add autoClaim blocking.

Author: KelvinTegelaar

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSelfServiceLicenses.ps1

@@ -38,8 +38,7 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses {
     } catch {
         if ($_.Exception.Message -like '*403*') {
             $Message = "Failed to retrieve self service products: Insufficient permissions. Please ensure the tenant GDAP relationship includes the 'Billing Administrator' role: $($_.Exception.Message)"
-        }
-        else {
+        } else {
             $Message = "Failed to retrieve self service products: $($_.Exception.Message)"
         }
         Write-LogMessage -API 'Standards' -tenant $tenant -message $Message -sev Error
@@ -55,20 +54,20 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses {
     $CurrentValues = [System.Collections.Generic.List[PSCustomObject]]::new()
     foreach ($Item in $selfServiceItems) {
         $CurrentValues.Add([PSCustomObject]@{
-            productName = $Item.productName
-            productId   = $Item.productId
-            policyValue = $Item.policyValue
-        })
+                productName = $Item.productName
+                productId   = $Item.productId
+                policyValue = $Item.policyValue
+            })
     }
 
     if ($Settings.DisableTrials) {
         try {
             $AutoClaimPolicy = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri 'https://admin.microsoft.com/fd/m365licensing/v1/policies/autoclaim'
             $CurrentValues.Add([PSCustomObject]@{
-                productName = 'Trial Autoclaim'
-                productId   = 'autoclaim'
-                policyValue = $AutoClaimPolicy.policyValue
-            })
+                    productName = 'Trial Autoclaim'
+                    productId   = 'autoclaim'
+                    policyValue = $AutoClaimPolicy.policyValue
+                })
         } catch {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to retrieve trial autoclaim policy: $($_.Exception.Message)" -sev Error
         }
@@ -79,26 +78,25 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses {
     foreach ($Item in $selfServiceItems) {
 
         if ($Item.productId -in $exclusions) {
-            $desiredPolicyValue = "Enabled"
+            $desiredPolicyValue = 'Enabled'
             Write-LogMessage -API 'Standards' -tenant $Tenant -message "Exclusion present for self-service license '$($Item.productName) - $($Item.productId)'"
-        }
-        else {
-            $desiredPolicyValue = "Disabled"
+        } else {
+            $desiredPolicyValue = 'Disabled'
         }
 
         $ExpectedValues.Add([PSCustomObject]@{
-            productName = $Item.productName
-            productId   = $Item.productId
-            policyValue = $desiredPolicyValue
-        })
+                productName = $Item.productName
+                productId   = $Item.productId
+                policyValue = $desiredPolicyValue
+            })
     }
 
     if ($Settings.DisableTrials) {
         $ExpectedValues.Add([PSCustomObject]@{
-            productName = 'Trial Autoclaim'
-            productId   = 'autoclaim'
-            policyValue = 'Disabled'
-        })
+                productName = 'Trial Autoclaim'
+                productId   = 'autoclaim'
+                policyValue = 'Disabled'
+            })
     }
 
     if ($settings.remediate) {
@@ -107,16 +105,15 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses {
 
         if (!$Compare) {
             Write-LogMessage -API 'Standards' -tenant $Tenant -message 'self service licenses are already set correctly.' -sev Info
-        }
-        else {
+        } else {
 
-            $NeedsUpdate = $Compare | Where-Object { $_.SideIndicator -eq "<=" }
+            $NeedsUpdate = $Compare | Where-Object { $_.SideIndicator -eq '<=' }
 
             foreach ($Item in $NeedsUpdate) {
                 try {
 
                     $currentItem = $CurrentValues | Where-Object { $_.productId -eq $Item.productId } | Select-Object -First 1
-                    $currentValue = if ($currentItem) { $currentItem.policyValue } else { "<unknown>" }
+                    $currentValue = if ($currentItem) { $currentItem.policyValue } else { '<unknown>' }
 
                     $body = @{ policyValue = $Item.policyValue } | ConvertTo-Json -Compress
 
@@ -137,19 +134,19 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses {
         $refreshedItems = (New-GraphGETRequest -scope 'aeb86249-8ea3-49e2-900b-54cc8e308f85/.default' -uri 'https://licensing.m365.microsoft.com/v1.0/policies/AllowSelfServicePurchase/products' -tenantid $Tenant).items
         foreach ($Item in $refreshedItems) {
             $CurrentValues.Add([PSCustomObject]@{
-                productName = $Item.productName
-                productId   = $Item.productId
-                policyValue = $Item.policyValue
-            })
+                    productName = $Item.productName
+                    productId   = $Item.productId
+                    policyValue = $Item.policyValue
+                })
         }
         if ($Settings.DisableTrials) {
             try {
                 $AutoClaimPolicy = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri 'https://admin.microsoft.com/fd/m365licensing/v1/policies/autoclaim'
                 $CurrentValues.Add([PSCustomObject]@{
-                    productName = 'Trial Autoclaim'
-                    productId   = 'autoclaim'
-                    policyValue = $AutoClaimPolicy.policyValue
-                })
+                        productName = 'Trial Autoclaim'
+                        productId   = 'autoclaim'
+                        policyValue = $AutoClaimPolicy.policyValue
+                    })
             } catch {
                 Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to retrieve trial autoclaim policy after remediation: $($_.Exception.Message)" -sev Error
             }
@@ -161,7 +158,7 @@ function Invoke-CIPPStandardDisableSelfServiceLicenses {
         if (!$selfServiceItemsToAlert) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'All self-service licenses are disabled' -sev Info
         } else {
-            Write-StandardsAlert -message "One or more self-service licenses are enabled" -object $selfServiceItemsToAlert -tenant $tenant -standardName 'DisableSelfServiceLicenses' -standardId $Settings.standardId
+            Write-StandardsAlert -message 'One or more self-service licenses are enabled' -object $selfServiceItemsToAlert -tenant $tenant -standardName 'DisableSelfServiceLicenses' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'One or more self-service licenses are enabled' -sev Info
         }
     }