[pull] master from KelvinTegelaar:master#21
Merged
pull[bot] merged 105 commits intoicecoldPHP:masterfrom Mar 9, 2026
Merged
Conversation
…d OOO support Implemented the full backend for the vacation mode feature covering mailbox permissions, calendar access, and out-of-office messages. - Added Invoke-ExecScheduleMailboxVacation for scheduling mailbox vacation mode - Added Set-CIPPMailboxPermission for unified mailbox permission management - Added Set-CIPPMailboxVacation to handle both mailbox and calendar permissions - Added -AutoResolveFolderName switch to dynamically resolve locale-independent calendar FolderId (avoids hardcoded 'Calendar' failing in non-English tenants) - Added Invoke-ExecScheduleOOOVacation for scheduling OOO messages via scheduler - Added Set-CIPPVacationOOO to manage OOO state with internal and external messages
Include TermInfo in the Licenses object returned by Get-CippExtensionReportingData (wraps TermInfo as an array). Update Invoke-NinjaOneTenantSync to stop aggregating $Subscriptions from ExtensionCache and instead use each $License.TermInfo when matching subscription info. This preserves per-license term details and removes the now-unused $Subscriptions extraction.
Expose SKU service plan details in reporting by adding a ServicePlans property to the objects returned by Get-CIPPLicenseOverview (uses $sku.servicePlans) and mapping a servicePlans field in Get-CippExtensionReportingData (uses $_.ServicePlans). This ensures service plan information is propagated into the extension reporting output.
Update Invoke-NinjaOneTenantSync to set cippLicenseID from $License.skuId instead of $License.id. This aligns the recorded license identifier with the API's SKU field when building the cippLicenseSummary/cippLicenseUsers payload.
Guard against null or empty $UserPolicies in Invoke-NinjaOneTenantSync.ps1 when formatting Conditional Access Policies. Build the <ul> list only if policies exist and use a 'No Conditional Access Policies Assigned' fallback message otherwise, avoiding empty HTML lists.
Introduce a new PowerShell entrypoint Invoke-ExecLicenseSearch that accepts a Request and TriggerMetadata. It validates Request.Body.skuIds, searches across tenants using Search-CIPPDbData for LicenseOverview records, deduplicates results by skuId, and returns unique skuId/displayName objects in an HttpResponseContext. Handles missing input (400) and runtime errors with logging and a 500 response. Contains annotations for functionality (Entrypoint,AnyTenant) and role (CIPP.Core.Read).
Determine allowed tenants via Test-CIPPAccess and compute a TenantFilter (specific tenant domains or 'allTenants'), pass that TenantFilter into Search-CIPPDbData for Users/Groups/default branches, and update Search-CIPPDbData's TenantFilter parameter to accept string[] so multiple tenants can be supplied. This restricts search results to the caller's permitted tenants.
Add support for BitLocker recovery keys: new Search-CIPPBitlockerKeys (search + enrich with Devices/ManagedDevices), Set-CIPPDBCacheBitlockerKeys (cache keys from Graph beta), and Invoke-ExecBitlockerSearch entrypoint to expose search via HTTP with tenant filtering and limits. Also register 'BitlockerKeys' in Push-CIPPDBCacheData and Search-CIPPDbData types so BitLocker data is included in caching and DB searches.
Replace references to UserPrincipalName with UPN when selecting mailbox properties and when passing Identity to Set-Mailbox. Updated three locations: NonCompliantMailboxes selection, Set-Mailbox Parameters (Identity), and the report Filtered selection. This ensures correct property access for mailbox objects that expose UPN.
Deduplicate technicalNotificationMails array to prevent duplicate entries when SecurityContact and TechContact resolve to the same email address.
Feat: Add JIT reason to alert messages (add/remove)
Allow callers to explicitly request no types by adding 'None' to the Types ValidateSet and handling it by setting $Types to an empty array. Maintains existing 'All' behavior (expands to Permissions, CalendarPermissions, Rules) and preserves default of 'All'. This enables callers to skip processing types when desired.
Extend Set-PwPushConfig to accept FullConfiguration parameter and configure CloudFlare Zero Trust Network Access headers when both PWPush CFEnabled and CFZTNA extension are enabled. Pass CF-Access-Client-Id and CF-Access-Client-Secret headers to PassPushPosh module's internal headers. Update Get-PwPushAccount and New-PwPushLink to pass full parsed configuration. Modify PassPushPosh module to include CF headers in API requests when
Extend the Graph API signIns filter to match both 'Authenticated SMTP' and 'SMTP' clientAppUsed values. This ensures successful SMTP authentication events (status/errorCode eq 0) are captured even when the clientAppUsed is reported as 'SMTP'. Updated the $uri in Get-CIPPAlertSmtpAuthSuccess.ps1 accordingly.
…and count restored rows
…ention and improved removal feedback
No extra graph calls needed, not tested with a large tenant, (about 200 mailbox permissions works fine)
Feat: GrantSendOnBehalfTo Permissions Cache
Backup Tweak :)
Feat: Incident Report and Attachment options
…ns alert Extends Get-CIPPAlertMFAAdmins with a second check for admins who have MFA registered but no enforcement gate (per-user, Security Defaults, or CA policy). Both checks now share a single MFA report snapshot to avoid mixed-staleness alerts. Adds IncludeDisabled input to optionally surface disabled admin accounts.
feat: Add MFA enforcement checks and IncludeDisabled option to MFAAdmins alert
Fix: fix null checks by moving casting to array to AddRange
…book fixed API name in Set-CIPPDefaultAPDeploymentProfile function
…nments functions; update Push-CIPPStandardsList and Invoke-CIPPStandardIntuneTemplate for assignment verification; adjust host.json for function concurrency limits
Dev to release
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )