[pull] dev from KelvinTegelaar:dev#85
Open
pull[bot] wants to merge 267 commits intoisgq-github01:devfrom
Open
Conversation
fix: Fix named location creation in New-CIPPCAPolicy
Update Invoke-AddUser.ps1
feat: Add Invoke-ExecSyncDEP function for DEP sync
feat: Add assignment filter handling in Invoke-AddPolicy
Possibly fixes KelvinTegelaar/CIPP#5338 Sort licenses by License name by default ADD WORD
Order Get-QuarantineMessage results by ReceivedTime and replace Write-AlertMessage with Write-LogMessage (API='Alerts', sev=Error) in the catch block. This makes quarantine release requests deterministic by received time and routes errors to the centralized logging API.
Replace Write-AlertMessage calls with Write-LogMessage across multiple Get-CIPPAlert*.ps1 cmdlets. Adds consistent -API 'Alerts' context and appropriate -sev (Error/Warning) values; preserves additional log data where present (e.g. -LogData). This centralizes and standardizes error logging for alert modules and cleans up some ad-hoc Write-Information usage.
Avoid per-assignment GETs (which caused rate limiting) by fetching role assignments without expanding principal, building a bulk GET request for each principalId, and calling New-GraphBulkRequest to retrieve id, UserPrincipalName, and lastPasswordChangeDateTime for users. Filter results for password changes within the last 24 hours, sort by UserPrincipalName to prevent duplicate alerts, and fall back to an empty array when there are no user requests. Trace and error logging behavior is preserved.
Introduce calendar/mailbox permission cache syncing and related utilities; keep reporting DB in sync when permissions are changed. - Add Sync-CIPPMailboxPermissionCache and Sync-CIPPCalendarPermissionCache to update cached MailboxPermissions/CalendarPermissions entries on Add/Remove. - Add Remove-CIPPCalendarPermissions helper to remove calendar permissions (supports cache-driven bulk removal and per-calendar removal). - Update Remove-CIPPMailboxPermissions to support -UseCache (bulk removal via cached report), and to call Sync-CIPPMailboxPermissionCache after permission changes; improved logging when permissions already absent. - Update Set-CIPPCalendarPermission and Invoke-ExecEditMailboxPermissions to call the cache sync functions after add/remove operations. - Enhance Add-CIPPDbItem with a new -Append switch to add items without clearing existing entries and to optionally increment stored counts when used with -AddCount. - Minor report/log tweaks: include FolderName in Get-CIPPCalendarPermissionReport output and reduce Get-CIPPMailboxPermissionReport startup log severity to Debug. - Simplify offboarding flow to remove mailbox/calendar permissions via the new cache-aware functions. These changes ensure permission changes performed by CIPP are reflected in the cached reporting DB and allow incremental appends for reporting data.
Replace live Graph API domain queries with cached DB reads in Push-DomainAnalyserTenant: use Get-Tenants -TenantFilter, fetch domains via New-CIPPDbRequest, log and return when no cached data, and filter/clean domains as before. Also update CIPPTimers.json for Start-DomainOrchestrator to run at 03:30 daily and increase its priority from 10 to 22. These changes reduce Graph API calls, rely on cached data for domain analysis, and shift/or reprioritize the orchestrator run time.
feat: Update Licensed User Report to Sort Users and Groups Alphabetically
Feat: Add assignment filter support to application assignment
Feat: New Standard: Restrict User Device Registration
Refactor technicalNotificationMails handling
Fix: Clarify rerun detection log message type
Could cause issues if out of sync with users taking actions in the entra portal and the cippdb not being updated with changes in time
…uledItems function
Standard setting stale data
PW Pusher Integration improvements fixes #5511
Fix: AddDKIM standard failing if only 1 domain needs DKIM
feat: Add vacation mode feature with mailbox scheduling and calendar permissions
chore: Refactor logging to standardize header usage
…and count restored rows
…ention and improved removal feedback
No extra graph calls needed, not tested with a large tenant, (about 200 mailbox permissions works fine)
Feat: GrantSendOnBehalfTo Permissions Cache
Backup Tweak :)
Feat: Incident Report and Attachment options
…ns alert Extends Get-CIPPAlertMFAAdmins with a second check for admins who have MFA registered but no enforcement gate (per-user, Security Defaults, or CA policy). Both checks now share a single MFA report snapshot to avoid mixed-staleness alerts. Adds IncludeDisabled input to optionally surface disabled admin accounts.
feat: Add MFA enforcement checks and IncludeDisabled option to MFAAdmins alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )