Merged
Conversation
If the supplied range omits a CIDR prefix (e.g. "10.0.0.0"), default the prefix to the address-family max bits (32 for IPv4, 128 for IPv6). Move the $maxBits calculation before prefix parsing so the default can be applied, and remove the duplicate $maxBits assignment later in the function. This also ensures consistent mask computation for both IPv4 and IPv6.
Update Invoke-ExecCreateDefaultGroups.ps1 to adjust the $DefaultGroups JSON payload. The Business Premium group's DynamicRules were consolidated into a single object with a value array (now including GUIDs for license entries) and several redundant @type fields were simplified for more consistent JSON parsing when creating default tenant groups.
Add a Write-LogMessage call to Invoke-AddAlert to record alert additions (API='AddAlert') with message, severity Info, LogData and request headers for telemetry/troubleshooting. Also normalize the function keyword casing from 'Function' to 'function' for consistency.
Invoke server-side OData timestamp filtering and add a table cleanup rule for quarantine messages. - Invoke-ListMailQuarantine.ps1: replace client-side Where-Object Timestamp check with an OData filter that uses a UTC datetime string (yyyy-MM-ddTHH:mm:ssZ). This constructs the timestamp ($30MinutesAgo) via ToUniversalTime and embeds it in the Table query to avoid fetching then filtering locally. - Start-TableCleanup.ps1: add a CleanupRule entry for the cacheQuarantineMessages table to delete QuarantineMessage rows older than 1 day (uses an OData lt datetime filter). The rule requests up to 10000 rows and returns PartitionKey/RowKey/ETag for deletion. These changes move time-based filtering into the Azure Table query to reduce data transfer and add automated cleanup for quarantine messages.
Convert NotifyOutboundSpamRecipients array to comma-separated string to fix drift comparison and reporting issues
Refactor logic to avoid mutating original objects and improve logging.
Replace multiple per-call Graph requests with a single New-GraphBulkRequest to improve performance and reduce API calls. Adds a BulkInfoRequests list to fetch user ID (when missing), all groups, and the user's memberOf groups in one bulk call. Also switches from a GetMemberGroups POST to the memberOf/microsoft.graph.group GET result and adjusts downstream logic for mail-enabled, M365, licensed, and dynamic groups. This avoids returning transitive group memberships.
Normalize logging across the codebase by replacing Write-LogMessage calls using -Sev 'Warning' with -sev 'Warn' and standardizing the severity parameter name. Propagate Headers through the offboarding orchestration (Invoke-CIPPOffboardingJob, Push-CIPPOffboardingComplete and related task parameter objects), include headers in log calls and post-execution parameters, and attach error log data where applicable. Also restrict Get-Command lookup to the CIPPCore module in Push-CIPPOffboardingTask and apply minor whitespace/formatting fixes.
Introduce Invoke-ListDBCache PowerShell function as an HTTP entrypoint for listing DB cache entries. Validates required query params (tenantFilter and type), returns 400 BadRequest when tenantFilter is missing, and when type is missing returns 400 with an AvailableTypes list derived from Get-CIPPDbItem -CountsOnly. When tenant exists, issues a New-CIPPDbRequest for the given tenantFilter and type and returns results in a 200 OK HttpResponseContext.
Previously, $StateIsCorrect only checked a subset of policy fields, while
drift detection compared all fields. This caused perpetual drift reports
for states that remediation considered correct and would never act on.
Changes:
- Expanded $StateIsCorrect checks to include address array counts (.Count -eq 0) and rule state, fully matching drift detection fields
- Use Remove-ReportSubmissionRule to clear the rule
- Wrap Exchange address collection properties with @() in $CurrentValue to normalise the Exchange MultiValuedProperty type for consistent JSON serialisation
- Fix $ExpectedValue address fields: inline `if { @() }` returns $null (empty arrays write nothing to the pipeline); use @(if { ... }) outer wrapping instead to correctly produce an empty array
- Fix $ExpectedValue.RuleState condition to include $state -eq 'disable', preventing an incorrect State='Enabled' expectation when email is configured but the standard is set to disable
- Normalise RuleState.State to 'Disabled' and SentTo to $null in $CurrentValue when no submission rule exists
Add Invoke-CIPPStandardintuneDeviceRegLocalAdmins. Control whether users who register/enroll devices are granted local admin rights and whether Global Administrators are added as local admins.
Add DeviceRegLocalAdmins Standard
…viceLicenses Fixed Standard disable self service licenses handling and logging
User submissions fix
Fix drift comparison issue for NotifyOutboundSpamRecipients in StandardOutBoundSpamAlert
Fix in Invoke-ExecUpdateDriftDeviation.ps1: previously the 'remediate' and 'report' NoteProperties were being added to $StandardTemplate.standards.$Setting and $Settings was set to that nested object. This change adds the properties directly to $StandardTemplate and sets $Settings to $StandardTemplate, ensuring the correct object receives the flags and that downstream code receives the expected settings structure.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.