $backup.DisplayName -Description $backup.Description -RawJSON ($backup.TemplateJson) -ErrorAction SilentlyContinue
+                    Set-CIPPIntunePolicy -TemplateType $backup.Type -TenantFilter $TenantFilter -DisplayName $backup.DisplayName -Description $backup.Description -RawJSON ($backup.TemplateJson) -Headers $Headers -APINAME $APINAME -ErrorAction SilentlyContinue
                 } catch {
                     $ErrorMessage = Get-CippException -Exception $_
                     "Could not restore Intune Configuration $DisplayName : $($ErrorMessage.NormalizedError) "
@@ -112,7 +114,7 @@ function New-CIPPRestoreTask {
             $BackupConfig = $BackupData.intunecompliance | ConvertFrom-Json
             foreach ($backup in $backupConfig) {
                 try {
-                    Set-CIPPIntunePolicy -TemplateType $backup.Type -TenantFilter $TenantFilter -DisplayName $backup.DisplayName -Description $backup.Description -RawJSON ($backup.TemplateJson) -ErrorAction SilentlyContinue
+                    Set-CIPPIntunePolicy -TemplateType $backup.Type -TenantFilter $TenantFilter -DisplayName $backup.DisplayName -Description $backup.Description -RawJSON ($backup.TemplateJson) -Headers $Headers -APINAME $APINAME -ErrorAction SilentlyContinue
                 } catch {
                     $ErrorMessage = Get-CippException -Exception $_
                     "Could not restore Intune Compliance $DisplayName : $($ErrorMessage.NormalizedError) "
@@ -126,7 +128,7 @@ function New-CIPPRestoreTask {
             $BackupConfig = $BackupData.intuneprotection | ConvertFrom-Json
             foreach ($backup in $backupConfig) {
                 try {
-                    Set-CIPPIntunePolicy -TemplateType $backup.Type -TenantFilter $TenantFilter -DisplayName $backup.DisplayName -Description $backup.Description -RawJSON ($backup.TemplateJson) -ErrorAction SilentlyContinue
+                    Set-CIPPIntunePolicy -TemplateType $backup.Type -TenantFilter $TenantFilter -DisplayName $backup.DisplayName -Description $backup.Description -RawJSON ($backup.TemplateJson) -Headers $Headers -APINAME $APINAME -ErrorAction SilentlyContinue
                 } catch {
                     $ErrorMessage = Get-CippException -Exception $_
                     "Could not restore Intune Protection $DisplayName : $($ErrorMessage.NormalizedError) "
@@ -281,7 +283,7 @@ function New-CIPPRestoreTask {
                             foreach ($param in $ruleparams) {
                                 if ($rule.PSObject.Properties[$param]) {
                                     if ($param -eq 'Enabled') {
-                                        $cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
+                                        $cmdparams[$param] = if ($rule.State -eq 'Enabled') { $true } else { $false }
                                     } else {
                                         $cmdparams[$param] = $rule.$param
                                     }
@@ -301,7 +303,7 @@ function New-CIPPRestoreTask {
                         foreach ($param in $ruleparams) {
                             if ($rule.PSObject.Properties[$param]) {
                                 if ($param -eq 'Enabled') {
-                                    $cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
+                                    $cmdparams[$param] = if ($rule.State -eq 'Enabled') { $true } else { $false }
                                 } else {
                                     $cmdparams[$param] = $rule.$param
                                 }
@@ -438,7 +440,7 @@ function New-CIPPRestoreTask {
                             foreach ($param in $ruleparams) {
                                 if ($rule.PSObject.Properties[$param]) {
                                     if ($param -eq 'Enabled') {
-                                        $cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
+                                        $cmdparams[$param] = if ($rule.State -eq 'Enabled') { $true } else { $false }
                                     } else {
                                         $cmdparams[$param] = $rule.$param
                                     }
@@ -458,7 +460,7 @@ function New-CIPPRestoreTask {
                         foreach ($param in $ruleparams) {
                             if ($rule.PSObject.Properties[$param]) {
                                 if ($param -eq 'Enabled') {
-                                    $cmdparams[$param] = if ($rule.State -eq 'Enabled') {$true} else {$false}
+                                    $cmdparams[$param] = if ($rule.State -eq 'Enabled') { $true } else { $false }
                                 } else {
                                     $cmdparams[$param] = $rule.$param
                                 }

Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1

@@ -7,9 +7,10 @@ function Set-CIPPIntunePolicy {
         $RawJSON,
         $AssignTo,
         $Headers,
+        $APINAME,
         $tenantFilter
     )
-    $ReturnValue = try {
+    try {
         switch ($TemplateType) {
             'AppProtection' {
                 $TemplateType = ($RawJSON | ConvertFrom-Json).'@odata.type' -replace '#microsoft.graph.', ''
@@ -39,13 +40,13 @@ function Set-CIPPIntunePolicy {
                     $PostType = 'edited'
                     $ExistingID = $CheckExististing | Where-Object -Property displayName -EQ $displayname
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenantFilter -type PATCH -body $RawJSON
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info'
                     $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName
                 } else {
                     $RawJSON = ConvertTo-Json -InputObject $JSON -Depth 20 -Compress
                     $PostType = 'added'
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
                 }
             }
             'Admin' {
@@ -62,13 +63,13 @@ function Set-CIPPIntunePolicy {
                     $DeleteRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL('$($ExistingID.id)')/updateDefinitionValues" -tenantid $tenantFilter -type POST -body $DeleteJson
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL('$($ExistingID.id)')/updateDefinitionValues" -tenantid $tenantFilter -type POST -body $RawJSON
                     $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($Displayname) to template defaults" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($Displayname) to template defaults" -Sev 'info'
                     $PostType = 'edited'
                 } else {
                     $PostType = 'added'
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $CreateBody
                     $UpdateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL('$($CreateRequest.id)')/updateDefinitionValues" -tenantid $tenantFilter -type POST -body $RawJSON
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($Displayname) to template defaults" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($Displayname) to template defaults" -Sev 'info'
 
                 }
             }
@@ -86,11 +87,11 @@ function Set-CIPPIntunePolicy {
                     Write-Host "Raw JSON is $RawJSON"
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenantFilter -type PATCH -body $RawJSON
                     $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Updated policy $($DisplayName) to template defaults" -Sev 'info'
                 } else {
                     $PostType = 'added'
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
 
                 }
             }
@@ -106,7 +107,7 @@ function Set-CIPPIntunePolicy {
                 } else {
                     $PostType = 'added'
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
                 }
             }
             'windowsDriverUpdateProfiles' {
@@ -124,7 +125,7 @@ function Set-CIPPIntunePolicy {
                 } else {
                     $PostType = 'added'
                     $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON
-                    Write-LogMessage -headers $Request.Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
                 }
             }
 
@@ -142,5 +143,4 @@ function Set-CIPPIntunePolicy {
         Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Failed $($PostType) policy $($Displayname). Error: $($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
         throw "Failed to add or set policy for $($tenantFilter) with display name $($Displayname): $($ErrorMessage.NormalizedError)"
     }
-
 }

Modules/CIPPCore/Public/Set-CIPPIntuneTemplate.ps1

@@ -5,7 +5,8 @@ function Set-CIPPIntuneTemplate {
         $GUID,
         $DisplayName,
         $Description,
-        $templateType
+        $templateType,
+        $Headers
     )
     Write-Host "Received $DisplayName, $Description, $RawJSON, $templateType"
     if (!$DisplayName) { throw 'You must enter a displayname' }
@@ -26,7 +27,7 @@ function Set-CIPPIntuneTemplate {
         GUID         = "$GUID"
         PartitionKey = 'IntuneTemplate'
     }
-    Write-LogMessage -Headers $Request.Headers -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'
+    Write-LogMessage -Headers $Headers -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'
 
     return 'Successfully added template'
 }

Modules/CIPPCore/Public/Set-CIPPUserLicense.ps1

@@ -4,7 +4,8 @@ function Set-CIPPUserLicense {
         [Parameter(Mandatory)][string]$UserId,
         [Parameter(Mandatory)][string]$TenantFilter,
         [Parameter()][array]$AddLicenses = @(),
-        [Parameter()][array]$RemoveLicenses = @()
+        [Parameter()][array]$RemoveLicenses = @(),
+        $Headers
     )
 
     # Build the addLicenses array
@@ -30,10 +31,10 @@ function Set-CIPPUserLicense {
         $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserId/assignLicense" -tenantid $TenantFilter -type POST -body $LicenseBodyJson -Verbose
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
-        Write-LogMessage -Headers $Request.Headers -API $APIName -tenant $TenantFilter -message "Failed to assign the license. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
+        Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message "Failed to assign the license. Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
         throw "Failed to assign the license. $($ErrorMessage.NormalizedError)"
     }
 
-    Write-LogMessage -Headers $Request.Headers -API $APIName -tenant $TenantFilter -message "Assigned licenses to user $UserId. Added: $AddLicenses; Removed: $RemoveLicenses" -Sev 'Info'
+    Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message "Assigned licenses to user $UserId. Added: $AddLicenses; Removed: $RemoveLicenses" -Sev 'Info'
     return 'Set licenses successfully'
 }

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardConditionalAccessTemplate.ps1

@@ -39,7 +39,7 @@ function Invoke-CIPPStandardConditionalAccessTemplate {
                 $Table = Get-CippTable -tablename 'templates'
                 $Filter = "PartitionKey eq 'CATemplate' and RowKey eq '$($Setting.TemplateList.value)'"
                 $JSONObj = (Get-CippAzDataTableEntity @Table -Filter $Filter).JSON
-                $null = New-CIPPCAPolicy -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -Headers $Request.Headers -ReplacePattern 'displayName'
+                $null = New-CIPPCAPolicy -replacePattern 'displayName' -TenantFilter $tenant -state $Setting.state -RawJSON $JSONObj -Overwrite $true -APIName $APIName -Headers $Request.Headers
             } catch {
                 $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
                 Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update conditional access rule $($JSONObj.displayName). Error: $ErrorMessage" -sev 'Error'