From 6fb623ada81eba98d9efaaee8affe4a4cd801dff Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 10:38:13 -0400 Subject: [PATCH 01/10] fix bulk request --- .../CIPP/Core/Invoke-ListGraphBulkRequest.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphBulkRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphBulkRequest.ps1 index 757b0de55348..deef9107d572 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphBulkRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphBulkRequest.ps1 @@ -13,8 +13,8 @@ function Invoke-ListGraphBulkRequest { $NoPaginateIds = $Request.Body.noPaginateIds $GraphRequestParams = @{ - tenantid = $TenantFilter - Requests = @() + tenantid = $TenantFilter + Requests = @() NoPaginateIds = $NoPaginateIds ?? @() } @@ -53,5 +53,5 @@ function Invoke-ListGraphBulkRequest { } } - return $Results + return [HttpResponseContext]$Results } From 1be48acc1c6ad7c62a19c6b85a4ca59667d83736 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Oct 2025 14:46:45 +0000 Subject: [PATCH 02/10] Initial plan From c9e9ad0a946caf3e3b6ca3d4221e44133d3fe4f0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Oct 2025 14:53:02 +0000 Subject: [PATCH 03/10] Add error handling to return HTTP error when bulk API calls fail Co-authored-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com> --- .../Users/Invoke-ListUserCounts.ps1 | 35 ++++++++++++++----- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 index f0d443176476..3d07bcb66df9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 @@ -56,12 +56,26 @@ Function Invoke-ListUserCounts { # Execute bulk request $BulkResults = New-GraphBulkRequest -Requests @($BulkRequests) -tenantid $TenantFilter @('Users', 'LicUsers', 'GAs', 'Guests') + # Check if any requests failed + $FailedRequests = $BulkResults | Where-Object { $_.status -ne 200 } + + if ($FailedRequests) { + # If any requests failed, return an error response + $FailedIds = ($FailedRequests | ForEach-Object { $_.id }) -join ', ' + $ErrorMessage = "Failed to retrieve counts for: $FailedIds" + + return ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::InternalServerError + Body = @{ + Error = $ErrorMessage + Details = $FailedRequests + } + }) + } + + # All requests succeeded, extract the counts $BulkResults | ForEach-Object { - $Count = if ($_.status -eq 200) { - $_.body.'@odata.count' - } else { - 'Not available' - } + $Count = $_.body.'@odata.count' switch ($_.id) { 'Users' { $Users = $Count } @@ -72,10 +86,13 @@ Function Invoke-ListUserCounts { } } catch { - $Users = 'Not available' - $LicUsers = 'Not available' - $GAs = 'Not available' - $Guests = 'Not available' + # Return error status on exception + return ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::InternalServerError + Body = @{ + Error = "Failed to retrieve user counts: $($_.Exception.Message)" + } + }) } } From 47fbc71ec75c606a6fe4c1e87d73cab444b1c83a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 11:00:47 -0400 Subject: [PATCH 04/10] Update Invoke-ListExConnectorTemplates.ps1 --- .../Transport/Invoke-ListExConnectorTemplates.ps1 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Transport/Invoke-ListExConnectorTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Transport/Invoke-ListExConnectorTemplates.ps1 index 4285a67ad1d1..daadbbc868e4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Transport/Invoke-ListExConnectorTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Transport/Invoke-ListExConnectorTemplates.ps1 @@ -17,10 +17,10 @@ function Invoke-ListExConnectorTemplates { $Filter += " and RowKey eq '$($Request.Query.ID)'" } - $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) + $TemplateRows = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) - if ($Templates) { - $Templates | ForEach-Object { + if ($TemplateRows) { + $Templates = $TemplateRows | ForEach-Object { $GUID = $_.RowKey $Direction = $_.direction $data = $_.JSON | ConvertFrom-Json @@ -28,6 +28,8 @@ function Invoke-ListExConnectorTemplates { $data | Add-Member -NotePropertyName 'cippconnectortype' -NotePropertyValue $Direction -Force $data } | Sort-Object -Property displayName + } else { + $Templates = @() } if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property RowKey -EQ $Request.query.id } From e72a718489f136ffa3a11531d2c8e7e1eba811db Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 11:16:46 -0400 Subject: [PATCH 05/10] fix mail enabled status in new group --- Modules/CIPPCore/Public/New-CIPPGroup.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/New-CIPPGroup.ps1 b/Modules/CIPPCore/Public/New-CIPPGroup.ps1 index 066f4db19af0..478082ff471e 100644 --- a/Modules/CIPPCore/Public/New-CIPPGroup.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPGroup.ps1 @@ -85,7 +85,7 @@ function New-CIPPGroup { 'displayName' = $GroupObject.displayName 'description' = $GroupObject.description 'mailNickname' = $GroupObject.username - 'mailEnabled' = $false + 'mailEnabled' = ($NormalizedGroupType -in @('Security', 'M365')) 'securityEnabled' = $true 'isAssignableToRole' = ($NormalizedGroupType -eq 'AzureRole') } From 65ce13fb73b77dcd3c57acc410bd149365dca920 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 11:23:47 -0400 Subject: [PATCH 06/10] remove schema property update --- Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 | 9 --------- 1 file changed, 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 b/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 index 7d5642fe37bc..e06a75b7b070 100644 --- a/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPPerUserMFA.ps1 @@ -53,15 +53,6 @@ function Set-CIPPPerUserMFA { $Requests = New-GraphBulkRequest -tenantid $TenantFilter -scope 'https://graph.microsoft.com/.default' -Requests @($Requests) -asapp $true "Successfully set Per user MFA State for $userId" - $Users = foreach ($id in $userId) { - @{ - userId = $id - Properties = @{ - perUserMfaState = $State - } - } - } - Set-CIPPUserSchemaProperties -TenantFilter $TenantFilter -Users $Users Write-LogMessage -headers $Headers -API $APIName -message "Successfully set Per user MFA State to $State for $id" -Sev Info -tenant $TenantFilter } catch { $ErrorMessage = Get-CippException -Exception $_ From f65dc6dcb10c0c3ec5afcbf579ffe0c81df604b9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 13:50:43 -0400 Subject: [PATCH 07/10] autopilot tweaks --- .../Autopilot/Invoke-AddAutopilotConfig.ps1 | 6 ++++- .../Set-CIPPDefaultAPDeploymentProfile.ps1 | 25 ++++++++++--------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 index 81d0d03d999f..ce2435d59f9f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 @@ -12,6 +12,10 @@ function Invoke-AddAutopilotConfig { $Profbod = [pscustomobject]$Request.Body $UserType = if ($Profbod.NotLocalAdmin -eq 'true') { 'standard' } else { 'administrator' } $DeploymentMode = if ($Profbod.DeploymentMode -eq 'true') { 'shared' } else { 'singleUser' } + + # If deployment mode is shared, disable white glove (pre-provisioning) as it's not supported + $AllowWhiteGlove = if ($DeploymentMode -eq 'shared') { $false } else { $Profbod.allowWhiteGlove } + $profileParams = @{ DisplayName = $Request.Body.DisplayName Description = $Request.Body.Description @@ -19,7 +23,7 @@ function Invoke-AddAutopilotConfig { DeploymentMode = $DeploymentMode AssignTo = $Request.Body.Assignto DeviceNameTemplate = $Profbod.DeviceNameTemplate - AllowWhiteGlove = $Profbod.allowWhiteGlove + AllowWhiteGlove = $AllowWhiteGlove CollectHash = $Profbod.CollectHash HideChangeAccount = $Profbod.HideChangeAccount HidePrivacy = $Profbod.HidePrivacy diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 index 05f1aefffabd..bd69b0e969ed 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 @@ -23,17 +23,16 @@ function Set-CIPPDefaultAPDeploymentProfile { try { $ObjBody = [pscustomobject]@{ - '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' - 'displayName' = "$($DisplayName)" - 'description' = "$($Description)" - 'deviceNameTemplate' = "$($DeviceNameTemplate)" - 'language' = "$($Language)" - 'enableWhiteGlove' = $([bool]($AllowWhiteGlove)) - 'deviceType' = 'windowsPc' - 'extractHardwareHash' = $([bool]($CollectHash)) - 'roleScopeTagIds' = @() - 'hybridAzureADJoinSkipConnectivityCheck' = $false - 'outOfBoxExperienceSetting' = @{ + '@odata.type' = '#microsoft.graph.azureADWindowsAutopilotDeploymentProfile' + 'displayName' = "$($DisplayName)" + 'description' = "$($Description)" + 'deviceNameTemplate' = "$($DeviceNameTemplate)" + 'locale' = "$($Language ?? 'os-default')" + 'preprovisioningAllowed' = $([bool]($AllowWhiteGlove)) + 'deviceType' = 'windowsPc' + 'hardwareHashExtractionEnabled' = $([bool]($CollectHash)) + 'roleScopeTagIds' = @() + 'outOfBoxExperienceSetting' = @{ 'deviceUsageType' = "$DeploymentMode" 'escapeLinkHidden' = $([bool]($HideChangeAccount)) 'privacySettingsHidden' = $([bool]($HidePrivacy)) @@ -42,7 +41,9 @@ function Set-CIPPDefaultAPDeploymentProfile { 'keyboardSelectionPageSkipped' = $([bool]($AutoKeyboard)) } } - $Body = ConvertTo-Json -InputObject $ObjBody + $Body = ConvertTo-Json -InputObject $ObjBody -Depth 10 + + Write-Information $Body $Profiles = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles' -tenantid $TenantFilter | Where-Object -Property displayName -EQ $DisplayName if ($Profiles.count -gt 1) { From 8507d0aabf0473875601beaeff7785095165509c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 13:50:58 -0400 Subject: [PATCH 08/10] fix ps version prop --- profile.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profile.ps1 b/profile.ps1 index fbbcb0ed9df0..0554659212ce 100644 --- a/profile.ps1 +++ b/profile.ps1 @@ -43,7 +43,7 @@ if (!$LastStartup -or $CurrentVersion -ne $LastStartup.Version) { Write-Information "Version has changed from $($LastStartup.Version ?? 'None') to $CurrentVersion" if ($LastStartup) { $LastStartup.Version = $CurrentVersion - $LastStartup | Add-Member -MemberType NoteProperty -Name 'PSVersion' -Value $PSVersionTable.PSVersion.ToString() + $LastStartup | Add-Member -MemberType NoteProperty -Name 'PSVersion' -Value $PSVersionTable.PSVersion.ToString() -Force } else { $LastStartup = [PSCustomObject]@{ PartitionKey = 'Version' From a1321a960c9c0c0b0257a903edee91894e4fcbb9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 13:51:04 -0400 Subject: [PATCH 09/10] up version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 6d2890793d47..f9c71a52e2fd 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -8.5.0 +8.5.1 From 3b917c6d83471dfe632237535b4068c355de93ef Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 8 Oct 2025 14:01:10 -0400 Subject: [PATCH 10/10] update standard props --- .../Set-CIPPDefaultAPDeploymentProfile.ps1 | 4 ++-- .../Invoke-CIPPStandardAutopilotProfile.ps1 | 21 +++++++++++-------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 index bd69b0e969ed..818c2f97dfea 100644 --- a/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPDefaultAPDeploymentProfile.ps1 @@ -9,7 +9,7 @@ function Set-CIPPDefaultAPDeploymentProfile { $CollectHash, $UserType, $DeploymentMode, - $HideChangeAccount, + $HideChangeAccount = $true, $AssignTo, $HidePrivacy, $HideTerms, @@ -34,7 +34,7 @@ function Set-CIPPDefaultAPDeploymentProfile { 'roleScopeTagIds' = @() 'outOfBoxExperienceSetting' = @{ 'deviceUsageType' = "$DeploymentMode" - 'escapeLinkHidden' = $([bool]($HideChangeAccount)) + 'escapeLinkHidden' = $([bool]($true)) 'privacySettingsHidden' = $([bool]($HidePrivacy)) 'eulaHidden' = $([bool]($HideTerms)) 'userType' = "$UserType" diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1 index 15b4d5a1e06d..c64d3eb1b2f3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutopilotProfile.ps1 @@ -53,21 +53,24 @@ function Invoke-CIPPStandardAutopilotProfile { $DisplayName = Get-CIPPTextReplacement -Text $Settings.DisplayName -TenantFilter $Tenant $CurrentConfig = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles' -tenantid $Tenant | - Where-Object { $_.displayName -eq $DisplayName } | - Select-Object -Property displayName, description, deviceNameTemplate, language, enableWhiteGlove, extractHardwareHash, outOfBoxExperienceSetting, preprovisioningAllowed + Where-Object { $_.displayName -eq $DisplayName } | + Select-Object -Property displayName, description, deviceNameTemplate, locale, preprovisioningAllowed, hardwareHashExtractionEnabled, outOfBoxExperienceSetting if ($Settings.NotLocalAdmin -eq $true) { $userType = 'Standard' } else { $userType = 'Administrator' } - if ($Settings.SelfDeployingMode -eq $true) { $DeploymentMode = 'shared' } else { $DeploymentMode = 'singleUser' } - if ($Settings.AllowWhiteGlove -eq $true) { $Settings.HideChangeAccount = $true } + if ($Settings.SelfDeployingMode -eq $true) { + $DeploymentMode = 'shared' + $Setings.AllowWhiteGlove = $false + } else { + $DeploymentMode = 'singleUser' + } $StateIsCorrect = ($CurrentConfig.displayName -eq $DisplayName) -and ($CurrentConfig.description -eq $Settings.Description) -and ($CurrentConfig.deviceNameTemplate -eq $Settings.DeviceNameTemplate) -and - ([string]::IsNullOrWhiteSpace($CurrentConfig.language) -and [string]::IsNullOrWhiteSpace($Settings.Languages.value) -or $CurrentConfig.language -eq $Settings.Languages.value) -and - ($CurrentConfig.enableWhiteGlove -eq $Settings.AllowWhiteGlove) -and - ($CurrentConfig.extractHardwareHash -eq $Settings.CollectHash) -and + ([string]::IsNullOrWhiteSpace($CurrentConfig.locale) -and [string]::IsNullOrWhiteSpace($Settings.Languages.value) -or $CurrentConfig.locale -eq $Settings.Languages.value) -and + ($CurrentConfig.preprovisioningAllowed -eq $Settings.AllowWhiteGlove) -and + ($CurrentConfig.hardwareHashExtractionEnabled -eq $Settings.CollectHash) -and ($CurrentConfig.outOfBoxExperienceSetting.deviceUsageType -eq $DeploymentMode) -and - ($CurrentConfig.outOfBoxExperienceSetting.escapeLinkHidden -eq $Settings.HideChangeAccount) -and ($CurrentConfig.outOfBoxExperienceSetting.privacySettingsHidden -eq $Settings.HidePrivacy) -and ($CurrentConfig.outOfBoxExperienceSetting.eulaHidden -eq $Settings.HideTerms) -and ($CurrentConfig.outOfBoxExperienceSetting.userType -eq $userType) -and @@ -94,7 +97,7 @@ function Invoke-CIPPStandardAutopilotProfile { devicenameTemplate = $Settings.DeviceNameTemplate allowWhiteGlove = $Settings.AllowWhiteGlove CollectHash = $Settings.CollectHash - hideChangeAccount = $Settings.HideChangeAccount + hideChangeAccount = $true hidePrivacy = $Settings.HidePrivacy hideTerms = $Settings.HideTerms AutoKeyboard = $Settings.AutoKeyboard