KelvinTegelaar · KelvinTegelaar · Jul 12, 2024 · Jul 9, 2024 · Jul 10, 2024 · Jul 10, 2024
diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1
@@ -20,13 +20,13 @@ Function Invoke-ExecClrImmId {
     Try {
         $TenantFilter = $Request.Query.TenantFilter
         $UserID = $Request.Query.ID
-        $Body = [pscustomobject] @{
-            onPremisesImmutableId = $null
-        } | ConvertTo-Json
-        $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body
+        $Body = [pscustomobject]@{ onPremisesImmutableId = $null }
+        $Body = ConvertTo-Json -InputObject $Body -Depth 5 -Compress
+        $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body
         $Results = [pscustomobject]@{'Results' = 'Successfully Cleared ImmutableId' }
     } catch {
-        $Results = [pscustomobject]@{'Results' = "Failed. $_.Exception.Message"; colour = 'danger' }
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception
+        $Results = [pscustomobject]@{'Results' = "Failed. $ErrorMessage"; colour = 'danger' }
         $_.Exception
     }
 
@@ -35,5 +35,4 @@ Function Invoke-ExecClrImmId {
             StatusCode = [HttpStatusCode]::OK
             Body       = $Results
         })
-
 }
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1
@@ -1,36 +1,35 @@
 function Invoke-CIPPStandardActivityBasedTimeout {
     <#
     .FUNCTIONALITY
-    Internal
-    .APINAME
-    ActivityBasedTimeout
-    .CAT
-    Global Standards
-    .TAG
-    "mediumimpact"
-    "CIS"
-    "spo_idle_session_timeout"
-    .HELPTEXT
-    Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps
-    .ADDEDCOMPONENT
-    {"type":"Select","label":"Select value","name":"standards.ActivityBasedTimeout.timeout","values":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]}
-    .LABEL
-    Enable Activity based Timeout
-    .IMPACT
-    Medium Impact
-    .POWERSHELLEQUIVALENT
-    Portal or Graph API
-    .RECOMMENDEDBY
-    "CIS"
-    .DOCSDESCRIPTION
-    Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps
-    .UPDATECOMMENTBLOCK
-    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+        Internal
+    .COMPONENT
+        (APIName) ActivityBasedTimeout
+    .SYNOPSIS
+        (Label) Enable Activity based Timeout
+    .DESCRIPTION
+        (Helptext) Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps
+        (DocsDescription) Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps
+    .NOTES
+        CAT
+            Global Standards
+        TAG
+            "mediumimpact"
+            "CIS"
+            "spo_idle_session_timeout"
+        ADDEDCOMPONENT
+            {"type":"Select","label":"Select value","name":"standards.ActivityBasedTimeout.timeout","values":[{"label":"1 Hour","value":"01:00:00"},{"label":"3 Hours","value":"03:00:00"},{"label":"6 Hours","value":"06:00:00"},{"label":"12 Hours","value":"12:00:00"},{"label":"24 Hours","value":"1.00:00:00"}]}
+        IMPACT
+            Medium Impact
+        POWERSHELLEQUIVALENT
+            Portal or Graph API
+        RECOMMENDEDBY
+            "CIS"
+        UPDATECOMMENTBLOCK
+            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    .LINK
+        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
     #>
 
-
-
-
     param($Tenant, $Settings)
 
     # Input validation
@@ -91,8 +90,3 @@ function Invoke-CIPPStandardActivityBasedTimeout {
     }
 
 }
-
-
-
-
-
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1
@@ -1,34 +1,33 @@
 function Invoke-CIPPStandardAddDKIM {
     <#
     .FUNCTIONALITY
-    Internal
-    .APINAME
-    AddDKIM
-    .CAT
-    Exchange Standards
-    .TAG
-    "lowimpact"
-    "CIS"
-    .HELPTEXT
-    Enables DKIM for all domains that currently support it
-    .ADDEDCOMPONENT
-    .LABEL
-    Enables DKIM for all domains that currently support it
-    .IMPACT
-    Low Impact
-    .POWERSHELLEQUIVALENT
-    New-DkimSigningConfig and Set-DkimSigningConfig
-    .RECOMMENDEDBY
-    "CIS"
-    .DOCSDESCRIPTION
-    Enables DKIM for all domains that currently support it
-    .UPDATECOMMENTBLOCK
-    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+        Internal
+    .COMPONENT
+        (APIName) AddDKIM
+    .SYNOPSIS
+        (Label) Enables DKIM for all domains that currently support it
+    .DESCRIPTION
+        (Helptext) Enables DKIM for all domains that currently support it
+        (DocsDescription) Enables DKIM for all domains that currently support it
+    .NOTES
+        CAT
+            Exchange Standards
+        TAG
+            "lowimpact"
+            "CIS"
+        ADDEDCOMPONENT
+        IMPACT
+            Low Impact
+        POWERSHELLEQUIVALENT
+            New-DkimSigningConfig and Set-DkimSigningConfig
+        RECOMMENDEDBY
+            "CIS"
+        UPDATECOMMENTBLOCK
+            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    .LINK
+        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
     #>
 
-
-
-
     param($Tenant, $Settings)
 
     $AllDomains = (New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains?$top=999' -tenantid $Tenant | Where-Object { $_.supportedServices -contains 'Email' -or $_.id -like '*mail.onmicrosoft.com' }).id
@@ -107,7 +106,3 @@ function Invoke-CIPPStandardAddDKIM {
         Add-CIPPBPAField -FieldName 'DKIM' -FieldValue $DKIMState -StoreAs bool -Tenant $tenant
     }
 }
-
-
-
-
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1
@@ -1,34 +1,31 @@
 function Invoke-CIPPStandardAnonReportDisable {
     <#
     .FUNCTIONALITY
-    Internal
-    .APINAME
-    AnonReportDisable
-    .CAT
-    Global Standards
-    .TAG
-    "lowimpact"
-    .HELPTEXT
-    Shows usernames instead of pseudo anonymised names in reports. This standard is required for reporting to work correctly.
-    .DOCSDESCRIPTION
-    Microsoft announced some APIs and reports no longer return names, to comply with compliance and legal requirements in specific countries. This proves an issue for a lot of MSPs because those reports are often helpful for engineers. This standard applies a setting that shows usernames in those API calls / reports.
-    .ADDEDCOMPONENT
-    .LABEL
-    Enable Usernames instead of pseudo anonymised names in reports
-    .IMPACT
-    Low Impact
-    .POWERSHELLEQUIVALENT
-    Update-MgBetaAdminReportSetting -BodyParameter @{displayConcealedNames = $true}
-    .RECOMMENDEDBY
-    .DOCSDESCRIPTION
-    Shows usernames instead of pseudo anonymised names in reports. This standard is required for reporting to work correctly.
-    .UPDATECOMMENTBLOCK
-    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+        Internal
+    .COMPONENT
+        (APIName) AnonReportDisable
+    .SYNOPSIS
+        (Label) Enable Usernames instead of pseudo anonymised names in reports
+    .DESCRIPTION
+        (Helptext) Shows usernames instead of pseudo anonymised names in reports. This standard is required for reporting to work correctly.
+        (DocsDescription) Microsoft announced some APIs and reports no longer return names, to comply with compliance and legal requirements in specific countries. This proves an issue for a lot of MSPs because those reports are often helpful for engineers. This standard applies a setting that shows usernames in those API calls / reports.
+    .NOTES
+        CAT
+            Global Standards
+        TAG
+            "lowimpact"
+        ADDEDCOMPONENT
+        IMPACT
+            Low Impact
+        POWERSHELLEQUIVALENT
+            Update-MgBetaAdminReportSetting -BodyParameter @{displayConcealedNames = $true}
+        RECOMMENDEDBY
+        UPDATECOMMENTBLOCK
+            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    .LINK
+        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
     #>
 
-
-
-
     param($Tenant, $Settings)
     $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -tenantid $Tenant -AsApp $true
 
@@ -58,7 +55,3 @@ function Invoke-CIPPStandardAnonReportDisable {
         Add-CIPPBPAField -FieldName 'AnonReport' -FieldValue $CurrentInfo.displayConcealedNames -StoreAs bool -Tenant $tenant
     }
 }
-
-
-
-
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1
@@ -1,54 +1,52 @@
 function Invoke-CIPPStandardAntiPhishPolicy {
-    <#
-    .FUNCTIONALITY
-    Internal
-    .APINAME
-    AntiPhishPolicy
-    .CAT
-    Defender Standards
-    .TAG
-    "lowimpact"
-    "CIS"
-    "mdo_safeattachments"
-    "mdo_highconfidencespamaction"
-    "mdo_highconfidencephishaction"
-    "mdo_phisspamacation"
-    "mdo_spam_notifications_only_for_admins"
-    "mdo_antiphishingpolicies"
-    .HELPTEXT
-    This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.
-    .ADDEDCOMPONENT
-    {"type":"number","label":"Phishing email threshold. (Default 1)","name":"standards.AntiPhishPolicy.PhishThresholdLevel","default":1}
-    {"type":"boolean","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true}
-    {"type":"boolean","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true}
-    {"type":"boolean","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true}
-    {"type":"boolean","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true}
-    {"type":"Select","label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]}
-    {"type":"Select","label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
-    {"type":"Select","label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
-    {"type":"Select","label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
-    {"type":"Select","label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
-    {"type":"Select","label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","values":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]}
-    {"type":"Select","label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
-    {"type":"Select","label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
-    .LABEL
-    Default Anti-Phishing Policy
-    .IMPACT
-    Low Impact
-    .POWERSHELLEQUIVALENT
-    Set-AntiphishPolicy or New-AntiphishPolicy
-    .RECOMMENDEDBY
-    "CIS"
-    .DOCSDESCRIPTION
-    This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.
-    .UPDATECOMMENTBLOCK
-    Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    <#
+    .FUNCTIONALITY
+        Internal
+    .COMPONENT
+        (APIName) AntiPhishPolicy
+    .SYNOPSIS
+        (Label) Default Anti-Phishing Policy
+    .DESCRIPTION
+        (Helptext) This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.
+        (DocsDescription) This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.
+    .NOTES
+        CAT
+            Defender Standards
+        TAG
+            "lowimpact"
+            "CIS"
+            "mdo_safeattachments"
+            "mdo_highconfidencespamaction"
+            "mdo_highconfidencephishaction"
+            "mdo_phisspamacation"
+            "mdo_spam_notifications_only_for_admins"
+            "mdo_antiphishingpolicies"
+        ADDEDCOMPONENT
+            {"type":"number","label":"Phishing email threshold. (Default 1)","name":"standards.AntiPhishPolicy.PhishThresholdLevel","default":1}
+            {"type":"boolean","label":"Show first contact safety tip","name":"standards.AntiPhishPolicy.EnableFirstContactSafetyTips","default":true}
+            {"type":"boolean","label":"Show user impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarUsersSafetyTips","default":true}
+            {"type":"boolean","label":"Show domain impersonation safety tip","name":"standards.AntiPhishPolicy.EnableSimilarDomainsSafetyTips","default":true}
+            {"type":"boolean","label":"Show user impersonation unusual characters safety tip","name":"standards.AntiPhishPolicy.EnableUnusualCharactersSafetyTips","default":true}
+            {"type":"Select","label":"If the message is detected as spoof by spoof intelligence","name":"standards.AntiPhishPolicy.AuthenticationFailAction","values":[{"label":"Quarantine the message","value":"Quarantine"},{"label":"Move to Junk Folder","value":"MoveToJmf"}]}
+            {"type":"Select","label":"Quarantine policy for Spoof","name":"standards.AntiPhishPolicy.SpoofQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
+            {"type":"Select","label":"If a message is detected as user impersonation","name":"standards.AntiPhishPolicy.TargetedUserProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
+            {"type":"Select","label":"Quarantine policy for user impersonation","name":"standards.AntiPhishPolicy.TargetedUserQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
+            {"type":"Select","label":"If a message is detected as domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
+            {"type":"Select","label":"Quarantine policy for domain impersonation","name":"standards.AntiPhishPolicy.TargetedDomainQuarantineTag","values":[{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"},{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"}]}
+            {"type":"Select","label":"If Mailbox Intelligence detects an impersonated user","name":"standards.AntiPhishPolicy.MailboxIntelligenceProtectionAction","values":[{"label":"Move to Junk Folder","value":"MoveToJmf"},{"label":"Delete the message before its delivered","value":"Delete"},{"label":"Quarantine the message","value":"Quarantine"}]}
+            {"type":"Select","label":"Apply quarantine policy","name":"standards.AntiPhishPolicy.MailboxIntelligenceQuarantineTag","values":[{"label":"AdminOnlyAccessPolicy","value":"AdminOnlyAccessPolicy"},{"label":"DefaultFullAccessPolicy","value":"DefaultFullAccessPolicy"},{"label":"DefaultFullAccessWithNotificationPolicy","value":"DefaultFullAccessWithNotificationPolicy"}]}
+        IMPACT
+            Low Impact
+        POWERSHELLEQUIVALENT
+            Set-AntiphishPolicy or New-AntiphishPolicy
+        RECOMMENDEDBY
+            "CIS"
+        UPDATECOMMENTBLOCK
+            Run the Tools\Update-StandardsComments.ps1 script to update this comment block
+    .LINK
+        https://docs.cipp.app/user-documentation/tenant/standards/edit-standards
     #>
 
-
-
-
-
     param($Tenant, $Settings)
     $PolicyName = 'Default Anti-Phishing Policy'
 
@@ -180,7 +178,3 @@ function Invoke-CIPPStandardAntiPhishPolicy {
     }
 
 }
-
-
-
-
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAppDeploy.ps1
@@ -5,7 +5,7 @@ function Invoke-CIPPStandardAppDeploy {
     .COMPONENT
         (APIName) AppDeploy
     .SYNOPSIS
-        Deploy Application
+        (Label) Deploy Application
     .DESCRIPTION
         (Helptext) Deploys selected applications to the tenant. Use a comma separated list of application IDs to deploy multiple applications. Permissions will be copied from the source application.
         (DocsDescription) Uses the CIPP functionality that deploys applications across an entire tenant base as a standard.
@@ -16,8 +16,6 @@ function Invoke-CIPPStandardAppDeploy {
             "lowimpact"
         ADDEDCOMPONENT
             {"type":"input","name":"standards.AppDeploy.appids","label":"Application IDs, comma separated"}
-        LABEL
-            Deploy Application
         IMPACT
             Low Impact
         POWERSHELLEQUIVALENT