audit log tenant searches improvements

Author: KelvinTegelaar

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenantDownload.ps1

@@ -51,7 +51,7 @@ function Push-AuditLogTenantDownload {
                     $SearchEntity.CippStatus = 'Processing'
                     Add-CIPPAzDataTableEntity @LogSearchesTable -Entity $SearchEntity -Force
                     try {
-                        Write-Information "Audit Log search: Processing search ID: $($Search.id) for tenant: $TenantFilter" 
+                        Write-Information "Audit Log search: Processing search ID: $($Search.id) for tenant: $TenantFilter"
                         $Downloads = New-CIPPAuditLogSearchResultsCache -TenantFilter $TenantFilter -searchId $Search.id
                         $SearchEntity.CippStatus = 'Downloaded'
                     } catch {

Modules/CIPPCore/Public/Entrypoints/Orchestrator Functions/Start-AuditLogSearchCreation.ps1

@@ -17,8 +17,9 @@ function Start-AuditLogSearchCreation {
 
         Write-Information 'Audit Logs: Creating new searches'
         foreach ($Tenant in $TenantList) {
+            $TenantsList = Expand-CIPPTenantGroups -TenantFilter ($ConfigEntries.Tenants | ConvertFrom-Json)
             $Configuration = $ConfigEntries | Where-Object { ($_.Tenants -match $TenantFilter -or $_.Tenants -match 'AllTenants') }
-            if ($Configuration) {
+            if ($Configuration -and $Tenant -in $TenantsList) {
                 $ServiceFilters = $Configuration | Select-Object -Property type | Sort-Object -Property type -Unique | ForEach-Object { $_.type.split('.')[1] }
                 try {
                     $LogSearch = @{

Modules/CIPPCore/Public/Functions/Expand-CIPPTenantGroups.ps1

@@ -0,0 +1,35 @@
+function Expand-CIPPTenantGroups {
+    <#
+        .SYNOPSIS
+            Expands a list of groups to their members.
+        .DESCRIPTION
+            This function takes a a tenant filter object and expands it to include all members of the groups.
+        .EXAMPLE
+
+    #>
+    [CmdletBinding(SupportsShouldProcess = $true)]
+    param (
+        [Parameter(Mandatory = $true)]
+        $TenantFilter
+    )
+    $TenantList = Get-Tenants -IncludeErrors
+    $ExpandedGroups = $TenantFilter | ForEach-Object {
+        $FilterValue = $_
+        # Group lookup
+        if ($_.type -eq 'Group') {
+            $members = (Get-TenantGroups -GroupId $_.value).members
+            $TenantList | Where-Object -Property customerId -In $members.customerId | ForEach-Object {
+                $GroupMember = $_
+                [PSCustomObject]@{
+                    value       = $GroupMember.defaultDomainName
+                    label       = $GroupMember.displayName
+                    addedFields = $GroupMember | Select-Object defaultDomainName, displayName, customerId
+                    type        = 'Tenant'
+                }
+            }
+        } else {
+            $FilterValue
+        }
+    }
+    return $ExpandedGroups | Sort-Object -Property value -Unique
+}