Open
Conversation
Refactored multiple standards modules to use a consistent reporting format with CurrentValue and ExpectedValue objects in Set-CIPPStandardsCompareField. This improves clarity and uniformity in reporting compliance states across all standards.
Refactored group assignment logic in Invoke-AddMSPApp.ps1 and Invoke-AddOfficeApp.ps1 to support custom group assignments. Enhanced Set-CIPPAssignedApplication.ps1 to fetch group IDs with additional query parameters and fixed variable usage in group matching.
Corrects the assignment of the $assignTo variable to use the value of CustomGroup when AssignTo is 'customGroup'. Also updates function definition to use lowercase 'function' for consistency.
Added validation to ensure tenantFilter is present in the request body when creating a user. Returns a BadRequest response if tenantFilter is missing to prevent incomplete user creation.
Fix: Update return message for license assignment
Fix: Enhance error handling for user creation tasks
Refactored the filtering logic for the CountsOnly path to support combined TenantFilter and Type conditions. Now uses a list to build filter expressions and selects only relevant properties for results.
Introduces a new function to generate mailbox permission reports from the CIPP Reporting database. Supports grouping results by mailbox or by user, and includes error handling and logging.
Replaces individual requests with Microsoft Graph bulk requests for fetching Intune policy types, assignments, and device statuses. Improves performance and efficiency by batching requests, adds support for expanded assignment and device status retrieval, and enhances error handling and logging. Includes device statuses as well.
Introduces Set-CIPPDBCacheMailboxUsage and Set-CIPPDBCacheOneDriveUsage functions to cache mailbox and OneDrive usage details for tenants. Updates Push-CIPPDBCacheData to invoke these new functions and handle errors accordingly.
Added Get-CippExtensionReportingData to retrieve extension sync data from the new CIPP Reporting DB, replacing legacy cache calls. Updated Invoke-HuduExtensionSync to use the new function and handle inline members for roles and groups, and changed device compliance policy status retrieval. Improved API key retrieval logic in Get-ExtensionAPIKey.
Added Secure Score and Secure Score Control Profiles to Get-CippExtensionReportingData. Updated Invoke-NinjaOneTenantSync to use the new reporting data, improved mapping of cached data, and refactored role and group member retrieval to use inline properties instead of separate cache entries. Also adjusted device compliance policy status retrieval to query directly from the database.
Removed legacy Sync-CippExtensionData scheduled tasks and deprecated related code, transitioning all extension data sync to use CippReportingDB and Push-CIPPDBCacheData. Updated filtering logic and cache retrieval in Invoke-CustomDataSync, and added CacheExtensionSync to table cleanup. These changes streamline extension data management and remove obsolete scheduled tasks.
Introduces Search-CIPPDbData.ps1, a function for searching JSON objects in the CIPP Reporting DB across multiple data types and tenants using regex or wildcard terms. Also updates Get-CIPPDbItem.ps1 to handle 'allTenants' filtering logic for improved search support.
The CaseSensitive parameter was removed and replaced with MatchAll, which requires all search terms to be found when specified. The default behavior now matches any term. Documentation and logic were updated accordingly.
Updated the filter in Add-CIPPScheduledTask to only disallow duplicate task names if existing tasks are not in 'Completed' or 'Failed' state. This allows new tasks with the same name if previous ones have finished or failed.
Added multi-strategy lookup for user mailbox type in Get-CIPPMailboxPermissionReport, returning 'UserMailboxType' in the report. Updated Invoke-ListmailboxPermissions to support UseReportDB and ByUser query parameters, enabling report-based retrieval without a specific user ID.
The Get-CIPPMailboxPermissionReport function now handles the 'AllTenants' filter, aggregating mailbox permission data across all tenants. Each result now includes a 'Tenant' property for better identification. This improves reporting capabilities for multi-tenant environments.
Adds logic to calculate and display the relative time until a newly scheduled task will run in Add-CIPPScheduledTask.ps1. Also refactors DisallowDuplicateName handling in Invoke-AddScheduledItem.ps1 to support both query and body sources.
Introduces $IsMultiTenantTask to distinguish multi-tenant tasks and updates logic to prevent marking such tasks as completed prematurely. Also refactors result storage conditions to use the new variable for clarity and correctness.
- Make tenantFilter required on ExecSendPush
Introduces new entrypoint functions for executing and storing mailbox permissions in batches. Updates Set-CIPPDBCacheMailboxes to orchestrate mailbox permission caching in batches of 10, improving scalability and reliability. Adds Push-ExecCIPPDBCache, Push-GetMailboxPermissionsBatch, Push-StoreMailboxPermissions, and Invoke-ExecCIPPDBCache to support the new workflow.
Replace repeated Where-Object scans with an accountEnabled user hashtable for O(1) lookups and iterate registration details directly to improve performance. Switch .Length to .Count where appropriate. Add a display limit (500) and truncate/summarize long user lists, showing phishable users first and then phish-resistant users up to the limit, with messages indicating omitted users. Add comments and minor formatting improvements to the generated markdown report.
Add the [AllowNull()] attribute to the InputObject parameter in Add-CIPPDbItem.ps1 so the function accepts $null values (from pipeline or explicit) in addition to existing [AllowEmptyCollection()]. This improves robustness when callers pass null input.
Remove SchedulerRateLimits.json and all rate-limit lookup logic from Start-UserTasksOrchestrator.ps1. Change batching strategy from command-based rate-limited groups to tenant-based groups so tasks are batched and queued per tenant. Performance and correctness improvements: cache Get-Command result to avoid repeated reflection calls, precompute whether a command supports TenantFilter, and clone TaskInfo objects to prevent shared reference mutation. Queue entries and orchestrator names are now tenant-scoped.
… minimize requests
Remove .value from $signins as this is done is new-GraphGetRequest already so $SignIns.value.value is null
Optimise getting users licences, making bulk graph requests making it much faster when updating more than 1 licence.
Accumulate nested group memberships into a typed List and use AddRange to correctly collect results from Graph queries. Rename loop variables to avoid shadowing ($RoleGroup / $ExpectedGroup) and update matching/log messages accordingly. Include nested groups in the returned Memberships so missing-group detection considers indirect membership; preserve AdminAgents as an error-level issue.
Fixes failing calls for license lookups by moving to a new endpoint
Refactor: guest invitation logic in Invoke-AddGuest
Licence management granular control and optimisations
Update Get-CIPPAlertSmtpAuthSuccess.ps1
…rviceLicenses Fix: Added reporting to Standard.DisableSelfServiceLicenses
…ervices-reporting Fix: Standard thirdPartyStorageRestricted reporting
Feat: New defender alerts alert and add configuration options for Defender incidents and vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please sponsor : )