[pull] dev from KelvinTegelaar:dev#2
Open
pull[bot] wants to merge 919 commits into
Open
Conversation
Replaces the old /tenant/standards/list-standards docs URL with /tenant/standards/alignment/templates/available-standards across all standard .LINK comment blocks, the Update-StandardsComments generator, and the standards instructions file. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
RetentionPolicyTag:
Guard the [timespan] cast against a null AgeLimitForRetention.
When the CIPP retention tag does not exist on a tenant yet,
$CurrentState.AgeLimitForRetention is null and the unconditional
cast threw "Cannot convert null to type System.TimeSpan", which
prevented remediation from ever creating the tag on a fresh tenant.
SafeAttachmentPolicy and SafeLinksPolicy:
Replace the hand-rolled $TenantCapabilities.ATP_ENTERPRISE check
with a second Test-CIPPStandardLicense call covering ATP_ENTERPRISE,
ATP_ENTERPRISE_GOV, and THREAT_INTELLIGENCE. Matches the canonical
license-missing pattern used by every other unlicensed standard:
- logs Info ("Tenant does not have the required capability...")
instead of Error ("Failed to create ... policy"),
- sets LicenseAvailable=false on the compare-field row so the
drift page renders "Not Licensed" instead of "Failing",
- covers GCC tenants (ATP_ENTERPRISE_GOV) which the previous
hand-rolled check missed.
AtpPolicyForO365:
Add an MDO license gate. Previously the standard only required
SharePoint capabilities, so it ran on tenants without MDO and
unconditionally called Set-AtpPolicyForO365. On tenants that
formerly held MDO (e.g. post-Business Premium downgrade), the
EXO backend can return "The archive entry was compressed using
an unsupported compression method" when reading orphaned ATP
policy records. The new gate short-circuits cleanly via the
canonical pattern.
SafeLinksTemplatePolicy:
Replace the local Test-MDOLicense helper (which logged Error
severity and never set LicenseAvailable=false) with a canonical
Test-CIPPStandardLicense MDO call. Drop the now-unused helper.
Set-CIPPDBCacheExoPresetSecurityPolicy:
Add an MDO license gate at the top of the cache function. Without
it, every tenant -- licensed or not -- calls Get-EOPProtectionPolicyRule
and Get-ATPProtectionPolicyRule, which surface the same compression
error on tenants with orphaned ATP records. -SkipLog is used so the
cache function does not write Standards-API log lines or compare
field rows.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… reseller relationship links implements KelvinTegelaar/CIPP#5963
commit cd44de7121725ab4dbd6daa67820bf35fc024721
Merge: 737911624 61c938aab
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sun May 10 23:36:55 2026 +0000
Merge pull request #109 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 61c938aabf2ddf5d6718647f2ddc721d42ecab61
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Sun May 10 22:14:32 2026 +0200
standards use function
commit ec7f5649f70b0df55c21da4580b23aa636960719
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Sun May 10 22:12:56 2026 +0200
Single deployment from function now that its all rigged up
commit 737911624a50263ba88a1d746226e6b99c520e2b
Merge: 59211bdba 96727eb49
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sun May 10 17:36:51 2026 +0000
Merge pull request #108 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 96727eb4922a5eb3277b44a81b3f8f57a52fbaa3
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Sun May 10 14:49:13 2026 +0200
fixes to purview setup
commit a187a17a3ac8670df9d4d6ad7b722024834e818e
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Sun May 10 13:50:19 2026 +0200
set warn to true.
commit 59211bdba9e7417ac3c26ea2f1d194aeb22ba0ff
Merge: 0b7c02349 b7f32e7ae
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat May 9 23:36:51 2026 +0000
Merge pull request #107 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit b7f32e7ae720b8c4e7ab1be0ff060d6ab7ca86cf
Merge: 07f298392 e99b4aaab
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Sun May 10 01:26:06 2026 +0200
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit 07f2983924a0075e46abff211b781593d9b7c6cf
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Sun May 10 01:26:02 2026 +0200
purview adding
commit 0b7c02349ecd2f58c2fa7be8ea4540aa06e664f4
Merge: 25b3194db e99b4aaab
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 8 23:36:36 2026 +0000
Merge pull request #106 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit e99b4aaabd288134f1ea5fed81ad071dc10d19c5
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 19:17:20 2026 -0400
chore: bump version to 10.4.4
commit bf8a33a6dae91aa0aaa3e880b70ae0acedd078a5
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 17:09:55 2026 -0400
feat: add Invoke-ListResellerRelationshipLink function for retrieving reseller relationship links
implements https://github.com/KelvinTegelaar/CIPP/issues/5963
commit 4a466be5c371ed280c758361e83d4676f3b82923
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 14:57:25 2026 -0400
fix: prevent stale template list from skewing applied standards report
commit 0bc4f5089abf7d119d8b5510190044537af3fc12
Merge: 933a6dcda d9c620398
Author: Roel van der Wegen <github@aeternus.tech>
Date: Fri May 8 19:54:29 2026 +0200
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit 933a6dcdab4c5c29987482dbe5dee165ffad1922
Author: Roel van der Wegen <github@aeternus.tech>
Date: Fri May 8 19:54:26 2026 +0200
Fix for 5979
commit 25b3194dbee5f0b94fe84c383eff26874e7ec227
Merge: 91b2b1873 d9c620398
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 8 17:36:34 2026 +0000
Merge pull request #104 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit d9c6203983e5a30d877bc8cccb318866bffc209e
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 12:59:37 2026 -0400
fix: update expiration days logic for SharePoint and OneDrive file requests
commit f105398cf41da36b04d74b2fb3cc27db6eaf5c48
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 11:47:42 2026 -0400
chore: update dnshealth to 1.1.8
commit 176aa964d6eeca842fdab25746f639236fd4470d
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 11:17:17 2026 -0400
fix: sharing capability based on desired state for file requests
commit 74124f4f4a3b81958217bbf22f9a0c26c218ac22
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 09:51:00 2026 -0400
chore: update DNSHealth to 1.1.7
commit b9a824999e990b6fa3747af4d19378e6c4a7a6ad
Merge: d7bd90719 584a6fe64
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 14:24:24 2026 +0200
feat: Support bulk updates for managers and sponsors (#2043)
Enable bulk processing for setting multiple managers and sponsors in
user updates.
Introduce 'manager' and 'sponsor' properties to the user patching
functionality.
Frontend PR: https://github.com/KelvinTegelaar/CIPP/pull/5976
commit d7bd907199a73c50603613c52c909b083b64cc20
Merge: 0e00b468e 6c440c012
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 14:24:14 2026 +0200
Fix usageLocation value extraction in JIT Admin (#5910) (#2044)
The usageLocation autocomplete sends {label, value} objects but Graph
API
expects a plain string. This causes a "StartObject node found for
usageLocation, PrimitiveValue expected" error when creating JIT Admin
users.
Extract .value before passing to the API, same as Invoke-AddUserDefaults
and Invoke-EditUser already do.
commit 0e00b468e7169f1a0bb984dc56e426371e8399b1
Merge: 2529b6aae 3b609649a
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 14:23:51 2026 +0200
Feat: Add configurable TAP lifetime for JIT Admin creation (#2045)
Fixes KelvinTegelaar/CIPP#5965
Frontend PR: https://github.com/KelvinTegelaar/CIPP/pull/5977
commit 2529b6aae81fe9ae10248c74fad67c41d9188a6a
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 14:07:43 2026 +0200
fixes #5925
commit 3b609649a3b7ac970f51088c467ab897ba4ad2ba
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Fri May 8 13:57:08 2026 +0200
fix(jit-admin): honor TAP lifetime policy bounds
Fixes https://github.com/KelvinTegelaar/CIPP/issues/5965
commit 6c440c0121ceaba7eb1b7cf7305b06b76ad95ef5
Author: Joachim <joachim@advi.no>
Date: Fri May 8 13:54:24 2026 +0200
Fix usageLocation autocomplete object in JIT Admin (#5910)
The autocomplete component sends {label, value} objects but the
Graph API expects a plain string for usageLocation. Extract .value
before passing to API, matching the pattern used by other user
endpoints (Invoke-AddUserDefaults, Invoke-EditUser, etc).
commit 91b2b1873f69a538b3ff10b0986e8951d2ddf186
Merge: 2414645be 68a83d3e9
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 8 11:36:33 2026 +0000
Merge pull request #103 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 68a83d3e9547b22b9a25296da6122d5efc879d2f
Merge: a8a0c9d57 b872a8ba2
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:55:19 2026 +0200
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit a8a0c9d57e4e8bc1ebf7e802325f12bdcdb328b4
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:55:16 2026 +0200
fixes #5967
commit b872a8ba2303e34ed9bf3ca9059a7b06f780a225
Merge: 85d9a6c22 0475f951b
Author: Roel van der Wegen <github@aeternus.tech>
Date: Fri May 8 12:48:09 2026 +0200
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit 584a6fe6479840c71cca4a8b5205e735b76fe919
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Fri May 8 12:37:09 2026 +0200
feat: support bulk manager and sponsor updates
- Updated Set-CIPPManager and Set-CIPPSponsor functions to accept multiple users for bulk processing.
- Modified Invoke-EditUser and Invoke-PatchUser to handle bulk updates for managers and sponsors.
- Enhanced logging for success and error messages during updates.
commit 0475f951bb0b4eb8dcd8de6f19f68f0569b7c970
Merge: b7773c632 3f44d2228
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:33:48 2026 +0200
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit b7773c632ef1e955e57f6ced95b56eaba01403eb
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:33:44 2026 +0200
pushing new compliance menus
commit 67ea958492a04d806604db545165157941b59063
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:24:48 2026 +0200
fixes #5973
commit 5644578fe74abd3f331fbc0cd4adfac1becfab2c
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:18:10 2026 +0200
fixed #5930
commit 85d9a6c228dee577ba5cded5bab28255ce069d9a
Author: Roel van der Wegen <github@aeternus.tech>
Date: Fri May 8 12:07:51 2026 +0200
concept
commit 8d454b9566497fb2577c76d50c8ee4a75562e5e1
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 12:01:35 2026 +0200
fixed unmapped issue sherweb
commit 3f44d22282b1a9174bfbdd821c2f23c6dd0c4380
Merge: 1a304e156 b9e193e62
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 11:51:01 2026 +0200
Add usageLocation support to JIT Admin creation and templates (#5910) (#2041)
## Summary
- Adds optional `usageLocation` (ISO 3166-1 alpha-2) to JIT Admin user
creation via Graph API
- Saves `defaultUsageLocation` in JIT Admin templates (both Add and
Edit)
- Prevents Huntress false-positive alerts for JIT Admin accounts missing
usage location
Fixes https://github.com/KelvinTegelaar/CIPP/issues/5910
Companion PR (frontend):
https://github.com/KelvinTegelaar/CIPP/pull/5971
## Changes
- `Set-CIPPUserJITAdmin.ps1` — conditionally includes `usageLocation` in
the Graph POST body when creating users
- `Invoke-ExecJITAdmin.ps1` — passes `usageLocation` from request body
to the User hashtable
- `Invoke-AddJITAdminTemplate.ps1` — saves `defaultUsageLocation` in
template object
- `Invoke-EditJITAdminTemplate.ps1` — same for template editing
commit 1a304e1564c5e3e1b7b8719d94fdbca354128f66
Merge: 7804aaf8d 26cb9aee5
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 11:48:41 2026 +0200
feat: Add AutoDiscover check to domain analysis (#2042)
**Important:** This PR is dependant on
https://github.com/JohnDuprey/DNSHealth/pull/26 being merged and the
module updated in CIPP
Implement AutoDiscover record validation in the domain analysis process
and enhance the domain health listing functionality to support
AutoDiscover record retrieval.
Frontend PR: https://github.com/KelvinTegelaar/CIPP/pull/5974
commit 7804aaf8d9bb24ceec54af7affdabf5702a3c660
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 8 14:02:27 2026 +0800
Try infer template type from content if missing, else fail early
commit 2414645be501d0a5ddbcac49704ed57c2b1afa21
Merge: 19c5becbb 51b228187
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 8 05:36:31 2026 +0000
Merge pull request #102 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 51b22818735ef58a5f958be1e3a9e91715be93e0
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 8 00:08:13 2026 -0400
fix: add SharingCapability to current state retrieval in Invoke-CIPPStandardSPFileRequests function
commit 318d82612204d4ecac1a328b073ebdda24b55c83
Author: John Duprey <jwd@johnwduprey.com>
Date: Thu May 7 23:15:02 2026 -0400
fix: correct assignment syntax for FieldValue in Add-CIPPBPAField function
commit f20c60a66bda10222492ab65cef58a258c4c7a2e
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 8 10:44:19 2026 +0800
Revert escaping
commit 94158f4fb0fa4a03a936d2d3726dd27b2e67c06e
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 8 09:12:28 2026 +0800
Add Investigate status to custom tests
commit 19c5becbbb26eb2ff4b08834b45cee33257a5873
Merge: 9422b33b0 731a41edf
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu May 7 23:36:30 2026 +0000
Merge pull request #101 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 26cb9aee55dcb43b4f5ca97e3f4806f6c7b7662f
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Fri May 8 00:50:48 2026 +0200
feat: Add AutoDiscover check to domain analysis
- Implemented AutoDiscover record validation in Push-DomainAnalyserDomain function.
- Enhanced Invoke-ListDomainHealth to support AutoDiscover record retrieval.
commit c0098fdea73e4ff9a6d5e6be89df0c7a8a18185e
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 00:46:46 2026 +0200
remove old file
commit bc4e643dbd7a65030681b89e758733fb1b89dad6
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri May 8 00:19:26 2026 +0200
add purview section
commit 731a41edf5e1c80bb5d1b1bfacd095022fd746bf
Author: John Duprey <jwd@johnwduprey.com>
Date: Thu May 7 15:33:22 2026 -0400
fix: ensure unique and non-null email addresses in report generation
commit 8e7392da6e5a9bf03c4c5b9ea1c2f0d1a9bc1fa7
Author: John Duprey <jwd@johnwduprey.com>
Date: Thu May 7 14:51:47 2026 -0400
fix: scripted alert optimization
commit 9422b33b03e7cfd709d12a38a5c5f9c0f88c5c79
Merge: c596e0f63 02fdcbed6
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu May 7 17:36:37 2026 +0000
Merge pull request #100 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 02fdcbed62b9ef9543c2a104dfa4ef8e2443f310
Merge: 0bc436b87 ece775bd1
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Thu May 7 16:03:37 2026 +0200
Feat: Extend ListIntunePolicy for admin templates (#2035)
Enhance the ListIntunePolicy function to support group policy definition
lookups and improve handling of requests for configuration policies and
group policy configurations. This update allows for more efficient data
retrieval.
Frontend PR: https://github.com/KelvinTegelaar/CIPP/pull/5951
commit 0bc436b87f2ab5eed77a4edc1c74f5a665791213
Merge: b02970f52 7b26b118d
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Thu May 7 16:03:13 2026 +0200
Fix handling of non-catalog null results in comparison function (#2034)
Adjust the comparison logic to properly handle cases where the result is
null when the CompareType is not 'Catalog'. This ensures that the
comparison results are always returned as an array, preventing potential
errors.
Fixes "Failed to compare policies: Index operation failed; the array
index evaluated to null." error on the compare policy page
commit b02970f5296ec2b5a2cbd139c4fbc52d7e67bff0
Merge: 3beb6226f 27c08abc9
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Thu May 7 16:02:05 2026 +0200
Fix drift report inaccuracies for TeamsMeeting, SPFileRequests, and policies (#2038)
This pull request introduces several improvements and bug fixes to the
standards enforcement scripts, focusing on ensuring accurate reporting
and consistency in policy comparisons. The main changes involve
normalizing list-type values for reliable comparisons, correcting field
references, and updating in-memory state after remediation to prevent
reporting outdated values.
**Policy comparison normalization:**
* Updated all list-type fields (such as `FileTypes`, `DoNotRewriteUrls`,
and domain lists in Teams federation) to be sorted before comparison,
ensuring that order differences do not cause false drift reports.
[[1]](diffhunk://#diff-21f5937855b4b87d151a77151a2b79e689eef46e372ef5fec22864e684729b19L223-R223)
[[2]](diffhunk://#diff-21f5937855b4b87d151a77151a2b79e689eef46e372ef5fec22864e684729b19L241-R241)
[[3]](diffhunk://#diff-636adbbc5bcc10efc5ba31410af63ff8cf0c352f5cfeac24dde5d4f7463348a5L234-R234)
[[4]](diffhunk://#diff-636adbbc5bcc10efc5ba31410af63ff8cf0c352f5cfeac24dde5d4f7463348a5L248-R248)
[[5]](diffhunk://#diff-8094476ac96a5b9884740aae3a3e267ea51843d9caa915f8c9fd87d1aecf9d87L78-R78)
[[6]](diffhunk://#diff-8094476ac96a5b9884740aae3a3e267ea51843d9caa915f8c9fd87d1aecf9d87L88-R88)
**Bug fixes and accuracy improvements:**
* Corrected the field used for reporting the 'Trial Autoclaim' policy
value from `policyValue` to `tenantPolicyValue` in
`Invoke-CIPPStandardDisableSelfServiceLicenses`.
[[1]](diffhunk://#diff-8d188a1e9388883bced1f8938fab119c89ab15d3aaea5f5357817a6a32cb4e5aL69-R69)
[[2]](diffhunk://#diff-8d188a1e9388883bced1f8938fab119c89ab15d3aaea5f5357817a6a32cb4e5aL148-R148)
* In `Invoke-CIPPStandardSPFileRequests`, updated the in-memory state
after remediation so that drift reports reflect the post-remediation
values rather than outdated ones.
**Code cleanup:**
* Removed an unnecessary line in
`Invoke-CIPPStandardTeamsMeetingRecordingExpiration` that could have
incorrectly set the current value to `$true` instead of the actual
expiration days.
commit c596e0f637586a07b1d28ccfc15c6a7520beb2cc
Merge: 27e13bec8 3beb6226f
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu May 7 11:36:40 2026 +0000
Merge pull request #99 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit b9e193e62a108b2cb56fc72289206f12a89c391a
Author: Joachim <joachim@advi.no>
Date: Thu May 7 13:27:59 2026 +0200
Add usageLocation support to JIT Admin creation and templates (#5910)
commit 3beb6226f86e5b05661160a8fcace5d7931e161c
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu May 7 19:10:37 2026 +0800
Better queue tracking
commit 27e13bec86697f804a844d7e0d93738e6431ceec
Merge: 7683317da adbbb537c
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu May 7 05:36:31 2026 +0000
Merge pull request #98 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit adbbb537ca629d05d4d3a2ccfa04d081e0471e5f
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu May 7 12:52:44 2026 +0800
Update CIPPTimers.json
commit 9ae75623734128d3f60654e9aeaf6e73b06b134e
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu May 7 11:37:01 2026 +0800
Update Standard AutoAddProxy
User reporting DB, add rerun protection and add null guarding
commit 7683317da7ec2072d5a9825c4991d0b81e4ac6a6
Merge: cbd8e8d43 498d03f32
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed May 6 23:36:31 2026 +0000
Merge pull request #97 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 498d03f3258b1a1704ae748faecaf12dc53b311e
Author: John Duprey <jwd@johnwduprey.com>
Date: Wed May 6 15:01:14 2026 -0400
fix: duplicate group ID retrieval in Invoke-ExecAddGDAPRole function
limit to one per role
commit cbd8e8d43d8a79bc1fee58366f8b70551bc55776
Merge: 181e4ab9a 94a291c99
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed May 6 17:36:38 2026 +0000
Merge pull request #96 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 94a291c99939353e9134e7d78d739d0fe41ac94a
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed May 6 14:40:12 2026 +0200
Ensure that collaboration invitations are sent to allowed domains only
commit 181e4ab9a3461299161e23f7ca522fddf0f334b4
Merge: 1ee695c5a 7962aab67
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed May 6 11:36:36 2026 +0000
Merge pull request #95 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 7962aab67227cb24cbbd6f9236bdd6056cf60469
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed May 6 13:23:18 2026 +0200
add teasm ZAP standard
commit 9a844383ff2383a99e23c2be29f89674b1cdb1c1
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed May 6 13:12:59 2026 +0200
Empty AllowList Standard for CIS
commit cc07ca51d567a2eaf00caae357c8f87d8c25146d
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed May 6 12:43:59 2026 +0200
public group standard
commit 23505c303e863da9d1fb274f2f67fff7daa44cd6
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed May 6 16:42:15 2026 +0800
Correct backup object retuned
commit 21528eafdcc6a28a36cf82cea77ef77af735bb7f
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed May 6 13:44:08 2026 +0800
parse timezone value for nice response message
commit 1ee695c5aca56e6a193df5709f80d42888dd5fab
Merge: 8d96d48d6 0e537b1dd
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed May 6 05:36:31 2026 +0000
Merge pull request #94 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 0e537b1dd94b00cea9873903bbc526b17828aa30
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue May 5 22:07:06 2026 -0400
fix: Guard against missing GeoIP.Data
commit 212c6f1323d7a92b43ce98fd0b90b190e17b0892
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed May 6 08:32:09 2026 +0800
improve drift page loading speed
commit 8d96d48d6080d205647197e2dd6207f35cfaae2b
Merge: 9a904e82a 5087f2690
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue May 5 23:36:32 2026 +0000
Merge pull request #93 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 27c08abc9a2d81b0ae133f8f66ba2602c10353d4
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Sun May 3 13:09:55 2026 -0500
Fix SafeLinksPolicy and MalwareFilterPolicy drift report ordering
Same shape as the TeamsFederationConfiguration fix: the state check
uses Compare-Object (order-insensitive) so $StateIsCorrect correctly
reports "already correctly configured", but the report block writes
the raw arrays to the compare field where Current and Expected come
from different sources and may be ordered differently. The drift
page diffs the JSON arrays literally, producing phantom deviations
even though the policies are correctly applied.
SafeLinksPolicy.DoNotRewriteUrls:
Current was $CurrentState.DoNotRewriteUrls (raw API), Expected was
$Settings.DoNotRewriteUrls.value (raw user input). Sort both in
the report block so they match regardless of input or API order.
MalwareFilterPolicy.FileTypes:
Current was $CurrentState.FileTypes (raw API), Expected was
$ExpectedFileTypes ($DefaultFileTypes + user-supplied OptionalFileTypes
split). Sort both in the report block.
Set-SafeLinksPolicy and Set-MalwareFilterPolicy treat these lists as
sets on the Microsoft side, so order does not affect remediation
behavior -- only the drift display.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
commit 7aeeffcb48b080685c180e8431e3128d3433a082
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Sun May 3 13:04:58 2026 -0500
Fix TeamsFederationConfiguration drift report ordering mismatch
The state check uses Compare-Object (order-insensitive) so
$StateIsCorrect correctly reported "Federation Configuration
already set." But the report block wrote the raw arrays to the
compare field, where the current side was alphabetically sorted
upstream and the expected side was in user-input order from
$Settings.DomainList. The drift page diffs the JSON arrays
literally, so identical sets in different orders rendered as
a phantom deviation.
Sort the parsed expected arrays (AllowedDomainsAsAList for
AllowSpecificExternal, BlockedDomains for BlockSpecificExternal)
at the source so they match the already-sorted current values.
Set-CsTenantFederationConfiguration is set-semantic on the
Microsoft side, so order does not affect remediation behavior.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
commit 2be775b64dcd88fa112a236d9b8b61a4ea3d2e94
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Sun May 3 12:59:59 2026 -0500
Fix DisableSelfServiceLicenses autoclaim reading wrong property
The autoclaim GET endpoint at admin.microsoft.com returns the policy
state under tenantPolicyValue, not policyValue:
{
"policyId": "Autoclaim",
"tenantPolicyValue": "Disabled",
"tenantId": "..."
}
CIPP was reading $AutoClaimPolicy.policyValue (which does not exist
on the response object) so it always evaluated to $null, causing:
- the initial Compare to find a diff vs the Expected 'Disabled',
- remediation to fire every run,
- the post-remediation re-fetch to also read null,
- the drift compare-field to be written with Value=null,
- the manage drift page to show a phantom deviation despite the
log saying "Changed Self Service status for product
'Trial Autoclaim - autoclaim' from '' to 'Disabled'".
The POST body still uses {"policyValue": "Disabled"} -- Microsoft's
read/write schemas are asymmetric on this endpoint, so only the
read paths needed the property name corrected.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
commit 512d87c2aa15d4d9ae25225def7e6e08dd714f27
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Sun May 3 12:30:09 2026 -0500
Fix SPFileRequests drift report showing pre-remediation values
The standard fetches $CurrentState from SPO once at the top, then
the remediate block calls Set-CIPPSPOTenant to mutate the live
state but never refreshes $CurrentState. When both remediate and
report run in the same pass, the report block builds CurrentValue
from the stale pre-remediation $CurrentState and writes it into
the drift compare field -- producing Expected=true / Current=false
on the manage drift page even though the live SPO state is now
correct (and the logbook says "Successfully set File Requests...").
After a successful Set-CIPPSPOTenant, mirror the just-applied
properties into $CurrentState so the report block writes the
post-remediation values. The catch path is untouched, so failed
remediation correctly leaves the original state in the report.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
commit 45c8f59872453db2fa35ade73ca4df788c64f947
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Sun May 3 12:24:55 2026 -0500
Fix TeamsMeetingRecordingExpiration drift report showing Current=true
The report block overwrote the actual current expiration day count
with the boolean literal $true whenever StateIsCorrect was true,
then wrote that boolean into the compare field as the "Current"
value. This caused the drift page to render Expected=120 / Current=
true and flag a deviation even when the policy was correctly set --
while the remediate block (which used the unmangled value) logged
"already set to 120 days".
Removing the conditional reassignment makes the report always emit
the real numeric value, so when state matches expected the drift
page goes green instead of showing a phantom deviation.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
commit 5087f26900761b9270c5e43a0f14b6a694f2c021
Merge: e2382b4a2 733da2299
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue May 5 16:27:42 2026 -0400
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit e2382b4a2975aba260b15a5038d4dc3d151b96e4
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue May 5 16:27:39 2026 -0400
fix: exclude expired user consent requests
commit 733da2299ac5deff19797a0148eaa7eda2868f2a
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Tue May 5 21:02:25 2026 +0200
updated
commit 08d2bcb8971ba4488ce4edd86de70a1297feccc8
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Tue May 5 21:00:07 2026 +0200
Add self-service email stuff
commit 7787f187597ef2590a9ab3615631c16af1cbd884
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed May 6 02:06:11 2026 +0800
Improve drift alignment data
commit 9a904e82af155b1fac45f57c116336dd0212898c
Merge: 9a9b7231f 364da3705
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue May 5 17:36:35 2026 +0000
Merge pull request #92 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 364da3705d353edcd76140372f865faffd7867f8
Merge: 61b891c9d 7a7c70d94
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed May 6 01:08:13 2026 +0800
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit 61b891c9dfdad2853f36a8d381f8a833be055aa4
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed May 6 01:08:11 2026 +0800
Fix image upload
commit 7a7c70d9463107e7560fd40e47def99d1bb9ad91
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue May 5 12:17:17 2026 -0400
fix: remove +1hr buffer to end time
commit b230c7f612f6cf8c5c674aac0d8d47bf15b8504e
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue May 5 23:20:20 2026 +0800
Fix drift tag resolution using stale rawData instead of live lookup
Drift detection used rawData.templates from the frontend form snapshot to
resolve tag-assigned Intune templates. This snapshot goes stale when
templates are added to a tag after the drift standard is saved, causing
policies to appear as deviations despite being compliant in standards.
Replace rawData.templates with a live database lookup by package property,
matching the approach already used by Get-CIPPTenantAlignment. Also
consolidate template table queries into a single unfiltered load.
commit 9a9b7231f113fe68ea80afe18fe0fc19747f84e9
Merge: 86a6f677c 8e12d1064
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue May 5 11:36:35 2026 +0000
Merge pull request #91 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 8e12d1064b93760c63ce7bf834acd005ca327fcb
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue May 5 18:27:02 2026 +0800
Correct CIPP SAM addition repeated alerts
commit 8856340634e4668f121ee638960da544c2a08e7b
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue May 5 18:09:00 2026 +0800
dead code
commit 86a6f677c6bd9d49f8fe99c3689ab88d4adeadc4
Merge: b70808cad 3702c8548
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Mon May 4 23:36:31 2026 +0000
Merge pull request #90 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 3702c854804b2377015cffd9def102a8e9561283
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon May 4 17:46:39 2026 -0400
feat: PR check on fork
commit f50d8a1194ccaf546383f3cc29389454fd31887a
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon May 4 17:22:03 2026 -0400
feat: add Get-CIPPGroupsReport function and integrate with Invoke-ListGroups
Co-authored-by: Copilot <copilot@github.com>
commit cb51886cd28134fd986faf200ed2ec614e371507
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon May 4 15:42:57 2026 -0400
fix: MOERA standard reporting
No way to remediate but we can use Read-DmarcRecord directly to query the current value and use that for reporting
commit 16c03a17e437dadec75850dbad5f82b4b4922221
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Mon May 4 21:07:45 2026 +0200
add to scheduler
commit f9928aecc9a08a22a2ae6e68ddc4079e0e9b613a
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Mon May 4 20:53:52 2026 +0200
CIS Microsoft 365 Foundations Benchmark v6.0.1
commit b70808cade3a82c4d06ca74a7b1ec887cb10fb63
Merge: 744c3d684 bb3db333e
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Mon May 4 11:36:32 2026 +0000
Merge pull request #89 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit bb3db333e125068c3e0e784299bf2b6befdabdfd
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Mon May 4 14:38:45 2026 +0800
Correct list alerts accounting for tenant allowed tenant groups
commit 744c3d684521c1212933586b9a045d0f3cc3a46f
Merge: 0ed638846 4484ec2e6
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sun May 3 05:36:27 2026 +0000
Merge pull request #88 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 4484ec2e6ddf17702ff25c4c37d0a4542bee51d9
Author: John Duprey <jwd@johnwduprey.com>
Date: Sat May 2 23:11:34 2026 -0400
Add queueing functions to blocked commands list
Update Get-CIPPSchedulerBlockedCommands.ps1 to include queueing-related functions (Add-CippQueueMessage, New-CippQueueEntry, Set-CippQueueTask, Update-CippQueueEntry) in the blocked commands array.
commit 0ed6388467ef48dbd827d0f70af8952cde849256
Merge: 2fe8fe7f7 75040833a
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat May 2 23:36:27 2026 +0000
Merge pull request #87 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 75040833aa6373059348167f9c36b39d82b47332
Author: John Duprey <jwd@johnwduprey.com>
Date: Sat May 2 16:08:18 2026 -0400
rename
commit 2fe8fe7f73e9da2b9d9858f7a27a83f547ab9001
Merge: 93ec11e44 8594b3d26
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat May 2 17:36:29 2026 +0000
Merge pull request #86 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 8594b3d2666b859671b6e0b2ea6bd3d75681d44a
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun May 3 01:15:54 2026 +0800
Update Start-CIPPOrchestrator.ps1
commit 50789ce3d28a4a9d83137ea6dfce835063bd597b
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun May 3 00:10:45 2026 +0800
queue tweaks
commit 80f6df79211d2d97b956480039f05fdd48bb457e
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sat May 2 23:09:35 2026 +0800
Redirect url helper scripts
commit 93ec11e44bdbfc62386c08ad12200678a6788f05
Merge: 2536781b2 a0b7655dd
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat May 2 05:36:34 2026 +0000
Merge pull request #85 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit a0b7655dd0c8962629de3e145bc0372a95060c09
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 1 20:16:11 2026 -0400
chore: bump version to 10.4.3
commit 2536781b2ed69951786ea7a1e8febc68fb68ed6f
Merge: 809c5e8f5 8c4f9bd92
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 1 23:36:29 2026 +0000
Merge pull request #83 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 8c4f9bd9276f254d78e43fb7be229ae81af0adf7
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri May 1 19:23:34 2026 -0400
fix: Add SHAREPOINTENTERPRISE_GOV to license checks
commit 809c5e8f53e51b5cca0661584e2afaf23dd6503e
Merge: c6144b97c cf6603994
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 1 17:36:32 2026 +0000
Merge pull request #82 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit cf6603994b41335453c6254acf889d1ccc99b6ad
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 23:24:05 2026 +0800
Silly audit logs
commit c6144b97c64ffa9574ce111d7f9cc0d111e9d201
Merge: 713039426 78eb1ae8b
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 1 11:36:30 2026 +0000
Merge pull request #81 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 78eb1ae8bd68da507c33df4d653e5d68eb9b67cc
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 18:46:53 2026 +0800
More escaping for HMTL alerts that contain objects
commit 1cf4ee60cf3e125a005687068549f62fad30bca4
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 18:44:44 2026 +0800
Prevent race conditions for duplicate audit logs
commit 4589d5d0ce8a18ecb9c71222f4b1cbfc1d52e0d5
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 18:38:21 2026 +0800
So the docs are wrong about this one
commit 6c27c34ce20a70bc16f5a709fe9bee3316e05f5d
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 18:21:27 2026 +0800
Custom variable support + block explicit calls with tenantfilter
commit 0a08f633b81703b05d7dac5ba00541c64799cb74
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 17:23:41 2026 +0800
Add ResultMode, CIPP wrapper handling, Github save/import and custom MD in PS
Introduce ResultMode support for custom scripts (Auto | AlwaysPass | AlwaysInfo) and handling for an optional CIPP wrapper object. Invoke-ExecCustomScript: unwrap optional wrapper properties (CIPPStatus, CIPPResults, CIPPResultMarkdown) and include them in the response body. Invoke-CippTestCustomScripts: respect ResultMode when computing final test status, honor explicit CIPPStatus/CIPPResultMarkdown from scripts, adjust alerting behavior, and include result markdown when reporting. GitHub integration: add UploadScript and ImportScript actions to export/import custom tests (imports run security checks and set ResultMode).
commit 16397000766f00d47f3792c20fda60e46b38b234
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 16:07:41 2026 +0800
Update add CA exclusion to account for targeted roles
commit 924a078a7eca7bd32e6369558bf546976485866d
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 15:38:31 2026 +0800
Fix listing of excluded tenants in scripted alerts
commit b937399c1627b4ea8a82abc77ab3ae499795b183
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 15:21:55 2026 +0800
Add specific DNS endpoints to TCP connection limits
commit e0db8da28c040448f828558317f59003ba6e3948
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 14:46:19 2026 +0800
Fix oauth consent not adding ms app id after the fact
commit 7130394261a07ff6890882d8cedb3ec6775fdda1
Merge: 4e8852b01 89ade0e33
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri May 1 05:36:30 2026 +0000
Merge pull request #80 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 89ade0e33d4b4c959b6028631b7b73f92a1a27d3
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 13:10:42 2026 +0800
How long has this been wrong?
commit 4e8852b01ac7847366e71ddf02550e0ebc61ac53
Merge: 514d9b321 f036c0bb5
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu Apr 30 23:36:30 2026 +0000
Merge pull request #79 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit ece775bd1b3b4aaf518a009b7409555c111faa61
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Fri May 1 00:52:52 2026 +0200
feat(intune): extend ListIntunePolicy for admin templates
commit f036c0bb5658da32eb503f874f26829bdd2be925
Author: John Duprey <jwd@johnwduprey.com>
Date: Thu Apr 30 16:56:45 2026 -0400
fix: odata sanitization
commit 7b26b118dc51b959f171d16bad737f09ab2dc8d7
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Thu Apr 30 20:01:06 2026 +0200
fix(compare): handle non-catalog null results
commit b446c026d2ec2f6f2030ac3482386e80269a19a3
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 02:06:09 2026 +0800
Update Add-CippQueueMessage.ps1
commit a78bd50714640cd4e6b2b843c27dfb8906e40c5f
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Fri May 1 02:04:49 2026 +0800
slight orc changes
commit 514d9b321e9857bea47bdf236826288c04653030
Merge: 1885ac28f 3ed7bddcf
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu Apr 30 17:36:36 2026 +0000
Merge pull request #78 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 3ed7bddcf1acd4d82e6859fb627342191904cd40
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu Apr 30 21:30:40 2026 +0800
Update New-CIPPAPIConfig.ps1
commit 264abcaee10bc7864a851837d1a676f056913190
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu Apr 30 21:30:26 2026 +0800
Update Invoke-CIPPDBCacheCollection.ps1
commit 1885ac28f644dd86223bba37fbdfca97e3548836
Merge: 3a095a8ea 1416a1431
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu Apr 30 11:36:33 2026 +0000
Merge pull request #77 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 1416a1431200d55dbf49daee1a255d12695384a3
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu Apr 30 16:40:33 2026 +0800
Simple is best
commit 3a095a8ea878fb9e0b64c0f176c388def60c1c3f
Merge: 0f97e2ddc 29e3006ee
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Thu Apr 30 05:36:31 2026 +0000
Merge pull request #76 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 29e3006ee29bc4cee6af68f617a5b556d79990a1
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu Apr 30 11:23:53 2026 +0800
Update Get-CIPPLicenseOverview.ps1
commit e0df4506e8c7121d2e7bd3b76d36777bb5f694cf
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu Apr 30 11:15:16 2026 +0800
account for trials
commit 9700734049ec0e50177bdcbfef3e84688e5dec1a
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Thu Apr 30 10:54:55 2026 +0800
Use ConvertTo-SafeArray for all EXO domain checks
commit 0f97e2ddc80db93541a06257b39c1c728c4d033a
Merge: 9059e1425 fe7b01316
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed Apr 29 17:36:36 2026 +0000
Merge pull request #75 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit fe7b01316b057cc79b9a0dea0f97eee9c142d550
Merge: 834b4c618 f2cd1532b
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed Apr 29 17:26:55 2026 +0200
Feat/Configure Encrypted Message Branding OME (#2023)
This is a new standard that enables customization of encrypted emails
sent from a client and received by users on non-Exchange email
platforms.
The logo field requires a URL but also supports custom variables,
allowing you to configure a unique logo for each client. The same
flexibility applies to colours and other branding elements.
The standard is covered here:
https://learn.microsoft.com/en-us/purview/add-your-organization-brand-to-encrypted-messages
Relates also to https://github.com/KelvinTegelaar/CIPP/pull/5922
<img width="690" height="646" alt="image"
src="https://github.com/user-attachments/assets/24091a36-dafd-4205-a7b5-5b6713c306ca"
/>
<img width="798" height="751" alt="image"
src="https://github.com/user-attachments/assets/28be5166-bd6e-4a6e-bc88-67425849fa16"
/>
commit 834b4c618a9fdef1f25ab370add0a15fdb56bef5
Author: John Duprey <jwd@johnwduprey.com>
Date: Wed Apr 29 10:48:14 2026 -0400
fix: calculated group type in listusergroups
commit 9059e1425b4b1416aebfbec5ea94d1f839a4cd10
Merge: ba5308374 c39d061ae
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed Apr 29 11:36:42 2026 +0000
Merge pull request #74 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit c39d061aeedcb29245078ae5b2599535738334f9
Merge: 1606bf1de c9ca4f0b4
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed Apr 29 12:09:04 2026 +0200
Fix: Add support for group assigned admin roles to 'disable exo' standard (#2024)
Adds group lookup when checking for user accounts that are assigned
admin roles.
commit 1606bf1de4255d6eeb49999bf6e9a4cf66b04f95
Merge: 47277154f 10ddece06
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed Apr 29 12:08:11 2026 +0200
feat: enrich Intune policy setting details (#2031)
- Add optional Settings Catalog definition enrichment to the Intune
policy details endpoint.
- Fetch setting definitions in Graph batch requests so the frontend can
show Microsoft descriptions without bloating list responses.
- frontend PR: https://github.com/KelvinTegelaar/CIPP/pull/5936
commit 10ddece06742eeb969d5e21c6b5b595b4b55150f
Merge: d15734d19 47277154f
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed Apr 29 12:08:04 2026 +0200
Merge branch 'dev' into settings-tooltips
commit 47277154f098d042f32d6df547b820a4ee3058b4
Merge: 8bbefe197 307db51e9
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Wed Apr 29 12:07:13 2026 +0200
feat: show full MDE connector details (#2026)
## Summary
- Cache writer and live endpoint now return the full
`mobileThreatDefenseConnectors` Graph object instead of only
`partnerState`.
- Failed Graph calls still write a `partnerState=unavailable` row so
AllTenants keeps the tenant.
> Frontend counterpart: KelvinTegelaar/CIPP#5929.
commit 8bbefe1971e2dfc6632a1552086adcee94db8f47
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed Apr 29 17:31:25 2026 +0800
Update version_latest.txt
commit 3fc9675377ac6ebcb7dad1abc706317bcbc220be
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed Apr 29 15:57:19 2026 +0800
tweaks for webhook table lookups
commit 70642a2ed575a31cc445523e0fecc31b23960eda
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed Apr 29 15:09:14 2026 +0800
Surface errors correctly for secret reset
commit ba53083743b9f051bdc3b069a708ef6b55458403
Merge: 0154ca2f8 d9f630e95
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Wed Apr 29 05:36:30 2026 +0000
Merge pull request #72 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit d9f630e95c690feffc88b67e75cfab684686047a
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed Apr 29 12:52:34 2026 +0800
offset some activities to help spread the load
commit d6e0c0153cb7fe5c9c4d1b3e54ef5b80ddda1410
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed Apr 29 12:41:10 2026 +0800
tweak ninja sync interval
commit 66e7da5077d90e832a887b867bc1d6adaf80ad64
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Wed Apr 29 12:09:05 2026 +0800
Bring in tenant deviations into calculation and expose confirmed deviations
commit 0154ca2f8450998c3427a4a73873290411676cf7
Merge: 2151844c7 2161569ca
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue Apr 28 23:36:36 2026 +0000
Merge pull request #71 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit d15734d19d7cbd4338c4259e8fe3e1f3a961ed01
Merge: 2161569ca 0e3413cff
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Tue Apr 28 23:46:07 2026 +0200
Merge branch 'settings-tooltips' of https://github.com/kris6673/CIPP-API into settings-tooltips
commit 2161569caeb7ddc7ecf6426335f2e0c126276da0
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue Apr 28 17:31:19 2026 -0400
chore: bump version to 10.4.2
commit e2f71c27fe19d4475c5db20bd9531ddb1a9c3180
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue Apr 28 17:30:26 2026 -0400
fix: group types in edit user
commit 0e3413cff301ae68fb3c5308dbd0f355d36285f6
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Tue Apr 28 23:22:32 2026 +0200
feat: enrich Intune policy setting details
commit 3ff08f008d17a513402a9ae462a0ee8a084f4057
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Tue Apr 28 22:53:09 2026 +0200
feat: update intuneCollection with new properties
commit 658acead0da91469b5b38829a19994f6ba4dbdc0
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue Apr 28 16:21:35 2026 -0400
fix: add caching to sharepoint/onedrive site listings
commit 8c0ca04079e125795754e0f517e537e1badcf5e4
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue Apr 28 14:16:43 2026 -0400
fix: disable transitive failures error logging for now
commit 2151844c71d18f9f53cc634d94e00a3944857a48
Merge: f5f0939ef ae39bce6f
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue Apr 28 17:36:37 2026 +0000
Merge pull request #69 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit ae39bce6fe8e4bf7578c10b3a85719c2733d03b2
Author: John Duprey <jwd@johnwduprey.com>
Date: Tue Apr 28 12:02:54 2026 -0400
fix: version locations
commit 217416d6f2bc469a662e3edafe9ed17079667187
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 23:55:19 2026 +0800
add back to root :(
commit 7b61a9dc1383e0d67a30e1c5d840528581760130
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 23:41:42 2026 +0800
Fix standard to only apply to users and shared accounts if enabled, else shared only
commit f89670128b893250b9835508236bce08e6a9542f
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 23:38:40 2026 +0800
Ensure only HTML fragments are generated
commit a1bed605995709b4399e37085c72586eabe7382b
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 23:27:59 2026 +0800
Clear drift remediation tasks if reoccurring ones were created
commit 76873250e22c47855988c9c1787bdd2bfdfbc6b9
Merge: 33ee64657 f652a1a30
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Tue Apr 28 15:33:43 2026 +0200
fix: correct version_latest.txt path in remote API version check (#2029)
The remote URL in Assert-CippVersion was pointing to a path that no
longer exists on KelvinTegelaar/CIPP-API:master after the master branch
was restructured. The file lives at the repo root on master, not under
Config/.
Returning a 404 from this endpoint causes Invoke-CIPPRestMethod to throw
inside Assert-CippVersion, which exits before returning. The HTTP
function returns no body and the frontend's Backend version field
renders empty.
Path change only — no logic changes.
commit f652a1a30799c2645c16d453e60a1640f99e4491
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Tue Apr 28 08:29:20 2026 -0500
fix: correct version_latest.txt path in remote API version check
The remote URL in Assert-CippVersion was pointing to a path that no longer
exists on KelvinTegelaar/CIPP-API:master after the master branch was
restructured. The file lives at the repo root on master, not under Config/.
Returning a 404 from this endpoint causes Invoke-CIPPRestMethod to throw
inside Assert-CippVersion, which exits before returning. The HTTP function
returns no body and the frontend's Backend version field renders empty.
Path change only — no logic changes.
commit 33ee646575aebb7b6fc06c6bf5fd0454b1a2997b
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 20:08:25 2026 +0800
typo
commit f5f0939efb20979d117538c4f37fd8301fb1f53e
Merge: e97acf1ca 4c70122af
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue Apr 28 11:36:36 2026 +0000
Merge pull request #68 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 4c70122afd82f07060ed3efbc24b38b47dffe6e9
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 17:56:46 2026 +0800
Don't use cache for app permissions, causes issues if stale or missing
commit f5ecbb02314a579831800f79c672dbe96b60c107
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 17:56:05 2026 +0800
Fix GDAP requests to use more than 300 results
commit ea6cc64bf70b6f3ca12e72e9f863a005478dd805
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 17:34:21 2026 +0800
Handle midterm license changes and enrich response to contain started date
commit 61b172b31a6fa123744027d089bbd8f75316e9b3
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 17:05:51 2026 +0800
Update CippEntrypoints.psm1
commit e7a9d88e596c0cbb13f022bef1bc295ee088f62b
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 16:55:41 2026 +0800
Add SP/Exchange standards
Three new standards: Invoke-CIPPStandardDisableEWS (disable Exchange Web Services org-wide), Invoke-CIPPStandardSPDisableCustomScripts (disable custom scripts on SharePoint/OneDrive), and Invoke-CIPPStandardSPDisableStoreAccess (disable SharePoint Store access).
commit 7b17a5876c63bae004711099f4b0a0fb7319df07
Merge: dd73a6f71 e30eaa523
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Tue Apr 28 10:45:43 2026 +0200
fix: Update docs links that 404 (#2025)
Resolves KelvinTegelaar/CIPP#5917
commit dd73a6f713b8242d96a7981d9c720087a8ccdd8b
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 16:37:29 2026 +0800
fix standards logging issues
commit e97acf1ca6e3936d9fcd0a8019e7136965b6351a
Merge: e8f2431de 425557370
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Tue Apr 28 05:36:31 2026 +0000
Merge pull request #67 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 42555737042ec593ed70c156b886bc326f097ad3
Merge: 114171322 12d93fe82
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 13:08:14 2026 +0800
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit 114171322fa61c8baa52867f196d29735accd822
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Tue Apr 28 13:08:12 2026 +0800
Add Add-CIPPTestResult as an allowed custom test command
commit e8f2431de4da320f6c935d5521c138ddb8b107ae
Merge: 8feb8eba0 12d93fe82
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Mon Apr 27 23:36:31 2026 +0000
Merge pull request #66 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 12d93fe825187cd2f8e08345282b2f3ad35bf7d8
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon Apr 27 16:47:49 2026 -0400
refactor: enhance IP validation and result handling in Invoke-ExecApiClient
Co-authored-by: Copilot <copilot@github.com>
commit 16d2ff437c9ea3dc2c13871b2f9501b60e3ec20d
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon Apr 27 14:44:06 2026 -0400
fix: correct path to version_latest.txt in version.json creation step
commit 25a06e35e3cb9525b3f454bbe19c9ace8be84db0
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon Apr 27 14:40:34 2026 -0400
fix: update restricted tables for superadmin backup restoration
commit 8feb8eba069fad2489b89c0c1356118bc481598e
Merge: 6052f9fde 9b24f330d
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Mon Apr 27 17:36:36 2026 +0000
Merge pull request #65 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 9b24f330d50d68e7461c3784a07f418092a15767
Author: John Duprey <jwd@johnwduprey.com>
Date: Mon Apr 27 13:25:45 2026 -0400
refactor: Vacation group filter url encoding
Co-authored-by: Copilot <copilot@github.com>
commit 307db51e954f2cf3580ecfbadeb1b7bc0139391d
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Mon Apr 27 18:21:31 2026 +0200
fix: handle case when no tenants found for MDE report
commit 6f4c32c5fb49722a702f36d50d9b23ec10e7abe8
Author: Bobby <31723128+kris6673@users.noreply.github.com>
Date: Mon Apr 27 18:14:28 2026 +0200
feat(mde-onboarding): cache full connector properties
Stores the entire MDE mobileThreatDefenseConnector object (heartbeat,
per-platform enable/MAM/block flags, MDE attach, iOS metadata flags) in
the reporting DB instead of only partnerState. Live HTTP endpoint mirrors
the same shape so cached and live responses are interchangeable. Failed
Graph calls still write a partnerState=unavailable row so AllTenants
reports retain the tenant.
commit e30eaa5239342dde05e479108f9f112270c61043
Author: Brian Simpson <50429915+bmsimp@users.noreply.github.com>
Date: Mon Apr 27 10:58:05 2026 -0500
fix: Update docs links that 404
commit c9ca4f0b439dc64a72a4ee8d7b2195a12ca8328a
Merge: 1e06116d3 e07e70b0e
Author: James Tarran <jtarran@techary.com>
Date: Mon Apr 27 07:48:04 2026 +0100
Merge branch 'KelvinTegelaar:master' into fix-add-support-for-group-assigned-admin-roles-to-disable-EXO-standard
commit f2cd1532b2df93d65e2c0861c37c9de3a2276741
Author: Chris Dewey <142454021+chris-dewey-1991@users.noreply.github.com>
Date: Sun Apr 26 18:39:25 2026 +0100
Creation of OME Encrypted Message Branding Standard
Added 10x configurable fields (background colour, logo URL, introduction text, read button text, email text, privacy statement URL, disclaimer text, portal text, OTP enabled, social ID sign-in) and a helpText link to the Microsoft Purview branding documentation.
Signed-off-by: Chris Dewey <142454021+chris-dewey-1991@users.noreply.github.com>
commit ef2fff0f59bb7bf93874dac7092963b73c96175f
Merge: 85e3a88ec e07e70b0e
Author: Chris Dewey <142454021+chris-dewey-1991@users.noreply.github.com>
Date: Sun Apr 26 18:36:23 2026 +0100
Merge branch 'KelvinTegelaar:master' into feat/-Configure-Encrypted-Message-Branding_OME
commit 6052f9fde6d45ebee26f7946ec51fc1c477f61ca
Merge: 4afc49074 85e3a88ec
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sun Apr 26 11:36:28 2026 +0000
Merge pull request #64 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 85e3a88ecbb87907c672ad8e576586fbfe973334
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 17:08:03 2026 +0800
Update Start-CIPPOrchestrator.ps1
commit 10012b4acc530bd63d1b16b1ae6a837b587e3b85
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 17:03:43 2026 +0800
more audit log error handling
commit 9ece8de78174463de8eca9bd12203b32bf7beabf
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 17:00:01 2026 +0800
harden orc start and audit log error message
commit 42e980b1240aecfb3f2f4509113c49b01d663d3c
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 16:09:43 2026 +0800
move more files to make root cleaner
commit 1249d1b84177c9eae8b51db2074c00355084b244
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 16:02:59 2026 +0800
more shuffles
commit 4afc49074964fca4dc5710e654eac0c6969268ed
Merge: b8b4d6e14 f796deab9
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat Apr 25 23:36:27 2026 +0000
Merge pull request #63 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit f796deab9f58eb518226e54bb170adc4495de9ca
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 03:14:13 2026 +0800
Token update locking
commit b8b4d6e14dc529930ab19e0f6ca4e2c772cedce0
Merge: dc0dc8353 07a3baede
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat Apr 25 17:36:28 2026 +0000
Merge pull request #62 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 07a3baede9947dc8eaf9c5c9d24beee87190618a
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sun Apr 26 00:58:10 2026 +0800
shuffle
commit dc0dc83531f9f593104d111457299c65d5d80700
Merge: 0bfc8c776 24fcd6ba7
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Sat Apr 25 05:36:28 2026 +0000
Merge pull request #61 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 24fcd6ba7c3e1ea7509a034a9731dac1b64cb9e0
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 22:02:40 2026 -0400
fix: Fallback to legacy REST when CIPP client missing
commit 0bfc8c7762c99408eb32bfbc85494dae2ec1bd61
Merge: f874ef329 40cb7fc0f
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri Apr 24 23:36:35 2026 +0000
Merge pull request #60 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit 40cb7fc0f5dac41801dc36c49606277441a137f1
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 19:12:03 2026 -0400
chore: Block Az Function app setting cmdlets
commit 870b94d12909b66297ed7b118db2da84558c8711
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 17:44:21 2026 -0400
fix: getversion api role
commit 821b92e880733335ac1a2d54ddb0dff6bb1ac596
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 17:40:25 2026 -0400
fix: base role permissions
commit 0ff7d1e62baa001e552f3f4a3a349b6aff758e3b
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 17:06:42 2026 -0400
Update Invoke-ExecTestRefresh.ps1
commit 956c732f240a644e6efb991bddbbceb574e0521c
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 16:59:42 2026 -0400
fix: save test result
commit 83cf867554dfc61a1237c7977522161ee80420c3
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 16:43:03 2026 -0400
fix: copilot license checks
commit 0e2f6015a99f2b30280ee20e8f502aeb9c8d90ef
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 16:22:12 2026 -0400
feat: Add Invoke-ExecTestRefresh HTTP entrypoint
Add a new HTTP entrypoint function Invoke-ExecTestRefresh which reads tenantFilter and testName from the request (query or body), constructs and invokes a corresponding test function (Invoke-CippTest{testName}) from the CIPPTests module, and returns HTTP responses. Includes debug logging of API access, returns 200 with a success message on invocation, 404 if the target test function is missing, and 400 on errors.
commit 66596cfc21e2526671303c58fa68fec5624b91d3
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 15:56:18 2026 -0400
fix: copilot license matching test
commit e07e70b0e06d07381c330819177f62fe868e0138
Merge: f77ffa635 c2195e420
Author: John Duprey <john@cyberdrain.com>
Date: Fri Apr 24 13:48:33 2026 -0400
dev to hotfix (#2018)
commit c2195e420cc8831b5c37a85e174f51c9c4bdbc25
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 13:44:36 2026 -0400
fix: dnshealth
commit f874ef329aa6e85b88ec3f20b3e39870fa2c4b41
Merge: e152f12e1 2a361a84d
Author: pull[bot] <39814207+pull[bot]@users.noreply.github.com>
Date: Fri Apr 24 17:36:39 2026 +0000
Merge pull request #58 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
commit f77ffa635ece34cbed9d507dc1dceba6af80588c
Merge: 61b43b955 2a361a84d
Author: John Duprey <john@cyberdrain.com>
Date: Fri Apr 24 13:05:44 2026 -0400
Dev to hotfix (#2017)
commit 2a361a84da88d287223e1ed0c81cc2196fe8282a
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sat Apr 25 01:01:05 2026 +0800
hotfix
commit b721e0e01e796a3c3a86d1411e56a78720827db6
Merge: e9017f605 07ae2168f
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sat Apr 25 00:58:24 2026 +0800
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
commit e9017f605b677d8bc0fc5b0d1439e04276f2b17a
Author: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Date: Sat Apr 25 00:58:11 2026 +0800
Fixes manual pagination
commit 07ae2168f6aec7c403f4c9943dbe86f2751fd1fe
Author: John Duprey <jwd@johnwduprey.com>
Date: Fri Apr 24 12:54:10 2026 -0400
fix: update workflow files to include modulebuilder
commit 61b43b955bd45c40af039deec41b43f2eae29ec4
Merge: 56d33cced f57e28613
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri Apr 24 17:13:25 2026 +0200
version latest (#2016)
commit 56d33ccedc5368bdc95323903e5e3dfe0edf64e1
Merge: 33d1b9902 20f94fc08
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri Apr 24 17:12:53 2026 +0200
Dev to release (#2015)
commit f57e28613a97d131a3f3d3ca140990e8eb9a0288
Author: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Date: Fri Apr 24 17:11:59 2026 +0200
version latest
commit 20f94fc084e63feb36e5929572e0d006d…
Signed-off-by: James Tarran <jtarran@techary.com>
Restore Invoke-AddCustomScript.ps1
## Summary
The ExternalMFATrusted standard configures `inboundTrust.isMfaAccepted`
on the cross-tenant access policy. Microsoft gates this advanced
cross-tenant setting behind **Azure AD Premium P1**, returning:
> Failed to set External MFA Trusted to enabled. Error: To add and
configure advanced settings, you'll need to link a subscription with
Azure AD Premium P1 to your tenant.
The standard had no license check, so it ran on every Exchange-licensed
tenant and surfaced this Error-level log entry on every standards run
for tenants without P1.
## Fix
Add the canonical `Test-CIPPStandardLicense` gate covering `AAD_PREMIUM`
and `AAD_PREMIUM_P2` capabilities, matching the pattern already used by
other P1-gated standards (Branding, ConditionalAccessTemplate,
CustomBannedPasswordList).
```powershell
$TestResult = Test-CIPPStandardLicense -StandardName 'ExternalMFATrusted' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
if ($TestResult -eq $false) {
return $true
}
```
Plus a `REQUIREDCAPABILITIES` block in the `.NOTES` comment so the
standards comment regenerator and tooling pick it up.
## Effect
On unlicensed tenants:
- Standards run logs Info ("Tenant does not have the required
capability...") instead of Error ("Failed to set External MFA
Trusted...")
- Drift page renders "Not Licensed" via the `LicenseAvailable=false`
flag set by `Test-CIPPStandardLicense`
- No spurious Microsoft API call attempting to write the advanced
setting
## Test plan
- [ ] Tenant **with** AAD P1/P2 — standard runs as before, configures
cross-tenant MFA trust, drift page reflects current vs expected
- [ ] Tenant **without** AAD P1 (e.g., Business Basic/Standard,
post-Business Premium downgrade) — standard short-circuits at the gate,
logs Info, drift page shows Not Licensed, no Error-level log
use correct forms settings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )