[pull] dev from KelvinTegelaar:dev#93
Open
pull[bot] wants to merge 115 commits intoisgq-github01:devfrom
Open
Conversation
…itations, cancel meetings) Add support for Exchange cloud-only Set-MailboxAutoReplyConfiguration parameters: CreateOOFEvent, OOFEventSubject, AutoDeclineFutureRequestsWhenOOF, DeclineEventsForScheduledOOF, DeclineAllEventsForScheduledOOF, and DeclineMeetingMessage. These are plumbed through all 3 OOO entry points: - Set-CIPPOutOfOffice: 6 new [bool]/[string] params with PSBoundParameters guards - Get-CIPPOutOfOffice: returns new fields + fixes null-safe StartTime/EndTime - Invoke-ExecSetOoO: extracts calendar params from request body (Scheduled only) - Set-CIPPVacationOOO: accepts StartTime/EndTime + calendar params; uses Scheduled state when dates are provided for Exchange calendar option support - Invoke-ExecScheduleOOOVacation: converts epoch to datetime for Scheduled mode, conditionally attaches calendar params to the Add task All changes are backwards compatible — callers that omit the new parameters get identical behavior via $PSBoundParameters.ContainsKey() guards.
The previous implementation batched all MFA method deletions into a single Graph bulk request, which introduced two problems: 1. Duplicate method types (e.g. two phone numbers) could collide within the same batch, causing one of the requests to fail silently. 2. The success/failure check only inspected a single status code from the bulk response. If one method was removed but another failed, the function logged full success — leaving the user's MFA partially intact despite the log stating otherwise. Switching to a sequential foreach loop eliminates the collision window and tracks successes and failures independently, so partial failures are reported accurately.
- Improved condition handling in Test-DeltaQueryConditions to sanitize inputs and prevent invalid conditions from being processed. - Added validation for dynamic rules in Invoke-ExecTenantGroup to prevent code injection by restricting allowed operators and properties. - Implemented error handling and validation for conditions in Invoke-AddAlert, ensuring only safe operators and properties are processed. - Updated New-CIPPAlertTemplate to include a CustomSubject parameter for more flexible alert titles. - Refactored Update-CIPPDynamicTenantGroups to utilize a safer evaluation method for dynamic group rules, ensuring only valid conditions are processed. - Enhanced webhook processing in Invoke-CIPPWebhookProcessing to include custom subjects from webhook rules for better context in alerts.
Added CIPP variable replacement to custom app powershell script block
…it log search creation
This reverts commit 121a2cb.
- Introduced a new function to compare Intune policies from two sources. feat: Add support for community repo sources in policy comparison
Replace bulk deletion of MFA methods with individual requests to improve error handling and avoid silent failures. Tested with removing 2 software OTP, 1 TAP, 1 QR and 1 SMS method at the same time successfully.
- Implements KelvinTegelaar/CIPP#5552 - Add `Invoke-ListMDEOnboarding` endpoint to check MDE connector status via Graph API - Add `Set-CIPPDBCacheMDEOnboarding` and `Get-CIPPMDEOnboardingReport` for ReportDB caching - Add `MDEOnboarding` to Intune cache collection for automatic updates
Added CIPP variable replacement to custom app powershell script block
This change hardens CIPP API client setup against transient Entra/Graph replication timing issues. During app registration creation, Graph can briefly fail service principal creation with “resource does not exist or queried reference-property objects are not present” even though the app was just created.
Addresses dual write issue in #1707
Add support for scheduling and executing custom PowerShell scripts as individual CIPP tests. Push-CIPPTestsList now excludes the aggregate 'CustomScripts' entry and enumerates latest enabled versions of CustomPowershellScripts, adding tasks named CustomScript-<ScriptGuid> for each enabled latest version. Push-CIPPTest handles TestId matching CustomScript-* by invoking Invoke-CippTestCustomScripts and returning a testRun result. Invoke-CippTestCustomScripts gained a ScriptGuid parameter and now filters table lookups by ScriptGuid, ensures only the latest enabled version runs, and logs when no matching latest script is found. Also update Invoke-ExecCustomScript role from CIPP.CustomScript.Execute to CIPP.CustomScript.ReadWrite.
Ignore proxyman.pem in repo and add optional Proxyman CA handling: Dockerfile will, if proxyman.pem is present in the build context, install ca-certificates, copy the PEM to /usr/local/share/ca-certificates/proxyman.crt and run update-ca-certificates. profile.ps1 now checks for proxyman.pem in the script folder and verifies whether the certificate is trusted, emitting informational or warning messages. These changes enable optional local dev HTTPS inspection without affecting builds that don’t include the certificate.
Introduce Microsoft 365 Copilot readiness tests and supporting cache items. Adds six identity tests (CopilotReady001-006) and report.json under Tests/CopilotReadiness, new caching functions for OfficeActivations, EmailActivity, and TeamsUserActivity, and registers these types in CIPPDBCacheTypes.json and Invoke-CIPPDBCacheCollection. Update Add-CIPPDbItem to use userPrincipalName as an ID fallback (and generate a GUID if missing). Make Invoke-CIPPDBTestsRun accept a -Force switch (and clear rerun protection) and rename Push-CIPPTestsRun to Push-CIPPDBTestsRun to call tests with -Force. Also update New-ExoRequest: bump ExO module version, normalize Anchor variable usage, and improve request/response logging. Add additional error logging in CippEntrypoints for activity function failures.
… activation and mapping groups
Add Copilot and Purview cache types, collectors, and many Copilot readiness tests. Changes include: - Added new cache types to CIPPDBCacheTypes.json: SensitivityLabels, DlpCompliancePolicies, CopilotUsageUserDetail, CopilotUserCountSummary, CopilotUserCountTrend. - Push-CIPPDBCacheData: add Compliance license check, always enqueue CopilotUsage task, and conditionally enqueue a Compliance grouped task. - Invoke-CIPPDBCacheCollection: add 'Compliance' and 'CopilotUsage' collection types and map them to new cache types. - New Set-CIPPDBCache* functions: Set-CIPPDBCacheCopilotUsageUserDetail, Set-CIPPDBCacheCopilotUserCountSummary, Set-CIPPDBCacheCopilotUserCountTrend, Set-CIPPDBCacheDlpCompliancePolicies, Set-CIPPDBCacheSensitivityLabels to perform Graph/EXO requests and cache results. - Add a large set of Copilot readiness tests and Markdown docs (multiple Invoke-CippTestCopilotReady00X.ps1 and corresponding .md files). Tests 001 and 002 updated to evaluate licenses using service plan fields and unified license fields/counts.
… status to 'Informational'
Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
Add support for scheduling and executing custom PowerShell scripts as individual CIPP tests. Push-CIPPTestsList now excludes the aggregate 'CustomScripts' entry and enumerates latest enabled versions of CustomPowershellScripts, adding tasks named CustomScript-<ScriptGuid> for each enabled latest version. Push-CIPPTest handles TestId matching CustomScript-* by invoking Invoke-CippTestCustomScripts and returning a testRun result. Invoke-CippTestCustomScripts gained a ScriptGuid parameter and now filters table lookups by ScriptGuid, ensures only the latest enabled version runs, and logs when no matching latest script is found. Also update Invoke-ExecCustomScript role from CIPP.CustomScript.Execute to CIPP.CustomScript.ReadWrite. enable/disable actions
Divide tests into groups per test suite collection Custom tests executed separately as it's own collection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )