From b962e176c71a7fb07d6697a675ad4bdc2c47d9e6 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Mon, 24 Feb 2025 18:06:11 +0100 Subject: [PATCH] fixes assignment policy += usage. --- .../Public/Set-CIPPAssignedPolicy.ps1 | 85 ++++++++++--------- 1 file changed, 47 insertions(+), 38 deletions(-) diff --git a/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 b/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 index 9b1714c3a6fe..5386bd8dff9a 100644 --- a/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1 @@ -10,96 +10,105 @@ function Set-CIPPAssignedPolicy { $APIName = 'Assign Policy', $Headers ) - if (!$PlatformType) { $PlatformType = 'deviceManagement' } - try { - $assignmentsObject = @() + if (!$PlatformType) { + $PlatformType = 'deviceManagement' + } - $assignmentsObject += switch ($GroupName) { + try { + $assignmentsList = New-Object System.Collections.Generic.List[System.Object] + switch ($GroupName) { 'allLicensedUsers' { - @{ - target = @{ - '@odata.type' = '#microsoft.graph.allLicensedUsersAssignmentTarget' + $assignmentsList.Add( + @{ + target = @{ + '@odata.type' = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } } - } - break + ) } 'AllDevices' { - @{ - target = @{ - '@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget' + $assignmentsList.Add( + @{ + target = @{ + '@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget' + } } - } - break + ) } 'AllDevicesAndUsers' { - @( + $assignmentsList.Add( @{ target = @{ '@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget' } - }, + } + ) + $assignmentsList.Add( @{ target = @{ '@odata.type' = '#microsoft.graph.allLicensedUsersAssignmentTarget' } } ) - break } default { Write-Host "We're supposed to assign a custom group. The group is $GroupName" $GroupNames = $GroupName.Split(',') - $GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | ForEach-Object { - $Group = $_ + $GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | + ForEach-Object { foreach ($SingleName in $GroupNames) { if ($_.displayName -like $SingleName) { $_.id } } } - $GroupIds | ForEach-Object { - @{ - target = @{ - '@odata.type' = '#microsoft.graph.groupAssignmentTarget' - groupId = $_ + foreach ($gid in $GroupIds) { + $assignmentsList.Add( + @{ + target = @{ + '@odata.type' = '#microsoft.graph.groupAssignmentTarget' + groupId = $gid + } } - } + ) } } } - - # Handle excludeGroup if ($excludeGroup) { $ExcludeGroupNames = $excludeGroup.Split(',') - $ExcludeGroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | ForEach-Object { - $Group = $_ + $ExcludeGroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | + ForEach-Object { foreach ($SingleName in $ExcludeGroupNames) { if ($_.displayName -like $SingleName) { $_.id } } } - $ExcludeGroupIds | ForEach-Object { - $assignmentsObject += @{ - target = @{ - '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' - groupId = $_ + + foreach ($egid in $ExcludeGroupIds) { + $assignmentsList.Add( + @{ + target = @{ + '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = $egid + } } - } + ) } } $assignmentsObject = [PSCustomObject]@{ - assignments = $assignmentsObject + assignments = $assignmentsList } - $AssignJSON = ($assignmentsObject | ConvertTo-Json -Depth 10 -Compress) + $AssignJSON = $assignmentsObject | ConvertTo-Json -Depth 10 -Compress Write-Host "AssignJSON: $AssignJSON" if ($PSCmdlet.ShouldProcess($GroupName, "Assigning policy $PolicyId")) { Write-Host "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" - $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" -tenantid $tenantFilter -type POST -body $AssignJSON + $null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" -tenantid $TenantFilter -type POST -body $AssignJSON Write-LogMessage -headers $Headers -API $APIName -message "Assigned $GroupName and excluded $excludeGroup to Policy $PolicyId" -Sev 'Info' -tenant $TenantFilter } + } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message Write-LogMessage -headers $Headers -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId, using Platform $PlatformType and $Type. The error is:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage