[pull] dev from KelvinTegelaar:dev#105
Open
pull[bot] wants to merge 486 commits into
Open
Conversation
[pull] dev from KelvinTegelaar:dev
Add grantMobileThreatDefensePartnerRole to the Mobile Threat Defense connector payload in both the deployment handler and the DefenderCompliancePolicy standard, so the new Intune option is deployable and enforceable. Fix the crossed iOS connector mappings: AppSync now drives allowPartnerToCollectIOSApplicationMetadata and ConnectIosCompliance drives iosMobileApplicationManagementEnabled (MAM), and add the personal app-inventory property. This corrects the property each toggle controls, so existing iOS configs change behaviour. Sync Config/standards.json.
Introduce the grantMobileThreatDefensePartnerRole to the Mobile Threat Defense connector payload, ensuring it is deployable and enforceable. Correct iOS connector mappings to align with intended functionality. It was mapped to the wrong property. Frontend PR: KelvinTegelaar/CIPP#6231
[pull] dev from KelvinTegelaar:dev
Add severity and resolvingComment to the incident PATCH so users can reprioritise and document why an incident was resolved. Build the body as a hashtable/JSON so free-text comments with quotes are escaped, and gate assignee changes behind an explicit AssignToSelf flag so status and severity and status edits no longer clobber the existing owner.
[pull] dev from KelvinTegelaar:dev
The SetAuthMethod endpoint only toggled state and group targeting, so method-specific options (TAP lifetimes/usable-once, Authenticator feature settings, Email OTP external/exclude, QR code, FIDO2 attestation and self-service, Voice office phone, SMS sign-in) could not be managed from the portal. Forward those settings through the handler, honor them in Set-CIPPAuthenticationPolicy, treat an explicit empty Email exclude list as a clear, and add Pester coverage.
This reverts commit 67856c4.
This reverts commit e6c0c93.
[pull] dev from KelvinTegelaar:dev
[pull] dev from KelvinTegelaar:dev
…rting correctly. (#2105) Updated "Get-CIPPStadnards.ps1" to resolve Custom Quarantine Policy not reporting correctly and always showing as non compliant due to Expected and Current not returning information. Fix now reports Expected and Current resulting in Compliant if complete and non-compliants if missing.
Signed-off-by: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com>
Add SAMCertProvisionAttempted guard to break recursion when Update-CIPPSAMCertificate calls Get-GraphToken, which re-enters Get-CIPPAuthentication before the cert env var is set. Also short-circuit Key Vault retry loop on 404 responses since the secret is definitively absent and retrying with backoff only adds latency.
Parse app template config JSON with `-AsHashtable` before converting it back to a PSCustomObject so templates can carry both `applicationName` and `ApplicationName` without losing data. This avoids deployment issues caused by PowerShell's default case-insensitive JSON object handling.
Replace `Compare-Object` checks with sorted string equality for Teams federation allowed/blocked domain matching. This prevents parameter binding failures when one side is an empty array while preserving exact list-match behavior.
- Replace silent Write-Information bulk error messages with structured Write-LogMessage calls including normalized error details and batch counts - Handle duplicate document templates gracefully by selecting the oldest instead of throwing - Clear stale user/update cache entries from Azure Table Storage at sync start rather than reusing potentially stale data - Remove debug Write-Host from document template creation
Update role permission filtering to compare normalized permission bases instead of exact strings. The code now strips `.Read`/`.ReadWrite` suffixes and uses a case-insensitive hash set of valid permissions, preventing legitimate role permissions from being incorrectly filtered out when access level suffixes differ.
Update NinjaOne tenant sync to resolve the SharePoint Admin URL via `Get-SharePointAdminLink` and gracefully fall back to a tenant-derived `https://<tenant>-admin.sharepoint.com` URL if lookup fails. The SharePoint management link now uses the resolved admin URL instead of the partner session redirect, improving reliability for tenant link mapping.
Update the NinjaOne tenant sync CVE upload path to call `New-VulnCsvBytes` with only the supported parameters. This aligns the invocation with the helper signature and avoids passing an unused `TenantFilter` argument during vulnerability CSV generation.
Added the `i` flag to the Conventional Commits regex so PR titles with uppercase type prefixes (e.g., `Fix:`, `FEAT:`) are also accepted.
Include Intune managed app protection policies in the policy listing endpoint and map them to the compare endpoint. The list output now classifies iOS, Android, and Windows app protection policies so they appear with clearer policy type names.
Tightens app role existence checks in `Add-CIPPApplicationPermission` to match both `appRoleId` and `resourceId` instead of only role ID. This prevents skipping valid role assignments when the same role ID appears across different service principals.
When AppCache.ApplicationId differs from the Key Vault-backed ApplicationID, Get-GraphToken now reloads auth and updates the AppCache marker to the KV value. This prevents repeated auth reloads on every token request when AppCache and KV are out of sync.
Expand the NudgeMFA standard to support: - Multiple authentication methods (Authenticator, Passkey) - Group-level include/exclude targeting with group name resolution - Snooze enforcement limits (max 3 snoozes) Adds Set-CIPPRegistrationCampaign helper function as a single writer for the campaign, shared by the new ExecRegistrationCampaign HTTP endpoint and the enhanced NudgeMFA standard. The standard now supports both portal-configured and template-specified group targeting, with full compliance comparison.
Expand the NudgeMFA standard to support: - Multiple authentication methods (Authenticator, Passkey) - Group-level include/exclude targeting with group name resolution - Snooze enforcement limits (max 3 snoozes) Adds Set-CIPPRegistrationCampaign helper function as a single writer for the campaign, shared by the new ExecRegistrationCampaign HTTP endpoint and the enhanced NudgeMFA standard. The standard now supports both portal-configured and template-specified group targeting, with full compliance comparison. Backwards compatible with any current configuration
Update the default assignment mode to 'append' for a less destructive default. Frontend PR: KelvinTegelaar/CIPP#6342
Convert `AgeLimitForRetention` from `TimeSpan.TotalDays` to an integer before state comparison in `Invoke-CIPPStandardRetentionPolicyTag`. This avoids decimal day values causing false drift detection when validating retention policy tag settings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )