[pull] dev from KelvinTegelaar:dev#6
Open
pull[bot] wants to merge 9644 commits intoicantspellpotatoe:devfrom
Open
[pull] dev from KelvinTegelaar:dev#6pull[bot] wants to merge 9644 commits intoicantspellpotatoe:devfrom
pull[bot] wants to merge 9644 commits intoicantspellpotatoe:devfrom
Conversation
Replace array coercion and debug output with a strongly-typed System.Collections.Generic.List[object] that is populated via foreach and assigned to PostExecParams['Results']. This removes the Write-Information debug line and ensures a consistent generic list type is passed to downstream consumers, avoiding array-coercion/serialization issues. (Change in Modules/CippEntrypoints/CippEntrypoints.psm1)
Feat: MFA alert data enrichment
fix(reusable-settings): casing, filtering, and RAWJson handling
fix: Ensure TermInfo is an array for frontend display
[pull] dev from KelvinTegelaar:dev
remove return $true and exit early if no domain analyser data
[pull] dev from KelvinTegelaar:dev
Add post-execution aggregation for scheduled tasks. Introduces a new Push-ScheduledTaskPostExecution function that aggregates multi-tenant results, updates the parent task state, and handles recurrence scheduling. Update Push-ExecScheduledCommand to detect multi-tenant executions, skip parent task state updates for tenant-specific runs, add one-time rerun protection, and avoid updating parent state for orchestrator-based commands when running per-tenant. Modify Start-UserTasksOrchestrator to use ETag optimistic concurrency to avoid races, split single-tenant and multi-tenant processing, start per-tenant orchestrators for single-tenant groups, and start per-parent orchestrators for multi-tenant tasks with a PostExecution payload. Also include improved logging and error handling around orchestrator starts and table updates.
Configure if users can entra join devices
Fix IpAddress variable and add authentication flow support in Invoke-ExecCaCheck
Add Start-CIPPOrchestrator to centralize orchestration queuing/storage and avoid large payload limits, plus Add-CippQueueMessage helper for queueing. Migrate many HTTP entrypoints and orchestrator helpers to call Start-CIPPOrchestrator / Start-*-Orchestrator wrappers instead of Start-NewOrchestration and remove direct processor-queue table writes. Other refinements: more robust JSON deserialization in Invoke-ListMFAUsers, simplify Invoke-ExecAppUpload to call Start-ApplicationOrchestrator directly, fix Push-ListBasicAuthAllTenants to fetch tenant data, and small logging/cleanup improvements. This consolidates queueing logic and offload behavior across the module.
Expose a queue output on the HTTP trigger and add a new queue-triggered function for cippqueue. CIPPHttpTrigger/function.json now includes an output binding (name: QueueItem, queueName: cippqueue). A new CippQueueTrigger/function.json defines a queueTrigger (QueueItem) with entryPoint Receive-CippQueueTrigger in Modules/CippEntrypoints/CippEntrypoints.psm1 and includes a durableClient binding (starter). This wires the HTTP path to enqueue messages and a dedicated function to process them.
Feat: Add assignment filter support to application assignment
Feat: New Standard: Restrict User Device Registration
Refactor technicalNotificationMails handling
…n as it's no longer possible (#1931) Sad lives behind the admin.cloud.microsoft endpoint which is not playing ball UI: KelvinTegelaar/CIPP#5664
Add a Graph lookup for the mail contact (New-GraphGetRequest) to read AD properties (givenName/surname/displayName) instead of relying solely on Exchange objects. Remove the prior prebuilt ContactData, build New-MailContact params inline, and add a remediation branch to call Set-Contact when Graph properties differ from expected settings. Adjust reporting to use the Graph-derived current values and the rebuilt contact data, and keep existing logging and error handling.
Fix Set-CIPPMailboxRule passing both Identity and Mailbox to $state-InboxRule
[$TermData is not returned by Get-CIPPLicenseOverview, adapting code to get data from $_.TermInfo](#1932)
…ad function triggers
Fix some backticks
Update the links in the GDAP relationship checks to direct users to the recommended roles installation page for better guidance.
The previous implementation batched all MFA method deletions into a single Graph bulk request, which introduced two problems: 1. Duplicate method types (e.g. two phone numbers) could collide within the same batch, causing one of the requests to fail silently. 2. The success/failure check only inspected a single status code from the bulk response. If one method was removed but another failed, the function logged full success — leaving the user's MFA partially intact despite the log stating otherwise. Switching to a sequential foreach loop eliminates the collision window and tracks successes and failures independently, so partial failures are reported accurately.
- Improved condition handling in Test-DeltaQueryConditions to sanitize inputs and prevent invalid conditions from being processed. - Added validation for dynamic rules in Invoke-ExecTenantGroup to prevent code injection by restricting allowed operators and properties. - Implemented error handling and validation for conditions in Invoke-AddAlert, ensuring only safe operators and properties are processed. - Updated New-CIPPAlertTemplate to include a CustomSubject parameter for more flexible alert titles. - Refactored Update-CIPPDynamicTenantGroups to utilize a safer evaluation method for dynamic group rules, ensuring only valid conditions are processed. - Enhanced webhook processing in Invoke-CIPPWebhookProcessing to include custom subjects from webhook rules for better context in alerts.
Added CIPP variable replacement to custom app powershell script block
…it log search creation
This reverts commit 121a2cb.
Replace bulk deletion of MFA methods with individual requests to improve error handling and avoid silent failures. Tested with removing 2 software OTP, 1 TAP, 1 QR and 1 SMS method at the same time successfully.
- Implements KelvinTegelaar/CIPP#5552 - Add `Invoke-ListMDEOnboarding` endpoint to check MDE connector status via Graph API - Add `Set-CIPPDBCacheMDEOnboarding` and `Get-CIPPMDEOnboardingReport` for ReportDB caching - Add `MDEOnboarding` to Intune cache collection for automatic updates
Added CIPP variable replacement to custom app powershell script block
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )