[pull] master from KelvinTegelaar:master

AddMSPApp/datto.app.xml

@@ -1,15 +1,15 @@
-<ApplicationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ToolVersion="1.8.3.0">
-  <Name>install.ps1</Name>
-  <UnencryptedContentSize>705</UnencryptedContentSize>
-  <FileName>datto.intunewin</FileName>
-  <SetupFile>install.ps1</SetupFile>
-  <EncryptionInfo>
-    <EncryptionKey>sL/LP/JZ4F4cBSykm6usgJoV1PMoqd62C6JUwuo2z24=</EncryptionKey>
-    <MacKey>PEpeqeoX7jAWxb0xHGfCkKFxh4/YRfoMTVXrP+uZWzM=</MacKey>
-    <InitializationVector>ulFPA+vYjaxX0pvq0BMAKQ==</InitializationVector>
-    <Mac>28ZFU4AT1OznwF8pfqO8i+WFUNSf9024H4Jw2H7UJWs=</Mac>
-    <ProfileIdentifier>ProfileVersion1</ProfileIdentifier>
-    <FileDigest>YEb+QNQCko/uZyedA+JfcP/RDm+nZOIjFN04CfhwN4c=</FileDigest>
-    <FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
-  </EncryptionInfo>
+<ApplicationInfo xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ToolVersion="1.8.3.0">
+  <Name>install.ps1</Name>
+  <UnencryptedContentSize>693</UnencryptedContentSize>
+  <FileName>datto.intunewin</FileName>
+  <SetupFile>install.ps1</SetupFile>
+  <EncryptionInfo>
+    <EncryptionKey>jobB9Ga7J3CbO6acWJyvBRE56nFXwqGfcnGfZRMsJC4=</EncryptionKey>
+    <MacKey>53SOzs0l6Po2btsGFSMZgkV8vwhH+PxTN8BZDUcfWfg=</MacKey>
+    <InitializationVector>VjM/osrvPElbu79J+mdXuw==</InitializationVector>
+    <Mac>UZZXO53Np/tG6Ms+qvwLcNOeD1GRH6NRPFg/TuMz39M=</Mac>
+    <ProfileIdentifier>ProfileVersion1</ProfileIdentifier>
+    <FileDigest>KtAWAl29064LG0eyDinbDs0JUbK+EK7GsJovu8obBM4=</FileDigest>
+    <FileDigestAlgorithm>SHA256</FileDigestAlgorithm>
+  </EncryptionInfo>
 </ApplicationInfo>

CIPPTimers.json

@@ -80,6 +80,15 @@
     "RunOnProcessor": true,
     "PreferredProcessor": "standards"
   },
+  {
+    "Id": "4d80205c-674d-4fc1-abeb-a1ec37e0d796",
+    "Command": "Start-DriftStandardsOrchestrator",
+    "Description": "Orchestrator to process drift standards",
+    "Cron": "0 0 */1 * * *",
+    "Priority": 5,
+    "RunOnProcessor": true,
+    "PreferredProcessor": "standards"
+  },
   {
     "Id": "97145a1d-28f0-4bb2-b929-5a43517d23cc",
     "Command": "Start-SchedulerOrchestrator",
@@ -197,4 +206,4 @@
     "RunOnProcessor": true,
     "IsSystem": true
   }
-]
+]

Modules/CIPPCore/Public/Add-CIPPAlias.ps1

@@ -1,26 +1,27 @@
 function Add-CIPPAlias {
     [CmdletBinding()]
     param (
-        $user,
+        $User,
         $Aliases,
-        $UserprincipalName,
+        $UserPrincipalName,
         $TenantFilter,
         $APIName = 'Add Alias',
         $Headers
     )
 
     try {
         foreach ($Alias in $Aliases) {
-            Write-Host "Adding alias $Alias to $user"
-            New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$user" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -verbose
+            Write-Host "Adding alias $Alias to $User"
+            New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$User" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$Alias`"}" -verbose
         }
         Write-Host "Resetting primary alias to $User"
-        New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($user)" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$User`"}" -verbose
-        Write-LogMessage -headers $Headers -API $APINAME -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserprincipalName)" -Sev 'Info'
+        New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$User" -tenantid $TenantFilter -type 'patch' -body "{`"mail`": `"$User`"}" -verbose
+        Write-LogMessage -headers $Headers -API $APIName -tenant $($TenantFilter) -message "Added alias $($Alias) to $($UserPrincipalName)" -Sev 'Info'
         return ("Added Aliases: $($Aliases -join ',')")
     } catch {
-        Write-LogMessage -headers $Headers -API $APINAME -tenant $($TenantFilter) -message "Failed to set alias. Error:$($_.Exception.Message)" -Sev 'Error'
-        throw "Failed to set alias: $($_.Exception.Message)"
+        $ErrorMessage = Get-CippException -Exception $_
+        Write-LogMessage -headers $Headers -API $APIName -tenant $($TenantFilter) -message "Failed to set alias. Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $ErrorMessage
+        throw "Failed to set alias: $($ErrorMessage.NormalizedError)"
     }
 }
 

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertLicenseAssignmentErrors.ps1

@@ -0,0 +1,91 @@
+function Get-CIPPAlertLicenseAssignmentErrors {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    #>
+    [CmdletBinding()]
+    Param (
+        [Parameter(Mandatory)]
+        $TenantFilter,
+        [Alias('input')]
+        $InputValue
+    )
+
+    # Define error code translations for human-readable messages
+    $ErrorTranslations = @(
+        @{
+            ErrorCode = "CountViolation"
+            Description = "Not enough licenses available - the organization has exceeded the number of available licenses for this SKU"
+        },
+        @{
+            ErrorCode = "MutuallyExclusiveViolation"
+            Description = "Conflicting licenses assigned - this license cannot be assigned alongside another license the user already has"
+        },
+        @{
+            ErrorCode = "ProhibitedInUsageLocationViolation"
+            Description = "License not available in user's location - this license cannot be assigned to users in the user's current usage location"
+        },
+        @{
+            ErrorCode = "UniquenessViolation"
+            Description = "Duplicate license assignment - this license can only be assigned once per user"
+        },
+        @{
+            ErrorCode = "Unknown"
+            Description = "Unknown license assignment error - an unspecified error occurred during license assignment"
+        }
+    )
+
+    try {
+        # Get all users with license assignment states from Graph API
+        $Users = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$select=id,userPrincipalName,displayName,licenseAssignmentStates&`$top=999" -tenantid $TenantFilter
+
+        # Filter users who have license assignment violations
+        $UsersWithViolations = $Users | Where-Object {
+            $_.licenseAssignmentStates -and
+            ($_.licenseAssignmentStates | Where-Object {
+                $_.error -and (
+                    $_.error -like "*CountViolation*" -or
+                    $_.error -like "*MutuallyExclusiveViolation*" -or
+                    $_.error -like "*ProhibitedInUsageLocationViolation*" -or
+                    $_.error -like "*UniquenessViolation*" -or
+                    $_.error -like "*Unknown*"
+                )
+            })
+        }
+
+        # Build alert messages for users with violations
+        $LicenseAssignmentErrors = foreach ($User in $UsersWithViolations) {
+            $ViolationErrors = $User.licenseAssignmentStates | Where-Object {
+                $_.error -and (
+                    $_.error -like "*CountViolation*" -or
+                    $_.error -like "*MutuallyExclusiveViolation*" -or
+                    $_.error -like "*ProhibitedInUsageLocationViolation*" -or
+                    $_.error -like "*UniquenessViolation*" -or
+                    $_.error -like "*Unknown*"
+                )
+            }
+
+            foreach ($Violation in $ViolationErrors) {
+                # Find matching error translation
+                $ErrorTranslation = $ErrorTranslations | Where-Object { $Violation.error -like "*$($_.ErrorCode)*" } | Select-Object -First 1
+                $HumanReadableError = if ($ErrorTranslation) {
+                    $ErrorTranslation.Description
+                } else {
+                    "Unknown license assignment error: $($Violation.error)"
+                }
+
+                $PrettyName = Convert-SKUname -skuID $Violation.skuId
+
+                "$($User.userPrincipalName): $HumanReadableError (License: $PrettyName)"
+            }
+        }
+
+        # If errors are found, write alert
+        if ($LicenseAssignmentErrors) {
+            Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $LicenseAssignmentErrors
+        }
+
+    } catch {
+        Write-LogMessage -message "Failed to check license assignment errors: $($_.exception.message)" -API 'License Assignment Alerts' -tenant $TenantFilter -sev Error
+    }
+}

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1

@@ -15,6 +15,7 @@ function Get-CIPPAlertNewAppApproval {
     try {
         $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests?`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
         if ($Approvals.count -gt 0) {
+            $TenantGUID = (Get-Tenants -TenantFilter $TenantFilter -SkipDomains).customerId
             $AlertData = [System.Collections.Generic.List[PSCustomObject]]::new()
             foreach ($App in $Approvals) {
                 $userConsentRequests = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests/$($App.id)/userConsentRequests" -tenantid $TenantFilter
@@ -29,13 +30,17 @@ function Get-CIPPAlertNewAppApproval {
                     }
 
                     $Message = [PSCustomObject]@{
+                        RequestId   = $_.id
                         AppName     = $App.appDisplayName
                         RequestUser = $_.createdBy.user.userPrincipalName
                         Reason      = $_.reason
+                        RequestDate = $_.createdDateTime
+                        Status      = $_.status # Will allways be InProgress as we filter to only get these but this will reduce confusion when an alert is generated
                         AppId       = $App.appId
                         Scopes      = ($App.pendingScopes.displayName -join ', ')
                         ConsentURL  = $consentUrl
                         Tenant      = $TenantFilter
+                        TenantId    = $TenantGUID
                     }
                     $AlertData.Add($Message)
                 }

Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1

@@ -28,6 +28,6 @@ function Get-CippAuditLogSearchResults {
             $GraphRequest.CountOnly = $true
         }
 
-        New-GraphGetRequest @GraphRequest -ErrorAction Stop
+        New-GraphGetRequest @GraphRequest -ErrorAction Stop | Sort-Object -Property createdDateTime -Descending
     }
 }

Modules/CIPPCore/Public/AuditLogs/New-CippAuditLogSearch.ps1

@@ -125,7 +125,7 @@ function New-CippAuditLogSearch {
     )
 
     $SearchParams = @{
-        displayName         = 'CIPP Audit Search - ' + (Get-Date).ToString('yyyy-MM-dd HH:mm:ss')
+        displayName         = $DisplayName
         filterStartDateTime = $StartTime.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
         filterEndDateTime   = $EndTime.AddHours(1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
     }