From a0a865b02957b4bb64969afc4fbd4e6ac5b7f951 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 29 Jan 2026 16:57:06 -0500 Subject: [PATCH 01/10] Replace 'exit 0' with returns in scripts Replace abrupt 'exit 0' calls with return statements to avoid terminating the host/process and let callers handle early exits. Changes: New-CIPPAuditLogSearchResultsCache.ps1 (two exits -> return $false), Push-BPACollectData.ps1 (exit -> return), Push-CIPPStandard.ps1 (exit -> return), Push-AuditLogTenantDownload.ps1 (two exits -> return $false). Returns with $false are used where a failure signal is appropriate. --- .../Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1 | 4 ++-- .../Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 | 2 +- .../Activity Triggers/Standards/Push-CIPPStandard.ps1 | 2 +- .../Webhooks/Push-AuditLogTenantDownload.ps1 | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1 b/Modules/CIPPCore/Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1 index 76701ac05736..f5c1766b59a9 100644 --- a/Modules/CIPPCore/Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1 +++ b/Modules/CIPPCore/Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1 @@ -22,7 +22,7 @@ function New-CIPPAuditLogSearchResultsCache { $message = "Skipping search ID: $SearchId for tenant: $TenantFilter - Previous attempt failed within the last 4 hours" Write-LogMessage -API 'AuditLog' -tenant $TenantFilter -message $message -Sev 'Info' Write-Information $message - exit 0 + return $false } } catch { Write-Information "Error checking for failed downloads: $($_.Exception.Message)" @@ -36,7 +36,7 @@ function New-CIPPAuditLogSearchResultsCache { $searchEntity = Get-CIPPAzDataTableEntity @CacheWebhooksTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId'" if ($searchEntity) { Write-Information "Search ID: $SearchId already cached for tenant: $TenantFilter" - exit 0 + return $false } # Record this attempt in the FailedAuditLogDownloads table BEFORE starting the download diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 index 0cc163058e14..db57af632bde 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 @@ -23,7 +23,7 @@ function Push-BPACollectData { $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $Item.Tenant -API $Item.Template if ($Rerun) { Write-Host 'Detected rerun for BPA. Exiting cleanly' - exit 0 + return } Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)" $Template = $Templates | Where-Object -Property Name -EQ -Value $Item.Template diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 index 996c224490d9..e3944c21a4d2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Standards/Push-CIPPStandard.ps1 @@ -24,7 +24,7 @@ function Push-CIPPStandard { $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -API $API if ($Rerun) { Write-Information 'Detected rerun. Exiting cleanly' - exit 0 + return } else { Write-Information "Rerun is set to false. We'll be running $FunctionName" } diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenantDownload.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenantDownload.ps1 index f7171d1cdac2..e80608d97d6a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenantDownload.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenantDownload.ps1 @@ -70,11 +70,11 @@ function Push-AuditLogTenantDownload { } } catch { Write-Information ('Audit Log search: Error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message) - exit 0 + return $false } } catch { Write-Information ('Push-AuditLogTenant: Error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message) - exit 0 + return $false } } From f3eb700f3ff367d7c8a7d766c2d6831310955046 Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:05:32 +0100 Subject: [PATCH 02/10] Switch DisableGuests back to graph for now --- .../Invoke-CIPPStandardDisableGuests.ps1 | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 index baa729c653b2..dd7d018f5413 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 @@ -45,17 +45,12 @@ function Invoke-CIPPStandardDisableGuests { $checkDays = if ($Settings.days) { $Settings.days } else { 90 } # Default to 90 days if not set. Pre v8.5.0 compatibility $Days = (Get-Date).AddDays(-$checkDays).ToUniversalTime() + $Lookup = $Days.ToString('o') $AuditLookup = (Get-Date).AddDays(-7).ToUniversalTime().ToString('o') try { - $AllUsers = New-CIPPDbRequest -TenantFilter $Tenant -Type 'Users' - - $GraphRequest = $AllUsers | Where-Object { - $_.userType -eq 'Guest' -and - $_.accountEnabled -eq $true -and - ($null -ne $_.createdDateTime -and [DateTime]$_.createdDateTime -le $Days) -and - ($null -eq $_.signInActivity -or $null -eq $_.signInActivity.lastSuccessfulSignInDateTime -or [DateTime]$_.signInActivity.lastSuccessfulSignInDateTime -le $Days) - } + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=createdDateTime le $Lookup and userType eq 'Guest' and accountEnabled eq true &`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled,createdDateTime,externalUserState" -scope 'https://graph.microsoft.com/.default' -tenantid $Tenant | + Where-Object { $_.signInActivity.lastSuccessfulSignInDateTime -le $Days } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -Tenant $Tenant -Message "Could not get the DisableGuests state for $Tenant. Error: $ErrorMessage" -Sev Error @@ -100,13 +95,6 @@ function Invoke-CIPPStandardDisableGuests { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to process bulk disable guests request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } - - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning - } } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "No guests accounts with a login longer than $checkDays days ago." -sev Info } From a972740aa668e2c8d49f4ca66f97e245c1da8a6a Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:11:11 +0100 Subject: [PATCH 03/10] Move template email file back --- Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1 | 2 +- Resources/TemplateEmail.html => TemplateEmail.html | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename Resources/TemplateEmail.html => TemplateEmail.html (100%) diff --git a/Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1 b/Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1 index 7ca6e0d74716..67340eaf3ab5 100644 --- a/Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1 @@ -13,7 +13,7 @@ function New-CIPPAlertTemplate { $AlertComment ) $Appname = '[{"Application Name":"ACOM Azure Website","Application IDs":"23523755-3a2b-41ca-9315-f81f3f566a95"},{"Application Name":"AEM-DualAuth","Application IDs":"69893ee3-dd10-4b1c-832d-4870354be3d8"},{"Application Name":"ASM Campaign Servicing","Application IDs":"0cb7b9ec-5336-483b-bc31-b15b5788de71"},{"Application Name":"Azure Advanced Threat Protection","Application IDs":"7b7531ad-5926-4f2d-8a1d-38495ad33e17"},{"Application Name":"Azure Data Lake","Application IDs":"e9f49c6b-5ce5-44c8-925d-015017e9f7ad"},{"Application Name":"Azure Lab Services Portal","Application IDs":"835b2a73-6e10-4aa5-a979-21dfda45231c"},{"Application Name":"Azure Portal","Application IDs":"c44b4083-3bb0-49c1-b47d-974e53cbdf3c"},{"Application Name":"AzureSupportCenter","Application IDs":"37182072-3c9c-4f6a-a4b3-b3f91cacffce"},{"Application Name":"Bing","Application IDs":"9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7"},{"Application Name":"CPIM Service","Application IDs":"bb2a2e3a-c5e7-4f0a-88e0-8e01fd3fc1f4"},{"Application Name":"CRM Power BI Integration","Application IDs":"e64aa8bc-8eb4-40e2-898b-cf261a25954f"},{"Application Name":"Dataverse","Application IDs":"00000007-0000-0000-c000-000000000000"},{"Application Name":"Enterprise Roaming and Backup","Application IDs":"60c8bde5-3167-4f92-8fdb-059f6176dc0f"},{"Application Name":"IAM Supportability","Application IDs":"a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"},{"Application Name":"IrisSelectionFrontDoor","Application IDs":"16aeb910-ce68-41d1-9ac3-9e1673ac9575"},{"Application Name":"MCAPI Authorization Prod","Application IDs":"d73f4b35-55c9-48c7-8b10-651f6f2acb2e"},{"Application Name":"Media Analysis and Transformation Service","Application IDs":"944f0bd1-117b-4b1c-af26-804ed95e767e
0cd196ee-71bf-4fd6-a57c-b491ffd4fb1e"},{"Application Name":"Microsoft 365 Support Service","Application IDs":"ee272b19-4411-433f-8f28-5c13cb6fd407"},{"Application Name":"Microsoft App Access Panel","Application IDs":"0000000c-0000-0000-c000-000000000000"},{"Application Name":"Microsoft Approval Management","Application IDs":"65d91a3d-ab74-42e6-8a2f-0add61688c74
38049638-cc2c-4cde-abe4-4479d721ed44"},{"Application Name":"Microsoft Authentication Broker","Application IDs":"29d9ed98-a469-4536-ade2-f981bc1d605e"},{"Application Name":"Microsoft Azure CLI","Application IDs":"04b07795-8ddb-461a-bbee-02f9e1bf7b46"},{"Application Name":"Microsoft Azure PowerShell","Application IDs":"1950a258-227b-4e31-a9cf-717495945fc2"},{"Application Name":"Microsoft Bing Search","Application IDs":"cf36b471-5b44-428c-9ce7-313bf84528de"},{"Application Name":"Microsoft Bing Search for Microsoft Edge","Application IDs":"2d7f3606-b07d-41d1-b9d2-0d0c9296a6e8"},{"Application Name":"Microsoft Bing Default Search Engine","Application IDs":"1786c5ed-9644-47b2-8aa0-7201292175b6"},{"Application Name":"Microsoft Defender for Cloud Apps","Application IDs":"3090ab82-f1c1-4cdf-af2c-5d7a6f3e2cc7"},{"Application Name":"Microsoft Docs","Application IDs":"18fbca16-2224-45f6-85b0-f7bf2b39b3f3"},{"Application Name":"Microsoft Dynamics ERP","Application IDs":"00000015-0000-0000-c000-000000000000"},{"Application Name":"Microsoft Edge Insider Addons Prod","Application IDs":"6253bca8-faf2-4587-8f2f-b056d80998a7"},{"Application Name":"Microsoft Exchange Online Protection","Application IDs":"00000007-0000-0ff1-ce00-000000000000"},{"Application Name":"Microsoft Forms","Application IDs":"c9a559d2-7aab-4f13-a6ed-e7e9c52aec87"},{"Application Name":"Microsoft Graph","Application IDs":"00000003-0000-0000-c000-000000000000"},{"Application Name":"Microsoft Intune Web Company Portal","Application IDs":"74bcdadc-2fdc-4bb3-8459-76d06952a0e9"},{"Application Name":"Microsoft Intune Windows Agent","Application IDs":"fc0f3af4-6835-4174-b806-f7db311fd2f3"},{"Application Name":"Microsoft Learn","Application IDs":"18fbca16-2224-45f6-85b0-f7bf2b39b3f3"},{"Application Name":"Microsoft Office","Application IDs":"d3590ed6-52b3-4102-aeff-aad2292ab01c"},{"Application Name":"Microsoft Office 365 Portal","Application IDs":"00000006-0000-0ff1-ce00-000000000000"},{"Application Name":"Microsoft Office Web Apps Service","Application IDs":"67e3df25-268a-4324-a550-0de1c7f97287"},{"Application Name":"Microsoft Online Syndication Partner Portal","Application IDs":"d176f6e7-38e5-40c9-8a78-3998aab820e7"},{"Application Name":"Microsoft password reset service","Application IDs":"93625bc8-bfe2-437a-97e0-3d0060024faa"},{"Application Name":"Microsoft Power BI","Application IDs":"871c010f-5e61-4fb1-83ac-98610a7e9110"},{"Application Name":"Microsoft Storefronts","Application IDs":"28b567f6-162c-4f54-99a0-6887f387bbcc"},{"Application Name":"Microsoft Stream Portal","Application IDs":"cf53fce8-def6-4aeb-8d30-b158e7b1cf83"},{"Application Name":"Microsoft Substrate Management","Application IDs":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41"},{"Application Name":"Microsoft Support","Application IDs":"fdf9885b-dd37-42bf-82e5-c3129ef5a302"},{"Application Name":"Microsoft Teams","Application IDs":"1fec8e78-bce4-4aaf-ab1b-5451cc387264"},{"Application Name":"Microsoft Teams Services","Application IDs":"cc15fd57-2c6c-4117-a88c-83b1d56b4bbe"},{"Application Name":"Microsoft Teams Web Client","Application IDs":"5e3ce6c0-2b1f-4285-8d4b-75ee78787346"},{"Application Name":"Microsoft Whiteboard Services","Application IDs":"95de633a-083e-42f5-b444-a4295d8e9314"},{"Application Name":"O365 Suite UX","Application IDs":"4345a7b9-9a63-4910-a426-35363201d503"},{"Application Name":"Office 365 Exchange Online","Application IDs":"00000002-0000-0ff1-ce00-000000000000"},{"Application Name":"Office 365 Management","Application IDs":"00b41c95-dab0-4487-9791-b9d2c32c80f2"},{"Application Name":"Office 365 Search Service","Application IDs":"66a88757-258c-4c72-893c-3e8bed4d6899"},{"Application Name":"Office 365 SharePoint Online","Application IDs":"00000003-0000-0ff1-ce00-000000000000"},{"Application Name":"Office Delve","Application IDs":"94c63fef-13a3-47bc-8074-75af8c65887a"},{"Application Name":"Office Online Add-in SSO","Application IDs":"93d53678-613d-4013-afc1-62e9e444a0a5"},{"Application Name":"Office Online Client AAD- Augmentation Loop","Application IDs":"2abdc806-e091-4495-9b10-b04d93c3f040"},{"Application Name":"Office Online Client AAD- Loki","Application IDs":"b23dd4db-9142-4734-867f-3577f640ad0c"},{"Application Name":"Office Online Client AAD- Maker","Application IDs":"17d5e35f-655b-4fb0-8ae6-86356e9a49f5"},{"Application Name":"Office Online Client MSA- Loki","Application IDs":"b6e69c34-5f1f-4c34-8cdf-7fea120b8670"},{"Application Name":"Office Online Core SSO","Application IDs":"243c63a3-247d-41c5-9d83-7788c43f1c43"},{"Application Name":"Office Online Search","Application IDs":"a9b49b65-0a12-430b-9540-c80b3332c127"},{"Application Name":"Office.com","Application IDs":"4b233688-031c-404b-9a80-a4f3f2351f90"},{"Application Name":"Office365 Shell WCSS-Client","Application IDs":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7"},{"Application Name":"OfficeClientService","Application IDs":"0f698dd4-f011-4d23-a33e-b36416dcb1e6"},{"Application Name":"OfficeHome","Application IDs":"4765445b-32c6-49b0-83e6-1d93765276ca"},{"Application Name":"OfficeShredderWacClient","Application IDs":"4d5c2d63-cf83-4365-853c-925fd1a64357"},{"Application Name":"OMSOctopiPROD","Application IDs":"62256cef-54c0-4cb4-bcac-4c67989bdc40"},{"Application Name":"OneDrive SyncEngine","Application IDs":"ab9b8c07-8f02-4f72-87fa-80105867a763"},{"Application Name":"OneNote","Application IDs":"2d4d3d8e-2be3-4bef-9f87-7875a61c29de"},{"Application Name":"Outlook Mobile","Application IDs":"27922004-5251-4030-b22d-91ecd9a37ea4"},{"Application Name":"Partner Customer Delegated Admin Offline Processor","Application IDs":"a3475900-ccec-4a69-98f5-a65cd5dc5306"},{"Application Name":"Password Breach Authenticator","Application IDs":"bdd48c81-3a58-4ea9-849c-ebea7f6b6360"},{"Application Name":"Power BI Service","Application IDs":"00000009-0000-0000-c000-000000000000"},{"Application Name":"SharedWithMe","Application IDs":"ffcb16e8-f789-467c-8ce9-f826a080d987"},{"Application Name":"SharePoint Online Web Client Extensibility","Application IDs":"08e18876-6177-487e-b8b5-cf950c1e598c"},{"Application Name":"Signup","Application IDs":"b4bddae8-ab25-483e-8670-df09b9f1d0ea"},{"Application Name":"Skype for Business Online","Application IDs":"00000004-0000-0ff1-ce00-000000000000"},{"Application Name":"Sway","Application IDs":"905fcf26-4eb7-48a0-9ff0-8dcc7194b5ba"},{"Application Name":"Universal Store Native Client","Application IDs":"268761a2-03f3-40df-8a8b-c3db24145b6b"},{"Application Name":"Vortex [wsfed enabled]","Application IDs":"5572c4c0-d078-44ce-b81c-6cbf8d3ed39e"},{"Application Name":"Windows Azure Active Directory","Application IDs":"00000002-0000-0000-c000-000000000000"},{"Application Name":"Windows Azure Service Management API","Application IDs":"797f4846-ba00-4fd7-ba43-dac1f8f63013"},{"Application Name":"WindowsDefenderATP Portal","Application IDs":"a3b79187-70b2-4139-83f9-6016c58cd27b"},{"Application Name":"Windows Search","Application IDs":"26a7ee05-5602-4d76-a7ba-eae8b7b67941"},{"Application Name":"Windows Spotlight","Application IDs":"1b3c667f-cde3-4090-b60b-3d2abd0117f0"},{"Application Name":"Windows Store for Business","Application IDs":"45a330b1-b1ec-4cc1-9161-9f03992aa49f"},{"Application Name":"Yammer","Application IDs":"00000005-0000-0ff1-ce00-000000000000"},{"Application Name":"Yammer Web","Application IDs":"c1c74fed-04c9-4704-80dc-9f79a2e515cb"},{"Application Name":"Yammer Web Embed","Application IDs":"e1ef36fd-b883-4dbf-97f0-9ece4b576fc6"}]' | ConvertFrom-Json | Where-Object -Property 'Application IDs' -EQ $data.applicationId - $HTMLTemplate = Get-Content 'Resources\TemplateEmail.html' -Raw | Out-String + $HTMLTemplate = Get-Content 'TemplateEmail.html' -Raw | Out-String $Title = '' $IntroText = '' $ButtonUrl = '' diff --git a/Resources/TemplateEmail.html b/TemplateEmail.html similarity index 100% rename from Resources/TemplateEmail.html rename to TemplateEmail.html From 68e6c1db1a1cd7d46be025d0ced2af67292900eb Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:16:11 +0100 Subject: [PATCH 04/10] up version --- host.json | 2 +- version_latest.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/host.json b/host.json index aa8f581b4e1f..a581a9789068 100644 --- a/host.json +++ b/host.json @@ -16,7 +16,7 @@ "distributedTracingEnabled": false, "version": "None" }, - "defaultVersion": "10.0.6", + "defaultVersion": "10.0.7", "versionMatchStrategy": "Strict", "versionFailureStrategy": "Fail" } diff --git a/version_latest.txt b/version_latest.txt index 80f86ac0c358..9380cfccb8c7 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -10.0.6 +10.0.7 From 3d3626c82debeef499c4c5d558b657d3651c88a7 Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:31:47 +0100 Subject: [PATCH 05/10] move words.txt back to root --- Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 | 2 +- Resources/words.txt => words.txt | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename Resources/words.txt => words.txt (100%) diff --git a/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 index 89545efd1229..c8393455c326 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 @@ -10,7 +10,7 @@ function New-passwordString { $SettingsTable = Get-CippTable -tablename 'Settings' $PasswordType = (Get-CIPPAzDataTableEntity @SettingsTable).passwordType if ($PasswordType -eq 'Correct-Battery-Horse') { - $Words = Get-Content .\Resources\words.txt + $Words = Get-Content .\words.txt (Get-Random -InputObject $words -Count 4) -join '-' } else { # Generate a complex password with a maximum of 100 tries diff --git a/Resources/words.txt b/words.txt similarity index 100% rename from Resources/words.txt rename to words.txt From 05aacb2b65a8fd187ab9cb72fb01429ffb5a6352 Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:35:44 +0100 Subject: [PATCH 06/10] more stuff back to root --- Resources/CIPPTimers.json => CIPPTimers.json | 0 Resources/CommunityRepos.json => CommunityRepos.json | 0 Resources/ConversionTable.csv => ConversionTable.csv | 0 .../HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 | 2 +- Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1 | 2 +- .../Public/Gradient/New-GradientServiceSyncRun.ps1 | 4 ++-- .../CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 | 2 +- 7 files changed, 5 insertions(+), 5 deletions(-) rename Resources/CIPPTimers.json => CIPPTimers.json (100%) rename Resources/CommunityRepos.json => CommunityRepos.json (100%) rename Resources/ConversionTable.csv => ConversionTable.csv (100%) diff --git a/Resources/CIPPTimers.json b/CIPPTimers.json similarity index 100% rename from Resources/CIPPTimers.json rename to CIPPTimers.json diff --git a/Resources/CommunityRepos.json b/CommunityRepos.json similarity index 100% rename from Resources/CommunityRepos.json rename to CommunityRepos.json diff --git a/Resources/ConversionTable.csv b/ConversionTable.csv similarity index 100% rename from Resources/ConversionTable.csv rename to ConversionTable.csv diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 index 8c33f1ed2d2a..79256990242f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/GitHub/Invoke-ListCommunityRepos.ps1 @@ -24,7 +24,7 @@ function Invoke-ListCommunityRepos { if (!$Request.Query.WriteAccess) { $CIPPRoot = (Get-Item (Get-Module -Name CIPPCore).ModuleBase).Parent.Parent.FullName - $CommunityRepos = Join-Path -Path $CIPPRoot -ChildPath 'Resources\CommunityRepos.json' + $CommunityRepos = Join-Path -Path $CIPPRoot -ChildPath 'CommunityRepos.json' $DefaultCommunityRepos = Get-Content -Path $CommunityRepos -Raw | ConvertFrom-Json $DefaultsMissing = $false diff --git a/Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1 b/Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1 index 529cd3f3aa84..d60ca8ed40cf 100644 --- a/Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPTimerFunctions.ps1 @@ -40,7 +40,7 @@ function Get-CIPPTimerFunctions { } $CIPPRoot = (Get-Item $CIPPCoreModuleRoot).Parent.Parent - $CippTimers = Get-Content -Path $CIPPRoot\Resources\CIPPTimers.json + $CippTimers = Get-Content -Path $CIPPRoot\CIPPTimers.json if ($ListAllTasks) { $Orchestrators = $CippTimers | ConvertFrom-Json | Sort-Object -Property Priority diff --git a/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 b/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 index b3e32933987b..cb85b1b60c74 100644 --- a/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 +++ b/Modules/CippExtensions/Public/Gradient/New-GradientServiceSyncRun.ps1 @@ -27,8 +27,8 @@ function New-GradientServiceSyncRun { } - Set-Location (Get-Item $PSScriptRoot).Parent.Parent.Parent.Parent.FullName - $ConvertTable = Import-Csv Resources\ConversionTable.csv + Set-Location (Get-Item $PSScriptRoot).Parent.FullName + $ConvertTable = Import-Csv ConversionTable.csv $Table = Get-CIPPTable -TableName cachelicenses $LicenseTable = Get-CIPPTable -TableName ExcludedLicenses $ExcludedSkuList = Get-CIPPAzDataTableEntity @LicenseTable diff --git a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 index 61b68e9e3b02..19b1e8c13def 100644 --- a/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 +++ b/Modules/CippExtensions/Public/Hudu/Invoke-HuduExtensionSync.ps1 @@ -34,7 +34,7 @@ function Invoke-HuduExtensionSync { # Import license mapping Set-Location (Get-Item $PSScriptRoot).Parent.Parent.Parent.Parent.FullName - $LicTable = Import-Csv Resources\ConversionTable.csv + $LicTable = Import-Csv ConversionTable.csv $CompanyResult.Logs.Add('Starting Hudu Extension Sync') From a42df97a164c533849c1e7d8cc319474bf08cba3 Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:37:42 +0100 Subject: [PATCH 07/10] move intunecollection back --- Resources/intuneCollection.json => intuneCollection.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Resources/intuneCollection.json => intuneCollection.json (100%) diff --git a/Resources/intuneCollection.json b/intuneCollection.json similarity index 100% rename from Resources/intuneCollection.json rename to intuneCollection.json From 334b95fd5ebe0885f74ac897666e2f62fd0dbe8d Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:45:27 +0100 Subject: [PATCH 08/10] put set-locations back --- Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 | 1 + Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 | 1 + .../Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 | 1 + Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 | 1 + Modules/CippEntrypoints/CippEntrypoints.psm1 | 1 + .../Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 3 +++ 6 files changed, 8 insertions(+) diff --git a/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 b/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 index c7963cc5a196..e927820cb13f 100644 --- a/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 @@ -11,6 +11,7 @@ function Add-CIPPApplicationPermission { } if ($RequiredResourceAccess -eq 'CIPPDefaults') { + Set-Location (Get-Item $PSScriptRoot).FullName $Permissions = Get-CippSamPermissions -NoDiff $RequiredResourceAccess = [System.Collections.Generic.List[object]]::new() diff --git a/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 b/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 index 26ece527aa48..2202e25147f9 100644 --- a/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPDelegatedPermission.ps1 @@ -8,6 +8,7 @@ function Add-CIPPDelegatedPermission { $TenantFilter ) Write-Host 'Adding Delegated Permissions' + Set-Location (Get-Item $PSScriptRoot).FullName if ($ApplicationId -eq $env:ApplicationID -and $TenantFilter -eq $env:TenantID) { #return @('Cannot modify delgated permissions for CIPP-SAM on partner tenant') diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 index 43289dc9cd39..e4318db2007e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 @@ -8,6 +8,7 @@ function Invoke-PublicWebhooks { param($Request, $TriggerMetadata) $Headers = $Request.Headers + Set-Location (Get-Item $PSScriptRoot).Parent.FullName $WebhookTable = Get-CIPPTable -TableName webhookTable $WebhookIncoming = Get-CIPPTable -TableName WebhookIncoming $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index 9843f4c7de09..e95cdb074f8d 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -25,6 +25,7 @@ function Test-CIPPAccessPermissions { } $Success = $true try { + Set-Location (Get-Item $PSScriptRoot).FullName $null = Get-CIPPAuthentication $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true if ($GraphToken) { diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 1f521af36c66..bc94fb638e28 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -39,6 +39,7 @@ function Receive-CippHttpTrigger { # Convert the request to a PSCustomObject because the httpContext is case sensitive since 7.3 $Request = $Request | ConvertTo-Json -Depth 100 | ConvertFrom-Json + Set-Location (Get-Item $PSScriptRoot).Parent.Parent.FullName if ($Request.Params.CIPPEndpoint -eq '$batch') { # Implement batch processing in the style of graph api $batch diff --git a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index ca67d3b360e3..7d2b1a4b9aab 100644 --- a/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/Public/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -1846,6 +1846,9 @@ function Invoke-NinjaOneTenantSync { ### CIPP Applied Standards Cards Write-Information 'Applied Standards' + $ModuleBase = Get-Module CIPPExtensions | Select-Object -ExpandProperty ModuleBase + $CIPPRoot = (Get-Item $ModuleBase).Parent.Parent.FullName + Set-Location $CIPPRoot try { $StandardsDefinitions = Invoke-RestMethod -Uri 'https://raw.githubusercontent.com/KelvinTegelaar/CIPP/refs/heads/main/src/data/standards.json' From d8cbc433e2a8e5e40002f4662b2568d4c294a8ec Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:46:40 +0100 Subject: [PATCH 09/10] one more --- profile.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/profile.ps1 b/profile.ps1 index 3925ffbf3f9d..a1ec3269f8d5 100644 --- a/profile.ps1 +++ b/profile.ps1 @@ -8,6 +8,7 @@ if ($env:APPLICATIONINSIGHTS_CONNECTION_STRING -or $env:APPINSIGHTS_INSTRUMENTAT $hasAppInsights = $true } if ($hasAppInsights) { + Set-Location -Path $PSScriptRoot $SwAppInsights = [System.Diagnostics.Stopwatch]::StartNew() try { $AppInsightsDllPath = Join-Path $PSScriptRoot 'Shared\AppInsights\Microsoft.ApplicationInsights.dll' From 32160569d548c56f6a2e89c7033b497af01e05b3 Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Fri, 30 Jan 2026 11:59:21 +0100 Subject: [PATCH 10/10] Only run DB update if change was made --- .../Standards/Invoke-CIPPStandardAppDeploy.ps1 | 17 ++++++++++++----- ...nvoke-CIPPStandardDisableResourceMailbox.ps1 | 14 +++++++++----- .../Invoke-CIPPStandardDisableSharedMailbox.ps1 | 16 ++++++++++------ .../Standards/Invoke-CIPPStandardPerUserMFA.ps1 | 16 ++++++++++------ ...Invoke-CIPPStandardUserPreferredLanguage.ps1 | 14 +++++++++----- .../Standards/Invoke-CIPPStandardcalDefault.ps1 | 14 +++++++++----- 6 files changed, 59 insertions(+), 32 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 index 318e751bfd2e..547dca85d033 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 @@ -111,6 +111,7 @@ function Invoke-CIPPStandardAppDeploy { $CurrentValue = if ($MissingApps.Count -eq 0) { [PSCustomObject]@{'state' = 'Configured correctly' } } else { [PSCustomObject]@{'MissingApps' = $MissingApps } } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if ($Mode -eq 'copy') { foreach ($App in $AppsToAdd) { $App = $App.Trim() @@ -121,6 +122,7 @@ function Invoke-CIPPStandardAppDeploy { try { New-CIPPApplicationCopy -App $App -Tenant $Tenant Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($Application.displayName) ($App) to $Tenant and updated it's permissions" -sev Info + $UpdateDB = $true } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add app $($Application.displayName) ($App). Error: $ErrorMessage" -sev Error @@ -175,6 +177,7 @@ function Invoke-CIPPStandardAppDeploy { if ($InstantiateResult.application.appId) { Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully deployed Gallery Template $($TemplateData.AppName) to tenant $Tenant. Application ID: $($InstantiateResult.application.appId)" -sev Info New-CIPPApplicationCopy -App $InstantiateResult.application.appId -Tenant $Tenant + $UpdateDB = $true } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "Gallery Template deployment completed but application ID not returned for $($TemplateData.AppName) in tenant $Tenant" -sev Warning } @@ -243,6 +246,7 @@ function Invoke-CIPPStandardAppDeploy { Add-CIPPDelegatedPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant Add-CIPPApplicationPermission -RequiredResourceAccess $CreatedApp.requiredResourceAccess -ApplicationId $CreatedApp.appId -Tenantfilter $Tenant } + $UpdateDB = $true } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "Application Manifest deployment failed - no application ID returned for $($TemplateData.AppName) in tenant $Tenant" -sev Error } @@ -263,6 +267,7 @@ function Invoke-CIPPStandardAppDeploy { Add-CIPPApplicationPermission -TemplateId $TemplateId -TenantFilter $Tenant Add-CIPPDelegatedPermission -TemplateId $TemplateId -TenantFilter $Tenant Write-LogMessage -API 'Standards' -tenant $tenant -message "Added application $($TemplateData.AppName) from Enterprise App template and updated its permissions" -sev Info + $UpdateDB = $true } } catch { @@ -272,11 +277,13 @@ function Invoke-CIPPStandardAppDeploy { } } - # Refresh service principals cache after remediation - try { - Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh service principals cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheServicePrincipals -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh service principals cache after remediation: $($_.Exception.Message)" -sev Warning + } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 index a15bcae71e8a..c0611aa41e34 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableResourceMailbox.ps1 @@ -57,6 +57,7 @@ function Invoke-CIPPStandardDisableResourceMailbox { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if ($ResourceMailboxList.Count -gt 0) { $int = 0 $BulkRequests = foreach ($Mailbox in $ResourceMailboxList) { @@ -80,6 +81,7 @@ function Invoke-CIPPStandardDisableResourceMailbox { if ($result.status -eq 200 -or $result.status -eq 204) { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName) disabled." -sev Info + $UpdateDB = $true } else { $errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" } Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for $($Mailbox.RecipientTypeDetails), $($Mailbox.DisplayName), $($Mailbox.UserPrincipalName): $errorMsg" -sev Error @@ -90,11 +92,13 @@ function Invoke-CIPPStandardDisableResourceMailbox { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable resource mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } else { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for resource mailboxes are already disabled.' -sev Info diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 index 1f1202c0a164..c1a1d4f9bb78 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 @@ -50,6 +50,7 @@ function Invoke-CIPPStandardDisableSharedMailbox { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if ($SharedMailboxList.Count -gt 0) { $int = 0 $BulkRequests = foreach ($Mailbox in $SharedMailboxList) { @@ -73,6 +74,7 @@ function Invoke-CIPPStandardDisableSharedMailbox { if ($result.status -eq 200 -or $result.status -eq 204) { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)) disabled." -sev Info + $UpdateDB = $true } else { $errorMsg = if ($result.body.error.message) { $result.body.error.message } else { "Unknown error (Status: $($result.status))" } Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to disable Entra account for shared mailbox $($Mailbox.DisplayName) ($($Mailbox.ObjectKey)): $errorMsg" -sev Error @@ -82,12 +84,14 @@ function Invoke-CIPPStandardDisableSharedMailbox { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to process bulk disable shared mailboxes request: $($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage } - - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } else { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All Entra accounts for shared mailboxes are already disabled.' -sev Info diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 index 98d5a2fcb762..60a44f4a4512 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPerUserMFA.ps1 @@ -55,20 +55,24 @@ function Invoke-CIPPStandardPerUserMFA { $UsersWithoutMFA = $GraphRequest | Where-Object -Property perUserMfaState -NE 'enforced' | Select-Object -Property userPrincipalName, displayName, accountEnabled, perUserMfaState if ($Settings.remediate -eq $true) { + $UpdateDB = $false if (($UsersWithoutMFA | Measure-Object).Count -gt 0) { try { $MFAMessage = Set-CIPPPerUserMFA -TenantFilter $Tenant -userId @($UsersWithoutMFA.userPrincipalName) -State 'enforced' Write-LogMessage -API 'Standards' -tenant $tenant -message $MFAMessage -sev Info + $UpdateDB = $true } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enforce MFA for all users: $ErrorMessage" -sev Error } - - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 index 08c7dfd53772..9f015db38c4a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserPreferredLanguage.ps1 @@ -46,6 +46,7 @@ function Invoke-CIPPStandardUserPreferredLanguage { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false if (($IncorrectUsers | Measure-Object).Count -gt 0) { try { foreach ($user in $IncorrectUsers) { @@ -61,17 +62,20 @@ function Invoke-CIPPStandardUserPreferredLanguage { } $null = New-GraphPOSTRequest @cmdParams Write-LogMessage -API 'Standards' -tenant $Tenant -message "Preferred language for $($user.userPrincipalName) has been set to $preferredLanguage" -sev Info + $UpdateDB = $true } } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set preferred language to $preferredLanguage for all users." -sev Error -LogData $ErrorMessage } - # Refresh user cache after remediation - try { - Set-CIPPDBCacheUsers -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh user cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheUsers -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh user cache after remediation: $($_.Exception.Message)" -sev Warning + } } } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 index 2edce2a10d35..37873d00e0cd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardcalDefault.ps1 @@ -50,6 +50,7 @@ function Invoke-CIPPStandardcalDefault { } if ($Settings.remediate -eq $true) { + $UpdateDB = $false try { # Get calendar permissions from cache - this contains the calendar Identity we need $CalendarPermissions = New-CIPPDbRequest -TenantFilter $Tenant -Type 'CalendarPermissions' @@ -89,6 +90,7 @@ function Invoke-CIPPStandardcalDefault { } Write-LogMessage -API 'Standards' -tenant $Tenant -message "Set default calendar permission for $($Calendar.Identity) to $permissionLevel" -sev Debug $SuccessCounter++ + $UpdateDB = $true } catch { $ErrorCounter++ $ErrorMessage = Get-CippException -Exception $_ @@ -98,11 +100,13 @@ function Invoke-CIPPStandardcalDefault { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Successfully set default calendar permissions for $SuccessCounter calendars. $ErrorCounter failed." -sev Info - # Refresh calendar permissions cache after remediation - try { - Set-CIPPDBCacheMailboxes -TenantFilter $Tenant - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning + # Refresh calendar permissions cache after remediation only if changes were made + if ($UpdateDB) { + try { + Set-CIPPDBCacheMailboxes -TenantFilter $Tenant + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to refresh mailbox cache after remediation: $($_.Exception.Message)" -sev Warning + } } } catch {