Skip to content

Commit 2c4f860

Browse files
JohnDupreyJohnDuprey
committed
Improve template matching by adding Source filter
Updated policy template matching logic to include the Source (TenantFilter) property, ensuring templates are matched and updated per tenant. Also standardized usage of policy ID and display name variables for consistency and correctness.
1 parent 038e3e8 commit 2c4f860

File tree

1 file changed

+10
-8
lines changed

1 file changed

+10
-8
lines changed

Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@ function New-CIPPTemplateRun {
114114
foreach ($policy in $policies) {
115115
try {
116116
$Hash = Get-StringHash -String ($policy | ConvertTo-Json -Depth 100 -Compress)
117-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'CATemplate' -and $_.displayName -eq $policy.displayName } | Select-Object -First 1
117+
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'CATemplate' -and $_.displayName -eq $policy.displayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
118118
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
119119
"CA Policy $($policy.displayName) found, SHA matches, skipping template creation"
120120
continue
@@ -184,16 +184,16 @@ function New-CIPPTemplateRun {
184184
$Hash = Get-StringHash -String ($Policy | ConvertTo-Json -Depth 100 -Compress)
185185
$DisplayName = $Policy.displayName ?? $Policy.name
186186

187-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'IntuneTemplate' -and $_.displayName -eq $DisplayName } | Select-Object -First 1
187+
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.PartitionKey -eq 'IntuneTemplate' -and $_.displayName -eq $DisplayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
188188

189189
Write-Information "Processing Intune Configuration Policy $($DisplayName) - $($ExistingPolicy ? 'Existing template found' : 'No existing template found')"
190190

191191
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
192-
"Intune Configuration Policy $($Policy.displayName) found, SHA matches, skipping template creation"
192+
"Intune Configuration Policy $($DisplayName) found, SHA matches, skipping template creation"
193193
continue
194194
}
195195

196-
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.ID
196+
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.id
197197
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
198198
"Policy $($Template.DisplayName) found, updating template"
199199
$object = [PSCustomObject]@{
@@ -246,14 +246,15 @@ function New-CIPPTemplateRun {
246246
'intunecompliance' {
247247
Write-Information "Create Intune Compliance Policy Templates for $TenantFilter"
248248
New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
249+
$Policy = $_
249250
$Hash = Get-StringHash -String (ConvertTo-Json -Depth 100 -Compress -InputObject $_)
250-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $_.DisplayName } | Select-Object -First 1
251+
$ExistingPolicy = $ExistingTemplates | Where-Object { $Policy.displayName -eq $_.DisplayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
251252
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
252253
"Intune Compliance Policy $($_.DisplayName) found, SHA matches, skipping template creation"
253254
continue
254255
}
255256

256-
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $_.ID
257+
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $Policy.id
257258
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
258259
"Intune Compliance Policy $($Template.DisplayName) found, updating template"
259260
$object = [PSCustomObject]@{
@@ -299,14 +300,15 @@ function New-CIPPTemplateRun {
299300
'intuneprotection' {
300301
Write-Information "Create Intune Protection Policy Templates for $TenantFilter"
301302
New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/managedAppPolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
303+
$Policy = $_
302304
$Hash = Get-StringHash -String (ConvertTo-Json -Depth 100 -Compress -InputObject $_)
303-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $_.DisplayName } | Select-Object -First 1
305+
$ExistingPolicy = $ExistingTemplates | Where-Object { $Policy.displayName -eq $_.DisplayName -and $_.Source -eq $TenantFilter } | Select-Object -First 1
304306
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
305307
"Intune Protection Policy $($_.DisplayName) found, SHA matches, skipping template creation"
306308
continue
307309
}
308310

309-
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $_.ID
311+
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $Policy.id
310312
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
311313
"Intune Protection Policy $($Template.DisplayName) found, updating template"
312314
$object = [PSCustomObject]@{

0 commit comments

Comments
 (0)