[pull] master from KelvinTegelaar:master

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertQuarantineReleaseRequests.ps1

@@ -38,7 +38,7 @@
                     MessageId         = $Message.MessageId
                     Subject           = $Message.Subject
                     SenderAddress     = $Message.SenderAddress
-                    RecipientAddress  = $Message.RecipientAddress
+                    RecipientAddress  = $Message.RecipientAddress -join '; '
                     Type              = $Message.Type
                     PolicyName        = $Message.PolicyName
                     ReleaseStatus     = $Message.ReleaseStatus

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertRestrictedUsers.ps1

@@ -37,6 +37,6 @@
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
         }
     } catch {
-        Write-LogMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" -severity 'Error' -API 'Get-CIPPAlertRestrictedUsers' -LogData (Get-CippException -Exception $_)
+       # Write-LogMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" -severity 'Error' -API 'Get-CIPPAlertRestrictedUsers' -LogData (Get-CippException -Exception $_)
     }
 }

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertTERRL.ps1

@@ -35,6 +35,6 @@ function Get-CIPPAlertTERRL {
             }
         }
     } catch {
-        Write-AlertMessage -tenant $($TenantFilter) -message "Could not get TERRL status for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+        Write-LogMessage -tenant $($TenantFilter) -message "Could not get TERRL status for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" -severity 'Error' -API 'CIPPAlertTERRL' -LogData (Get-CippException -Exception $_)
     }
 }

Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1

@@ -17,15 +17,15 @@ function Test-CIPPAccess {
         $CIPPCoreModule = Get-Module -Name CIPPCore
         if ($CIPPCoreModule) {
             $PermissionsFileJson = Join-Path $CIPPCoreModule.ModuleBase 'lib' 'data' 'function-permissions.json'
-            
+
             if (Test-Path $PermissionsFileJson) {
                 try {
                     $jsonData = Get-Content -Path $PermissionsFileJson -Raw | ConvertFrom-Json -AsHashtable
                     $global:CIPPFunctionPermissions = [System.Collections.Hashtable]::new([StringComparer]::OrdinalIgnoreCase)
                     foreach ($key in $jsonData.Keys) {
                         $global:CIPPFunctionPermissions[$key] = $jsonData[$key]
                     }
-                    Write-Information "Loaded $($global:CIPPFunctionPermissions.Count) function permissions from JSON cache"
+                    Write-Debug "Loaded $($global:CIPPFunctionPermissions.Count) function permissions from JSON cache"
                 } catch {
                     Write-Warning "Failed to load function permissions from JSON: $($_.Exception.Message)"
                 }
@@ -41,13 +41,13 @@ function Test-CIPPAccess {
             $PermissionData = $global:CIPPFunctionPermissions[$FunctionName]
             $APIRole = $PermissionData['Role']
             $Functionality = $PermissionData['Functionality']
-            Write-Information "Loaded function permission data from cache for '$FunctionName': Role='$APIRole', Functionality='$Functionality'"
+            Write-Debug "Loaded function permission data from cache for '$FunctionName': Role='$APIRole', Functionality='$Functionality'"
         } else {
             try {
                 $Help = Get-Help $FunctionName -ErrorAction Stop
                 $APIRole = $Help.Role
                 $Functionality = $Help.Functionality
-                Write-Information "Loaded function permission data via Get-Help for '$FunctionName': Role='$APIRole', Functionality='$Functionality'"
+                Write-Debug "Loaded function permission data via Get-Help for '$FunctionName': Role='$APIRole', Functionality='$Functionality'"
             } catch {
                 Write-Warning "Function '$FunctionName' not found"
             }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecListBackup.ps1

@@ -21,11 +21,21 @@ function Invoke-ExecListBackup {
 
     if ($NameOnly) {
         $Processed = foreach ($item in $Result) {
-            $properties = $item.PSObject.Properties | Where-Object { $_.Name -notin @('TenantFilter', 'ETag', 'PartitionKey', 'RowKey', 'Timestamp') -and $_.Value }
-            [PSCustomObject]@{
-                BackupName = $item.RowKey
-                Timestamp  = $item.Timestamp
-                Items      = $properties.Name
+            $properties = $item.PSObject.Properties | Where-Object { $_.Name -notin @('TenantFilter', 'ETag', 'PartitionKey', 'RowKey', 'Timestamp', 'OriginalEntityId', 'SplitOverProps', 'PartIndex') -and $_.Value }
+
+            if ($Type -eq 'Scheduled') {
+                [PSCustomObject]@{
+                    TenantFilter = $item.RowKey -match '^(.*?)_' | ForEach-Object { $matches[1] }
+                    BackupName   = $item.RowKey
+                    Timestamp    = $item.Timestamp
+                    Items        = $properties.Name
+                }
+            } else {
+                [PSCustomObject]@{
+                    BackupName = $item.RowKey
+                    Timestamp  = $item.Timestamp
+                }
+
             }
         }
         $Result = $Processed | Sort-Object Timestamp -Descending

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ListIntuneTemplates.ps1

@@ -39,7 +39,8 @@ function Invoke-ListIntuneTemplates {
                 $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force
                 $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force
                 $data | Add-Member -NotePropertyName 'package' -NotePropertyValue $_.Package -Force
-                $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA))
+                $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force
+                $data | Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force
                 $data
             } catch {
 
@@ -65,6 +66,8 @@ function Invoke-ListIntuneTemplates {
                                 $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $JSONData.Type -Force
                                 $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.RowKey -Force
                                 $data | Add-Member -NotePropertyName 'package' -NotePropertyValue $_.Package -Force
+                                $data | Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force
+                                $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force
                                 $data
                             } catch {
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-ListGroupTemplates.ps1

@@ -48,6 +48,8 @@ function Invoke-ListGroupTemplates {
                 allowExternal   = $data.allowExternal
                 username        = $data.username
                 GUID            = $_.RowKey
+                source          = $_.Source
+                isSynced        = (![string]::IsNullOrEmpty($_.SHA))
             }
         } catch {
             Write-Information "Could not parse group template $($_.RowKey): $($_.Exception.Message)"

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1

@@ -35,6 +35,8 @@ function Invoke-ListCAtemplates {
             $row = $_
             $data = $row.JSON | ConvertFrom-Json -Depth 100 -ErrorAction Stop
             $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $row.GUID -Force
+            $data | Add-Member -NotePropertyName 'source' -NotePropertyValue $row.Source -Force
+            $data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($row.SHA)) -Force
             $data
         } catch {
             Write-Warning "Failed to process CA template: $($row.RowKey) - $($_.Exception.Message)"

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1

@@ -23,6 +23,8 @@ function Invoke-listStandardTemplates {
         }
         if ($Data) {
             $Data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force
+            $Data | Add-Member -NotePropertyName 'source' -NotePropertyValue $_.Source -Force
+            $Data | Add-Member -NotePropertyName 'isSynced' -NotePropertyValue (![string]::IsNullOrEmpty($_.SHA)) -Force
 
             if (!$Data.excludedTenants) {
                 $Data | Add-Member -NotePropertyName 'excludedTenants' -NotePropertyValue @() -Force

Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-UpdateTokensTimer.ps1

@@ -68,7 +68,7 @@ function Start-UpdateTokensTimer {
                 Write-Information "Found $($ExpiredSecrets.Count) expired application secrets for $AppId. Removing them."
                 foreach ($Secret in $ExpiredSecrets) {
                     try {
-                        New-GraphPostRequest -type DELETE -uri "https://graph.microsoft.com/v1.0/applications/$($PasswordCredentials.id)/removePassword" -Body "{`"keyId`":`"$($Secret.keyId)`"}" -NoAuthCheck $true -AsApp $true -ErrorAction Stop
+                        New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/applications/$($PasswordCredentials.id)/removePassword" -Body "{`"keyId`":`"$($Secret.keyId)`"}" -NoAuthCheck $true -AsApp $true -ErrorAction Stop
                         Write-Information "Removed expired application secret with keyId $($Secret.keyId)."
                     } catch {
                         Write-LogMessage -API 'Update Tokens' -message "Error removing expired application secret with keyId $($Secret.keyId), see Log Data for details." -sev 'CRITICAL' -LogData (Get-CippException -Exception $_)

Modules/CIPPCore/Public/Functions/Get-CIPPTenantAlignment.ps1

@@ -111,18 +111,27 @@ function Get-CIPPTenantAlignment {
 
             if ($Template.tenantFilter -and $Template.tenantFilter.Count -gt 0) {
                 # Extract tenant values from the tenantFilter array
-                $TenantValues = $Template.tenantFilter | ForEach-Object {
-                    if ($_.type -eq 'group') {
-                        ($TenantGroups | Where-Object -Property GroupName -EQ $_.value).Members.defaultDomainName
+                $TenantValues = [System.Collections.Generic.List[string]]::new()
+                foreach ($filterItem in $Template.tenantFilter) {
+                    if ($filterItem.type -eq 'group') {
+                        # Look up group members by Id (GUID in the value field)
+                        $GroupMembers = $TenantGroups | Where-Object { $_.Id -eq $filterItem.value }
+                        if ($GroupMembers -and $GroupMembers.Members) {
+                            foreach ($member in $GroupMembers.Members.defaultDomainName) {
+                                $TenantValues.Add($member)
+                            }
+                        }
                     } else {
-                        $_.value
+                        $TenantValues.Add($filterItem.value)
                     }
                 }
 
                 if ($TenantValues -contains 'AllTenants') {
                     $AppliestoAllTenants = $true
+                } elseif ($TenantValues.Count -gt 0) {
+                    $TemplateAssignedTenants = @($TenantValues)
                 } else {
-                    $TemplateAssignedTenants = $TenantValues
+                    $TemplateAssignedTenants = @()
                 }
             } else {
                 $AppliestoAllTenants = $true

Modules/CIPPCore/Public/Get-CIPPBackup.ps1

@@ -18,14 +18,22 @@ function Get-CIPPBackup {
     }
 
     if ($NameOnly.IsPresent) {
-        $Table.Property = @('PartitionKey', 'RowKey', 'Timestamp', 'OriginalEntityId')
+        $Table.Property = @('RowKey')
     }
 
     $Filter = $Conditions -join ' and '
     $Table.Filter = $Filter
-    $Info = Get-CIPPAzDataTableEntity @Table -Debug
-    if ($TenantFilter) {
-        $Info = $Info | Where-Object { $_.TenantFilter -eq $TenantFilter }
+    $Info = Get-CIPPAzDataTableEntity @Table
+
+    if ($NameOnly.IsPresent) {
+        $Info = $Info | Where-Object { $_.RowKey -notmatch '-part[0-9]+$' }
+        if ($TenantFilter) {
+            $Info = $Info | Where-Object { $_.RowKey -match "^$($TenantFilter)_" }
+        }
+    } else {
+        if ($TenantFilter -and $TenantFilter -ne 'AllTenants') {
+            $Info = $Info | Where-Object { $_.TenantFilter -eq $TenantFilter }
+        }
     }
     return $Info
 }

Modules/CIPPCore/Public/Get-CIPPDrift.ps1

@@ -280,13 +280,17 @@ function Get-CIPPDrift {
                     } else {
                         'New'
                     }
+                    $reason = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].Reason }
+                    $User = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].User }
                     $PolicyDeviation = [PSCustomObject]@{
                         standardName        = $PolicyKey
                         standardDisplayName = "Intune - $TenantPolicyName"
                         expectedValue       = 'This policy only exists in the tenant, not in the template.'
                         receivedValue       = $TenantPolicy.Policy
                         state               = 'current'
                         Status              = $Status
+                        Reason              = $reason
+                        lastChangedByUser   = $User
                     }
                     $PolicyDeviations.Add($PolicyDeviation)
                 }
@@ -310,13 +314,17 @@ function Get-CIPPDrift {
                     } else {
                         'New'
                     }
+                    $reason = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].Reason }
+                    $User = if ($ExistingDriftStates.ContainsKey($PolicyKey)) { $ExistingDriftStates[$PolicyKey].User }
                     $PolicyDeviation = [PSCustomObject]@{
                         standardName        = $PolicyKey
                         standardDisplayName = "Conditional Access - $($TenantCAPolicy.displayName)"
                         expectedValue       = 'This policy only exists in the tenant, not in the template.'
                         receivedValue       = $TenantCAPolicy | Out-String
                         state               = 'current'
                         Status              = $Status
+                        Reason              = $reason
+                        lastChangedByUser   = $User
                     }
                     $PolicyDeviations.Add($PolicyDeviation)
                 }