diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 index 318e751bfd2e..547dca85d033 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 @@ -111,6 +111,7 @@ function Invoke-CIPPStandardAppDeploy { $CurrentValue = if ($MissingApps.Count -eq 0) { [PSCustomObject]@{'state' = 'Configured correctly' } } else { [PSCustomObject]@{'MissingApps' = $MissingApps } } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if ($Mode -eq 'copy') { foreach ($App in $AppsToAdd) { $App = $App.Trim() @@ -121,6 +122,7 @@ function Invoke-CIPPStandardAppDeploy { try { New-CIPPApplicationCopy -App $App -Tenant $Tenant Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($Application.displayName) ($App) to $Tenant and updated it's permissions" -sev Info + $UpdateDB = $true } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add app $($Application.displayName) ($App). Error: $ErrorMessage" -sev Error @@ -175,6 +177,7 @@ function Invoke-CIPPStandardAppDeploy { if ($InstantiateResult.application.appId) { Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully deployed Gallery Template $($TemplateData.AppName) to tenant $Tenant. Application ID: $($InstantiateResult.application.appId)" -sev Info New-CIPPApplicationCopy -App $InstantiateResult.application.appId -Tenant $Tenant + $UpdateDB = $true } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "Gallery Template deployment completed but application ID not returned for $($TemplateData.AppName) in tenant $Tenant" -sev Warning } @@ -243,6 +246,7 @@ function Invoke-CIPPStandardAppDeploy { Add-CIPPDelegatedPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant Add-CIPPApplicationPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant } + $UpdateDB = $true } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "Application Manifest deployment failed - no application ID returned for $($TemplateData.AppName) in tenant $Tenant" -sev Error } @@ -263,6 +267,7 @@ function Invoke-CIPPStandardAppDeploy { Add-CIPPApplicationPermission -TemplateId $TemplateId -TenantFilter $Tenant Add-CIPPDelegatedPermission -TemplateId $TemplateId -TenantFilter $Tenant Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($TemplateData.AppName) from Enterprise App template and updated its permissions" -sev Info + $UpdateDB = $true } } catch { @@ -272,11 +277,13 @@ function Invoke-CIPPStandardAppDeploy { } } - # Refresh service principals cache after remediation - try { - Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh service principals cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 index a15bcae71e8a..c0611aa41e34 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 @@ -57,6 +57,7 @@ function Invoke-CIPPStandardDisableResourceMailbox { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if ($ResourceMailboxList.Count -gt 0) { $int = 0 $BulkRequests = foreach ($Mailbox in $ResourceMailboxList) { @@ -80,6 +81,7 @@ function Invoke-CIPPStandardDisableResourceMailbox { if ($result.status -eq 200 -or $result.status -eq 204) { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName) disabled." -sev Info + $UpdateDB = $true } else { $errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" } Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName): $errorMsg" -sev Error @@ -90,11 +92,13 @@ function Invoke-CIPPStandardDisableResourceMailbox { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable resource mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } else { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for resource mailboxes are already disabled.' -sev Info diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 index 1f1202c0a164..c1a1d4f9bb78 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 @@ -50,6 +50,7 @@ function Invoke-CIPPStandardDisableSharedMailbox { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if ($SharedMailboxList.Count -gt 0) { $int = 0 $BulkRequests = foreach ($Mailbox in $SharedMailboxList) { @@ -73,6 +74,7 @@ function Invoke-CIPPStandardDisableSharedMailbox { if ($result.status -eq 200 -or $result.status -eq 204) { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)) disabled." -sev Info + $UpdateDB = $true } else { $errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" } Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)): $errorMsg" -sev Error @@ -82,12 +84,14 @@ function Invoke-CIPPStandardDisableSharedMailbox { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable shared mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } - - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } else { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for shared mailboxes are already disabled.' -sev Info diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 index 98d5a2fcb762..60a44f4a4512 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 @@ -55,20 +55,24 @@ function Invoke-CIPPStandardPerUserMFA { $UsersWithoutMFA = $GraphRequest | Where-Object -Property perUserMfaState -NE 'enforced' | Select-Object -Property userPrincipalName, displayName, accountEnabled, perUserMfaState if ($Settings.remediate -eq $true) { + $UpdateDB = $false if (($UsersWithoutMFA | Measure-Object).Count -gt 0) { try { $MFAMessage = Set-CIPPPerUserMFA -TenantFilter $Tenant -userId @($UsersWithoutMFA.userPrincipalName) -State 'enforced' Write-LogMessage -API 'Standards' -tenant $tenant -message $MFAMessage -sev Info + $UpdateDB = $true } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enforce MFA for all users: $ErrorMessage" -sev Error } - - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 index 08c7dfd53772..9f015db38c4a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 @@ -46,6 +46,7 @@ function Invoke-CIPPStandardUserPreferredLanguage { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if (($IncorrectUsers | Measure-Object).Count -gt 0) { try { foreach ($user in $IncorrectUsers) { @@ -61,17 +62,20 @@ function Invoke-CIPPStandardUserPreferredLanguage { } $null = New-GraphPOSTRequest @cmdParams Write-LogMessage -API 'Standards' -tenant $Tenant -message "Preferred language for $($user.userPrincipalName) has been set to $preferredLanguage" -sev Info + $UpdateDB = $true } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set preferred language to $preferredLanguage for all users." -sev Error -LogData $ErrorMessage } - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index 2edce2a10d35..37873d00e0cd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -50,6 +50,7 @@ function Invoke-CIPPStandardcalDefault { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false try { # Get calendar permissions from cache - this contains the calendar Identity we need $CalendarPermissions = New-CIPPDbRequest -TenantFilter $Tenant -Type 'CalendarPermissions' @@ -89,6 +90,7 @@ function Invoke-CIPPStandardcalDefault { } Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default calendar permission for $($Calendar.Identity) to $permissionLevel" -sev Debug $SuccessCounter++ + $UpdateDB = $true } catch { $ErrorCounter++ $ErrorMessage = Get-CippException -Exception $_ @@ -98,11 +100,13 @@ function Invoke-CIPPStandardcalDefault { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter calendars. $ErrorCounter failed." -sev Info - # Refresh calendar permissions cache after remediation - try { - Set-CIPPDBCacheMailboxes -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh calendar permissions cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheMailboxes -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning + } } } catch {