Skip to content

[pull] master from KelvinTegelaar:master #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 2 commits into from
Jan 30, 2026
+59 −32
Merged

[pull] master from KelvinTegelaar:master #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3216056
Only run DB update if change was made
Jan 30, 2026
7c7cabd
Merge pull request #1801 from KelvinTegelaar/dev
KelvinTegelaar Jan 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 12 additions & 5 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ function Invoke-CIPPStandardAppDeploy {
$CurrentValue = if ($MissingApps.Count -eq 0) { [PSCustomObject]@{'state' = 'Configured correctly' } } else { [PSCustomObject]@{'MissingApps' = $MissingApps } }

if ($Settings.remediate -eq $true) {
$UpdateDB = $false
if ($Mode -eq 'copy') {
foreach ($App in $AppsToAdd) {
$App = $App.Trim()
Expand All @@ -121,6 +122,7 @@ function Invoke-CIPPStandardAppDeploy {
try {
New-CIPPApplicationCopy -App $App -Tenant $Tenant
Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($Application.displayName) ($App) to $Tenant and updated it's permissions" -sev Info
$UpdateDB = $true
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add app $($Application.displayName) ($App). Error: $ErrorMessage" -sev Error
Expand Down Expand Up @@ -175,6 +177,7 @@ function Invoke-CIPPStandardAppDeploy {
if ($InstantiateResult.application.appId) {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully deployed Gallery Template $($TemplateData.AppName) to tenant $Tenant. Application ID: $($InstantiateResult.application.appId)" -sev Info
New-CIPPApplicationCopy -App $InstantiateResult.application.appId -Tenant $Tenant
$UpdateDB = $true
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Gallery Template deployment completed but application ID not returned for $($TemplateData.AppName) in tenant $Tenant" -sev Warning
}
Expand Down Expand Up @@ -243,6 +246,7 @@ function Invoke-CIPPStandardAppDeploy {
Add-CIPPDelegatedPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant
Add-CIPPApplicationPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant
}
$UpdateDB = $true
} else {
Write-LogMessage -API 'Standards' -tenant $tenant -message "Application Manifest deployment failed - no application ID returned for $($TemplateData.AppName) in tenant $Tenant" -sev Error
}
Expand All @@ -263,6 +267,7 @@ function Invoke-CIPPStandardAppDeploy {
Add-CIPPApplicationPermission -TemplateId $TemplateId -TenantFilter $Tenant
Add-CIPPDelegatedPermission -TemplateId $TemplateId -TenantFilter $Tenant
Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($TemplateData.AppName) from Enterprise App template and updated its permissions" -sev Info
$UpdateDB = $true
}

} catch {
Expand All @@ -272,11 +277,13 @@ function Invoke-CIPPStandardAppDeploy {
}
}

# Refresh service principals cache after remediation
try {
Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning
# Refresh service principals cache after remediation only if changes were made
if ($UpdateDB) {
try {
Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning
}
}
}

Expand Down
14 changes: 9 additions & 5 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ function Invoke-CIPPStandardDisableResourceMailbox {
}

if ($Settings.remediate -eq $true) {
$UpdateDB = $false
if ($ResourceMailboxList.Count -gt 0) {
$int = 0
$BulkRequests = foreach ($Mailbox in $ResourceMailboxList) {
Expand All @@ -80,6 +81,7 @@ function Invoke-CIPPStandardDisableResourceMailbox {

if ($result.status -eq 200 -or $result.status -eq 204) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName) disabled." -sev Info
$UpdateDB = $true
} else {
$errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" }
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName): $errorMsg" -sev Error
Expand All @@ -90,11 +92,13 @@ function Invoke-CIPPStandardDisableResourceMailbox {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable resource mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
}

# Refresh user cache after remediation
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
# Refresh user cache after remediation only if changes were made
if ($UpdateDB) {
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
}
}
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for resource mailboxes are already disabled.' -sev Info
Expand Down
16 changes: 10 additions & 6 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ function Invoke-CIPPStandardDisableSharedMailbox {
}

if ($Settings.remediate -eq $true) {
$UpdateDB = $false
if ($SharedMailboxList.Count -gt 0) {
$int = 0
$BulkRequests = foreach ($Mailbox in $SharedMailboxList) {
Expand All @@ -73,6 +74,7 @@ function Invoke-CIPPStandardDisableSharedMailbox {

if ($result.status -eq 200 -or $result.status -eq 204) {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)) disabled." -sev Info
$UpdateDB = $true
} else {
$errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" }
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)): $errorMsg" -sev Error
Expand All @@ -82,12 +84,14 @@ function Invoke-CIPPStandardDisableSharedMailbox {
$ErrorMessage = Get-CippException -Exception $_
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable shared mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
}

# Refresh user cache after remediation
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning

# Refresh user cache after remediation only if changes were made
if ($UpdateDB) {
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
}
}
} else {
Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for shared mailboxes are already disabled.' -sev Info
Expand Down
16 changes: 10 additions & 6 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,20 +55,24 @@ function Invoke-CIPPStandardPerUserMFA {
$UsersWithoutMFA = $GraphRequest | Where-Object -Property perUserMfaState -NE 'enforced' | Select-Object -Property userPrincipalName, displayName, accountEnabled, perUserMfaState

if ($Settings.remediate -eq $true) {
$UpdateDB = $false
if (($UsersWithoutMFA | Measure-Object).Count -gt 0) {
try {
$MFAMessage = Set-CIPPPerUserMFA -TenantFilter $Tenant -userId @($UsersWithoutMFA.userPrincipalName) -State 'enforced'
Write-LogMessage -API 'Standards' -tenant $tenant -message $MFAMessage -sev Info
$UpdateDB = $true
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enforce MFA for all users: $ErrorMessage" -sev Error
}

# Refresh user cache after remediation
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning

# Refresh user cache after remediation only if changes were made
if ($UpdateDB) {
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
}
}
}
}
Expand Down
14 changes: 9 additions & 5 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ function Invoke-CIPPStandardUserPreferredLanguage {
}

if ($Settings.remediate -eq $true) {
$UpdateDB = $false
if (($IncorrectUsers | Measure-Object).Count -gt 0) {
try {
foreach ($user in $IncorrectUsers) {
Expand All @@ -61,17 +62,20 @@ function Invoke-CIPPStandardUserPreferredLanguage {
}
$null = New-GraphPOSTRequest @cmdParams
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Preferred language for $($user.userPrincipalName) has been set to $preferredLanguage" -sev Info
$UpdateDB = $true
}
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set preferred language to $preferredLanguage for all users." -sev Error -LogData $ErrorMessage
}

# Refresh user cache after remediation
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
# Refresh user cache after remediation only if changes were made
if ($UpdateDB) {
try {
Set-CIPPDBCacheUsers -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning
}
}
}
}
Expand Down
14 changes: 9 additions & 5 deletions Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ function Invoke-CIPPStandardcalDefault {
}

if ($Settings.remediate -eq $true) {
$UpdateDB = $false
try {
# Get calendar permissions from cache - this contains the calendar Identity we need
$CalendarPermissions = New-CIPPDbRequest -TenantFilter $Tenant -Type 'CalendarPermissions'
Expand Down Expand Up @@ -89,6 +90,7 @@ function Invoke-CIPPStandardcalDefault {
}
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default calendar permission for $($Calendar.Identity) to $permissionLevel" -sev Debug
$SuccessCounter++
$UpdateDB = $true
} catch {
$ErrorCounter++
$ErrorMessage = Get-CippException -Exception $_
Expand All @@ -98,11 +100,13 @@ function Invoke-CIPPStandardcalDefault {

Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter calendars. $ErrorCounter failed." -sev Info

# Refresh calendar permissions cache after remediation
try {
Set-CIPPDBCacheMailboxes -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning
# Refresh calendar permissions cache after remediation only if changes were made
if ($UpdateDB) {
try {
Set-CIPPDBCacheMailboxes -TenantFilter $Tenant
} catch {
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning
}
}

} catch {
Expand Down