@@ -577,8 +577,36 @@ $(if ($Mailbox) { "<p><strong>Mailbox Size:</strong> $($Mailbox.TotalItemSize)</
577577 default { $CAP.state }
578578 }
579579
580- # Build HTML WITHOUT timestamp first (for hash calculation)
581- $DetailsHtmlCore = @"
580+ # Build content for hash - ONLY actual policy settings (exclude dates/timestamps)
581+ $ContentForHash = @"
582+ State: $StateIcon
583+ Client App Types: $ ( $CAP.clientAppTypes )
584+ Platforms (Include): $ ( $CAP.includePlatforms )
585+ Platforms (Exclude): $ ( $CAP.excludePlatforms )
586+ Locations (Include): $ ( $CAP.includeLocations )
587+ Locations (Exclude): $ ( $CAP.excludeLocations )
588+ Applications (Include): $ ( $CAP.includeApplications )
589+ Applications (Exclude): $ ( $CAP.excludeApplications )
590+ User Actions: $ ( Format-CAPValue $CAP.includeUserActions )
591+ Auth Context: $ ( Format-CAPValue $CAP.includeAuthenticationContextClassReferences )
592+ Users (Include): $ ( Format-CAPValue $CAP.includeUsers )
593+ Users (Exclude): $ ( Format-CAPValue $CAP.excludeUsers )
594+ Groups (Include): $ ( Format-CAPValue $CAP.includeGroups )
595+ Groups (Exclude): $ ( Format-CAPValue $CAP.excludeGroups )
596+ Roles (Include): $ ( Format-CAPValue $CAP.includeRoles )
597+ Roles (Exclude): $ ( Format-CAPValue $CAP.excludeRoles )
598+ Operator: $ ( $CAP.grantControlsOperator )
599+ Built-in Controls: $ ( $CAP.builtInControls )
600+ Custom Auth Factors: $ ( $CAP.customAuthenticationFactors )
601+ Terms of Use: $ ( $CAP.termsOfUse )
602+ "@
603+
604+ # Hash-based change detection - hash ONLY policy content (not dates or display timestamps)
605+ $ContentToHash = " $ ( $CAP.displayName ) |$ ( $CAP.state ) |$ContentForHash "
606+ $NewHash = Get-StringHash - String $ContentToHash
607+
608+ # Build full HTML with dates for display (dates NOT in hash)
609+ $DetailsHtml = @"
582610<h4>State: $StateIcon </h4>
583611<p><strong>Created:</strong> $ ( $CAP.createdDateTime ) <br/>
584612<strong>Modified:</strong> $ ( $CAP.modifiedDateTime ) </p>
@@ -613,14 +641,9 @@ $(if ($Mailbox) { "<p><strong>Mailbox Size:</strong> $($Mailbox.TotalItemSize)</
613641<tr><td><strong>Custom Auth Factors</strong></td><td>$ ( $CAP.customAuthenticationFactors ) </td></tr>
614642<tr><td><strong>Terms of Use</strong></td><td>$ ( $CAP.termsOfUse ) </td></tr>
615643</table>
616- "@
617644
618- # Hash-based change detection - hash content WITHOUT timestamp
619- $ContentToHash = " $ ( $CAP.displayName ) |$ ( $CAP.state ) |$DetailsHtmlCore "
620- $NewHash = Get-StringHash - String $ContentToHash
621-
622- # Add timestamp AFTER hashing (for display only)
623- $DetailsHtml = $DetailsHtmlCore + " `n <p><em>Last updated: $ ( Get-Date - Format ' yyyy-MM-dd HH:mm' ) UTC</em></p>"
645+ <p><em>Last updated: $ ( Get-Date - Format ' yyyy-MM-dd HH:mm' ) UTC</em></p>
646+ "@
624647
625648 $CAPTraits = @ {
626649 ' policy-name' = $CAP.displayName
@@ -639,6 +662,13 @@ $(if ($Mailbox) { "<p><strong>Mailbox Size:</strong> $($Mailbox.TotalItemSize)</
639662 if ($CachedAsset -and $CachedAsset.Hash -eq $NewHash ) {
640663 $NeedsUpdate = $false
641664 $SkippedCount ++
665+ } else {
666+ # Debug: Log why hash changed
667+ if ($CachedAsset ) {
668+ Write-LogMessage - API ' ITGlueSync' - tenant $TenantFilter - message " CAP hash mismatch for $ ( $CAP.displayName ) : Cached=$ ( $CachedAsset.Hash.Substring (0 , 8 )) ... New=$ ( $NewHash.Substring (0 , 8 )) ..." - sev Debug
669+ } else {
670+ Write-LogMessage - API ' ITGlueSync' - tenant $TenantFilter - message " CAP no cache found for $ ( $CAP.displayName ) (AssetID: $ ( $ExistingAsset.id ) )" - sev Debug
671+ }
642672 }
643673 }
644674
0 commit comments