[pull] dev from KelvinTegelaar:dev #68
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated the queue retrieval command to use Get-CIPPAzStorageQueue instead of Get-AzStorageQueue for consistency with custom module usage.
Introduces Set-CIPPDBCacheMailboxes to cache mailboxes, CAS mailboxes, and mailbox permissions for a specified tenant. Includes logging and error handling for the caching process.
Introduced Format-RowKey helper to remove disallowed characters from RowKey values, ensuring compatibility with Azure Table Storage. Also improved ItemId selection logic for better entity identification.
Introduces Exchange license capability detection and conditional cache collection for Exchange Online features. Refactors cache collection logic to use a switch on $Type, enabling targeted mailbox cache collection and improving modularity for future cache types.
The orchestrator now creates two cache collection tasks per tenant: one for general DB cache and one specifically for mailboxes. The total task count and queue entry logic have been updated to reflect this change.
Refactored Set-CIPPDBCacheGroups and Set-CIPPDBCacheRoles to use Microsoft Graph bulk requests for fetching group and role members, improving performance and efficiency. Updated logic to attach member data to each group and role object before caching.
Updated multiple Invoke-CIPPStandard* scripts to include CurrentValue and ExpectedValue objects when calling Set-CIPPStandardsCompareField. This enhances standards reporting by providing more detailed information about the current and expected configuration states for each standard.
Introduces new PowerShell functions for managing JIT Admin templates: add, edit, list, and remove operations. Adds support for JIT Admin settings, including a configurable maximum duration, and enforces this limit in JIT Admin execution. Enhances template uniqueness checks, default template handling, and audit logging.
Add JIT Admin template management and settings
Updated multiple standards scripts to use 'CurrentValue' and 'ExpectedValue' objects in Set-CIPPStandardsCompareField for improved reporting consistency. Also fixed minor formatting, error handling, and parameter validation issues across several scripts.
- Improve error handling for scheduled user creation. - Ensure detailed error messages are thrown for user creation failures.
Eliminated an unnecessary Write-LogMessage call when retrieving a specific template by TemplateId to reduce log verbosity.
Refactored the function to use Microsoft Graph bulk requests for retrieving app registrations and service principals, reducing redundant API calls and improving performance. Enhanced permission extraction logic to handle cases where app registration is inaccessible by building permissions from service principal grants and assignments. Improved translation of permission IDs to claim values using bulk-fetched service principal details.
Added logic to convert non-string $CurrentValue and $ExpectedValue to compressed JSON strings in Set-CIPPStandardsCompareField. This ensures consistent handling of complex objects during comparison.
Streamlines retrieval and processing of Exchange Connector templates by fetching all relevant templates at once and using them for remediation, alerting, and reporting. Improves efficiency and consistency in connector management, and enhances reporting and alerting logic for template deployment status.
Bump DNSHealth module to 1.1.2 and migrate MailProviders into the new version folder. Replace $PSScriptRoot usages with the module base ($MyInvocation.MyCommand.Module.ModuleBase) for MailProviders file access. Add DMARC-aware handling for SPF soft-fail (~all) in Read-SpfRecord (accept when DMARC p=reject at 100%, otherwise recommend -all). Remove Quad9 DNS-over-HTTPS resolver support from Resolve-DnsHttpsQuery and Set-DnsResolver. Update Microsoft365 MX pattern to include mail.eo.outlook.com. Rename and update Barracuda provider JSON (new name/links). Refresh PSGetModuleInfo metadata to reflect version, dates and file list.
Fix - Alert on SMTP AUTH usage with success, helps to phase out SMTP AUTH (Entra P1 Required) returns nothing
Replace abrupt 'exit 0' calls with return statements to avoid terminating the host/process and let callers handle early exits. Changes: New-CIPPAuditLogSearchResultsCache.ps1 (two exits -> return $false), Push-BPACollectData.ps1 (exit -> return), Push-CIPPStandard.ps1 (exit -> return), Push-AuditLogTenantDownload.ps1 (two exits -> return $false). Returns with $false are used where a failure signal is appropriate.
Fix: Enable and disable inboxrule not working
Improve audit log download and search orchestration and refactor GUID/user resolution for performance and reliability. Push-AuditLogTenantDownload: sort searches by start time, early-return when none ready, mark status updates and avoid returning unused download objects. Start-AuditLogSearchCreation: fix minor logging typo. Test-CIPPAuditLogRules: large refactor to precompile regexes, build O(1) hashtable lookups for users/groups/devices/service principals/partner users, validate and migrate cached lookup format (support legacy arrays and new hashtable JSON), cache hashtables to storage, and update Add-CIPPGuidMappings to use lookups—reducing O(n) scans and improving resiliency when cache is corrupted. Overall changes target performance, clearer logging, and safer cache handling.
Replace repeated Where-Object scans with an accountEnabled user hashtable for O(1) lookups and iterate registration details directly to improve performance. Switch .Length to .Count where appropriate. Add a display limit (500) and truncate/summarize long user lists, showing phishable users first and then phish-resistant users up to the limit, with messages indicating omitted users. Add comments and minor formatting improvements to the generated markdown report.
Add the [AllowNull()] attribute to the InputObject parameter in Add-CIPPDbItem.ps1 so the function accepts $null values (from pipeline or explicit) in addition to existing [AllowEmptyCollection()]. This improves robustness when callers pass null input.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )