Change all global standards to report if they were already in the cor…

…rect state
kris6673 · Feb 7, 2024 · 84d9c84 · 84d9c84
1 parent cc3135c
commit 84d9c84
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 47 deletions.
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1
@@ -16,9 +16,12 @@ function Invoke-CIPPStandardActivityBasedTimeout {
   "definition":["{\"ActivityBasedTimeoutPolicy\":{\"Version\":1,\"ApplicationPolicies\":[{\"ApplicationId\":\"default\",\"WebSessionIdleTimeout\":\"01:00:00\"}]}}"]
 }
 '@
-    (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies' -Type POST -Body $body -ContentType 'application/json')
+
+                New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies' -Type POST -Body $body -ContentType 'application/json'
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Activity Based Timeout of one hour' -sev Info
+            } else {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Activity Based Timeout is already enabled' -sev Info
             }
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Activity Based Timeout of one hour' -sev Info
         } catch {
             Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Activity Based Timeout $($_.exception.message)" -sev Error
         }

diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1
@@ -5,12 +5,18 @@ function Invoke-CIPPStandardAnonReportDisable {
     #>
     param($Tenant, $Settings)
     $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -tenantid $Tenant -AsApp $true
+
     If ($Settings.remediate) {
-        try {
-            New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -Type patch -Body '{"displayConcealedNames": false}' -ContentType 'application/json' -AsApp $true
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports Disabled.' -sev Info
-        } catch {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable anonymous reports. Error: $($_.exception.message)" -sev Error
+
+        if ($CurrentInfo.displayConcealedNames -eq $false) {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports is already disabled.' -sev Info
+        } else {
+            try {
+                New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -Type patch -Body '{"displayConcealedNames": false}' -ContentType 'application/json' -AsApp $true
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports Disabled.' -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable anonymous reports. Error: $($_.exception.message)" -sev Error
+            }
         }
     }
     if ($Settings.alert) {

diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1
@@ -9,19 +9,23 @@ function Invoke-CIPPStandardAuditLog {
 
     If ($Settings.remediate) {
         Write-Host 'Time to remediate'
+
         $DehydratedTenant = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').IsDehydrated
         if ($DehydratedTenant) {
-            New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization'
+            try {
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization'
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Organization customization enabled.' -sev Info
+            } catch {
+                $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable organization customization. Error: $ErrorMessage" -sev Debug
+            }
         }
-
+        
         try {
             if ($AuditLogEnabled) {
                 Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log already enabled.' -sev Info
             } else {
-                $AdminAuditLogParams = @{
-                    UnifiedAuditLogIngestionEnabled = $true
-                }
-                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams $AdminAuditLogParams
+                New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams @{UnifiedAuditLogIngestionEnabled = $true }
                 Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log Enabled.' -sev Info
             }
 

diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1
@@ -27,7 +27,6 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP {
                     Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info
                 } catch {
                     Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error
-
                 }
             }
         }
@@ -38,15 +37,15 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is disabled' -sev Info
         } else {
 
-            if ($CurrentInfo.SmtpClientAuthenticationDisabled -eq $false) {
-                $LogMessage = 'SMTP Basic Authentication for tenant is not disabled. '
-            } else {
+            if ($CurrentInfo.SmtpClientAuthenticationDisabled) {
                 $LogMessage = 'SMTP Basic Authentication for tenant is disabled. '
-            }
-            if ($SMTPusers.Count -ne 0) {
-                $LogMessage += "SMTP Basic Authentication for $($SMTPusers.Count) users is not disabled"
             } else {
+                $LogMessage = 'SMTP Basic Authentication for tenant is not disabled. '
+            }
+            if ($SMTPusers.Count -eq 0) {
                 $LogMessage += 'SMTP Basic Authentication for all users is disabled'
+            } else {
+                $LogMessage += "SMTP Basic Authentication for $($SMTPusers.Count) users is not disabled"
             }
             Write-LogMessage -API 'Standards' -tenant $tenant -message $LogMessage -sev Alert
         }

diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1
@@ -8,14 +8,16 @@ function Invoke-CIPPStandardDisableGuestDirectory {
 
     If ($Settings.remediate) {
 
-
-        try {
-            $body = '{guestUserRoleId: "2af84b1e-32c8-42b7-82bc-daa82404023b"}'
-    (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json')
-
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Guest access to directory information.' -sev Info
-        } catch {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Guest access to directory information.: $($_.exception.message)" -sev 'Error'
+        if ($CurrentInfo.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b') {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guest access to directory information is already disabled.' -sev Info
+        } else {
+            try {
+                $body = '{guestUserRoleId: "2af84b1e-32c8-42b7-82bc-daa82404023b"}'
+                New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json'
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Guest access to directory information.' -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Guest access to directory information.: $($_.exception.message)" -sev 'Error'
+            }
         }
     }
 
@@ -27,12 +29,9 @@ function Invoke-CIPPStandardDisableGuestDirectory {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guest access to directory information is not disabled.' -sev Alert
         }
     }
+
     if ($Settings.report) {
-        if ($CurrentInfo.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b') {
-            $CurrentInfo.guestUserRoleId = $true
-        } else {
-            $CurrentInfo.guestUserRoleId = $false
-        }
+        if ($CurrentInfo.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b') { $CurrentInfo.guestUserRoleId = $true } else { $CurrentInfo.guestUserRoleId = $false }
         Add-CIPPBPAField -FieldName 'DisableGuestDirectory' -FieldValue [bool]$CurrentInfo.guestUserRoleId -StoreAs bool -Tenant $tenant
     }
 }
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1
@@ -5,28 +5,37 @@ function Invoke-CIPPStandardMailContacts {
     #>
     param($Tenant, $Settings)
     $TenantID = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/organization' -tenantid $tenant)
+    $CurrentInfo = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$($TenantID.id)" -tenantid $Tenant
+    $contacts = $settings
+    $TechAndSecurityContacts = @($Contacts.SecurityContact, $Contacts.TechContact)
 
     If ($Settings.remediate) {
 
-        $contacts = $settings
-        try {
-            $Body = [pscustomobject]@{}
-            switch ($Contacts) {
-                { $Contacts.MarketingContact } { $body | Add-Member -NotePropertyName marketingNotificationEmails -NotePropertyValue @($Contacts.MarketingContact) }
-                { $Contacts.SecurityContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.SecurityContact) }
-                { $Contacts.TechContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.TechContact) }
-                { $Contacts.GeneralContact } { $body | Add-Member -NotePropertyName privacyProfile -NotePropertyValue @{contactEmail = $Contacts.GeneralContact } }
+        # TODO: Make this smaller if possible
+        if ($CurrentInfo.marketingNotificationEmails -eq $Contacts.MarketingContact -and `
+            ($CurrentInfo.securityComplianceNotificationMails -in $TechAndSecurityContacts -or 
+                $CurrentInfo.technicalNotificationMails -in $TechAndSecurityContacts) -and `
+                $CurrentInfo.privacyProfile.contactEmail -eq $Contacts.GeneralContact) {
+            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails are already set.' -sev Info
+        } else {
+            try {
+                $Body = [pscustomobject]@{}
+                switch ($Contacts) {
+                    { $Contacts.MarketingContact } { $body | Add-Member -NotePropertyName marketingNotificationEmails -NotePropertyValue @($Contacts.MarketingContact) }
+                    { $Contacts.SecurityContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.SecurityContact) }
+                    { $Contacts.TechContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.TechContact) -ErrorAction SilentlyContinue }
+                    { $Contacts.GeneralContact } { $body | Add-Member -NotePropertyName privacyProfile -NotePropertyValue @{contactEmail = $Contacts.GeneralContact } }
+                }
+                Write-Host (ConvertTo-Json -InputObject $body)
+                New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/v1.0/organization/$($TenantID.id)" -asApp $true -Type patch -Body (ConvertTo-Json -InputObject $body) -ContentType 'application/json'
+                Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails set.' -sev Info
+            } catch {
+                Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set contact emails: $($_.exception.message)" -sev Error
             }
-            Write-Host (ConvertTo-Json -InputObject $body)
-            New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/v1.0/organization/$($TenantID.id)" -asApp $true -Type patch -Body (ConvertTo-Json -InputObject $body) -ContentType 'application/json'
-            Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails set.' -sev Info
-        } catch {
-            Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set contact emails: $($_.exception.message)" -sev Error
         }
     }
     if ($Settings.alert) {
 
-        $CurrentInfo = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$($TenantID.id)" -tenantid $Tenant
         if ($CurrentInfo.marketingNotificationEmails -eq $Contacts.MarketingContact) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message "Marketing contact email is set to $($Contacts.MarketingContact)" -sev Info
         } else {
@@ -47,6 +56,7 @@ function Invoke-CIPPStandardMailContacts {
         } else {
             Write-LogMessage -API 'Standards' -tenant $tenant -message "General contact email is not set to $($Contacts.GeneralContact)" -sev Alert
         }
+
     }
     if ($Settings.report) {
         Add-CIPPBPAField -FieldName 'MailContacts' -FieldValue $CurrentInfo -StoreAs json -Tenant $tenant