@@ -33,25 +33,6 @@ function Invoke-CIPPStandardSecureScoreRemediation {
3333
3434 param ($Tenant , $Settings )
3535
36- # Validate that Controls array exists and is not empty
37- if (-not $Settings.Controls -or $Settings.Controls.Count -eq 0 ) {
38- Write-LogMessage - API ' Standards' - tenant $tenant - message ' No controls specified for Secure Score remediation. Skipping.' - sev Info
39- return
40- }
41-
42- # Process controls from settings
43- # Settings.Controls should be an array of objects with ControlName, State, Reason, and optionally VendorInformation
44- $Controls = $Settings.Controls
45- if ($Controls -is [string ]) {
46- try {
47- $Controls = $Controls | ConvertFrom-Json
48- } catch {
49- $ErrorMessage = Get-NormalizedError - Message $_.Exception.Message
50- Write-LogMessage - API ' Standards' - tenant $tenant - message " Failed to parse Controls JSON: $ErrorMessage " - sev Error
51- return
52- }
53- }
54-
5536 # Get current secure score controls
5637 try {
5738 $CurrentControls = New-GraphGetRequest - uri ' https://graph.microsoft.com/beta/security/secureScoreControlProfiles' - tenantid $Tenant
@@ -64,19 +45,13 @@ function Invoke-CIPPStandardSecureScoreRemediation {
6445 if ($Settings.remediate -eq $true ) {
6546 Write-Host ' Processing Secure Score control updates'
6647
67- foreach ($Control in $Controls ) {
48+ foreach ($Control in $Settings . Controls ) {
6849 # Skip if this is a Defender control (starts with scid_)
6950 if ($Control.ControlName -match ' ^scid_'
7051 Write-LogMessage - API ' Standards' - tenant $tenant - message " Skipping Defender control $ ( $Control.ControlName ) - cannot be updated via this API" - sev Info
7152 continue
7253 }
7354
74- # Validate required fields
75- if (-not $Control.ControlName -or -not $Control.State ) {
76- Write-LogMessage - API ' Standards' - tenant $tenant - message " Skipping control update - ControlName and State are required" - sev Warning
77- continue
78- }
79-
8055 # Build the request body
8156 $Body = @ {
8257 state = $Control.State
@@ -92,11 +67,6 @@ function Invoke-CIPPStandardSecureScoreRemediation {
9267
9368 try {
9469 $CurrentControl = $CurrentControls | Where-Object { $_.id -eq $Control.ControlName }
95-
96- if (-not $CurrentControl ) {
97- Write-LogMessage - API ' Standards' - tenant $tenant - message " Control $ ( $Control.ControlName ) not found in tenant" - sev Warning
98- continue
99- }
10070
10171 # Check if already in desired state
10272 if ($CurrentControl.state -eq $Control.State ) {
@@ -114,9 +84,9 @@ function Invoke-CIPPStandardSecureScoreRemediation {
11484 }
11585
11686 if ($Settings.alert -eq $true ) {
117- $AlertMessages = @ ()
87+ $AlertMessages = [ System.Collections.Generic.List [ string ]]::new ()
11888
119- foreach ($Control in $Controls ) {
89+ foreach ($Control in $Settings . Controls ) {
12090 if ($Control.ControlName -match ' ^scid_'
12191 continue
12292 }
@@ -128,49 +98,49 @@ function Invoke-CIPPStandardSecureScoreRemediation {
12898 Write-LogMessage - API ' Standards' - tenant $tenant - message " Control $ ( $Control.ControlName ) is in expected state: $ ( $Control.State ) " - sev Info
12999 } else {
130100 $AlertMessage = " Control $ ( $Control.ControlName ) is in state $ ( $CurrentControl.state ) , expected $ ( $Control.State ) "
131- $AlertMessages += $AlertMessage
101+ $AlertMessages.Add ( $AlertMessage )
132102 Write-LogMessage - API ' Standards' - tenant $tenant - message $AlertMessage - sev Alert
133103 }
134104 } else {
135105 $AlertMessage = " Control $ ( $Control.ControlName ) not found in tenant"
136- $AlertMessages += $AlertMessage
106+ $AlertMessages.Add ( $AlertMessage )
137107 Write-LogMessage - API ' Standards' - tenant $tenant - message $AlertMessage - sev Warning
138108 }
139109 }
140110
141111 if ($AlertMessages.Count -gt 0 ) {
142- Write-StandardsAlert - message " Secure Score controls not in expected state" - object @ {Issues = $AlertMessages } - tenant $Tenant - standardName ' SecureScoreRemediation' - standardId $Settings.standardId
112+ Write-StandardsAlert - message " Secure Score controls not in expected state" - object @ {Issues = $AlertMessages.ToArray () } - tenant $Tenant - standardName ' SecureScoreRemediation' - standardId $Settings.standardId
143113 }
144114 }
145115
146116 if ($Settings.report -eq $true ) {
147- $ReportData = @ ()
117+ $ReportData = [ System.Collections.Generic.List [ object ]]::new ()
148118
149- foreach ($Control in $Controls ) {
119+ foreach ($Control in $Settings . Controls ) {
150120 if ($Control.ControlName -match ' ^scid_'
151121 continue
152122 }
153123
154124 $CurrentControl = $CurrentControls | Where-Object { $_.id -eq $Control.ControlName }
155125
156126 if ($CurrentControl ) {
157- $ReportData += @ {
127+ $ReportData.Add ( @ {
158128 ControlName = $Control.ControlName
159129 CurrentState = $CurrentControl.state
160130 DesiredState = $Control.State
161131 InCompliance = ($CurrentControl.state -eq $Control.State )
162- }
132+ })
163133 } else {
164- $ReportData += @ {
134+ $ReportData.Add ( @ {
165135 ControlName = $Control.ControlName
166136 CurrentState = ' Not Found'
167137 DesiredState = $Control.State
168138 InCompliance = $false
169- }
139+ })
170140 }
171141 }
172142
173- Set-CIPPStandardsCompareField - FieldName ' standards.SecureScoreRemediation' - FieldValue $ReportData - Tenant $tenant
174- Add-CIPPBPAField - FieldName ' SecureScoreRemediation' - FieldValue $ReportData - StoreAs json - Tenant $tenant
143+ Set-CIPPStandardsCompareField - FieldName ' standards.SecureScoreRemediation' - FieldValue $ReportData.ToArray () - Tenant $tenant
144+ Add-CIPPBPAField - FieldName ' SecureScoreRemediation' - FieldValue $ReportData.ToArray () - StoreAs json - Tenant $tenant
175145 }
176146}
0 commit comments