@@ -443,38 +443,75 @@ function Push-ExecOnboardTenantQueue {
443443
444444 if ($OnboardingSteps.Step4.Status -eq ' succeeded'
445445 if ($Item.StandardsExcludeAllTenants -eq $true ) {
446- $AddExclusionObj = [PSCustomObject ]@ {
447- label = ' {0} ({1})' -f $Tenant.displayName , $Tenant.defaultDomainName
448- value = $Tenant.defaultDomainName
449- addedFields = @ {
450- customerId = $Tenant.customerId
451- defaultDomainName = $Tenant.defaultDomainName
446+ $GroupTable = Get-CIPPTable - tablename ' TenantGroups'
447+ $MembersTable = Get-CIPPTable - tablename ' TenantGroupMembers'
448+ $ExclusionGroupName = ' Excluded onboarded tenants'
449+
450+ # Find existing exclusion group
451+ $ExclusionGroup = Get-CIPPAzDataTableEntity @GroupTable - Filter " PartitionKey eq 'TenantGroup'" | Where-Object { $_.Name -eq $ExclusionGroupName }
452+ if (-not $ExclusionGroup ) {
453+ $ExclusionGroupId = [guid ]::NewGuid().ToString()
454+ $ExclusionGroup = @ {
455+ PartitionKey = ' TenantGroup'
456+ RowKey = $ExclusionGroupId
457+ Name = $ExclusionGroupName
458+ Description = ' Tenants excluded from top-level standards during onboarding'
459+ GroupType = ' static'
452460 }
461+ Add-CIPPAzDataTableEntity @GroupTable - Entity $ExclusionGroup - Force
462+ $Logs.Add ([PSCustomObject ]@ { Date = (Get-Date ).ToUniversalTime(); Log = " Created tenant group '$ExclusionGroupName '"
463+ } else {
464+ $ExclusionGroupId = $ExclusionGroup.RowKey
465+ }
466+
467+ # Add tenant to the exclusion group if not already a member
468+ $MemberRowKey = ' {0}-{1}' -f $ExclusionGroupId , $Tenant.customerId
469+ $ExistingMember = Get-CIPPAzDataTableEntity @MembersTable - Filter " PartitionKey eq 'Member' and RowKey eq '$MemberRowKey '"
470+ if (-not $ExistingMember ) {
471+ Add-CIPPAzDataTableEntity @MembersTable - Entity @ {
472+ PartitionKey = ' Member'
473+ RowKey = $MemberRowKey
474+ GroupId = $ExclusionGroupId
475+ customerId = $Tenant.customerId
476+ } - Force
477+ }
478+
479+ # Ensure the group is in excludedTenants of all AllTenants templates
480+ $GroupExclusionObj = [PSCustomObject ]@ {
481+ label = $ExclusionGroupName
482+ value = $ExclusionGroupId
483+ type = ' Group'
453484 }
454- $Table = Get-CIPPTable - tablename ' templates'
455- $ExistingTemplates = Get-CIPPAzDataTableEntity @Table - Filter " PartitionKey eq 'StandardsTemplateV2'" | Where-Object { $_.JSON -match ' AllTenants'
485+ $TemplatesTable = Get-CIPPTable - tablename ' templates'
486+ $ExistingTemplates = Get-CIPPAzDataTableEntity @TemplatesTable - Filter " PartitionKey eq 'StandardsTemplateV2'" | Where-Object { $_.JSON -match ' AllTenants'
456487 foreach ($AllTenantsTemplate in $ExistingTemplates ) {
457488 $object = $AllTenantsTemplate.JSON | ConvertFrom-Json
458- $NewExcludedTenants = [System.Collections.Generic.List [object ]]::new()
459- if (! $object.excludedTenants ) {
489+ if (-not $object.excludedTenants ) {
460490 $object | Add-Member - MemberType NoteProperty - Name ' excludedTenants' - Value @ () - Force
461491 }
462- foreach ($ExcludedStandardsTenant in $object.excludedTenants ) {
463- $NewExcludedTenants.Add ($ExcludedStandardsTenant )
464- }
465- $NewExcludedTenants.Add ($AddExclusionObj )
466- $object.excludedTenants = $NewExcludedTenants
467- $JSON = ConvertTo-Json - InputObject $object - Compress - Depth 10
468- $Table.Force = $true
469- Add-CIPPAzDataTableEntity @Table - Entity @ {
470- JSON = " $JSON "
471- RowKey = $AllTenantsTemplate.RowKey
472- GUID = $AllTenantsTemplate.GUID
473- PartitionKey = ' StandardsTemplateV2'
492+ $AlreadyHasGroup = $object.excludedTenants | Where-Object { $_.value -eq $ExclusionGroupId -and $_.type -eq ' Group'
493+ if (-not $AlreadyHasGroup ) {
494+ $NewExcludedTenants = [System.Collections.Generic.List [object ]]::new()
495+ foreach ($ExcludedEntry in $object.excludedTenants ) {
496+ $NewExcludedTenants.Add ($ExcludedEntry )
497+ }
498+ $NewExcludedTenants.Add ($GroupExclusionObj )
499+ $object.excludedTenants = $NewExcludedTenants
500+ $JSON = ConvertTo-Json - InputObject $object - Compress - Depth 10
501+ $TemplatesTable.Force = $true
502+ Add-CIPPAzDataTableEntity @TemplatesTable - Entity @ {
503+ JSON = " $JSON "
504+ RowKey = $AllTenantsTemplate.RowKey
505+ GUID = $AllTenantsTemplate.GUID
506+ PartitionKey = ' StandardsTemplateV2'
507+ }
474508 }
475509 }
476510
477- $Logs.Add ([PSCustomObject ]@ { Date = (Get-Date ).ToUniversalTime(); Log = ' Set All Tenant Standards Exclusion'
511+ # Bust the tenant groups cache so standards pick up the new member
512+ $null = Get-TenantGroups - SkipCache
513+
514+ $Logs.Add ([PSCustomObject ]@ { Date = (Get-Date ).ToUniversalTime(); Log = ' Set All Tenant Standards Exclusion via group'
478515 }
479516 $Logs.Add ([PSCustomObject ]@ { Date = (Get-Date ).ToUniversalTime(); Log = " Testing API access for $ ( $Tenant.defaultDomainName ) "
480517 $OnboardingSteps.Step5.Status = ' running'
0 commit comments