Skip to content

Releases: KelvinTegelaar/CIPP

v8.3.0 - Tokyo Drift

01 Aug 19:12
@KelvinTegelaar KelvinTegelaar
v8.3.0
37a8d1f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.3.0 - Tokyo Drift Latest
Latest

Let me just drift around this corner

Hey CIPP Family, are you ready to get a little bit faster with deploying your standards at your clients, making them less furious? This release is one for you. After our latest tenant alignment updates our Discord started revving with excitement.

This version is called the Tokyo Drift, because that's what you asked for; better drift management that we can extend on in the future. And of course we delivered on this feature, because that's what family does. (These Fast & Furious puns are even annoying me, no worries)

Vroom Vroom, Drift management is here

So CIPP has always had its standards - Standards allow you to deploy your preferred settings to a tenant easily and create a baseline, but some of you wanted a bit more; you want to be alerted on every detail that is outside of your preferred configuration and have the ability to restore the config you want, or you want to remove the policies that have been added on accident. That's now possible with the new drift management.

Enabling a Drift Template allows you to receive emails or webhooks that you can setup per template, and you can approve, accept as a customer deviation, or deny easily using the management portal.

Now let me explain that a little more; when you setup a Drift Template, we start monitoring the environment if everything that you put in that Template has been deployed and is in the state that you want it. During setup of the template you have a choice; do you want to auto remediate this issue, or not.

If you select not to remediate, it'll generate a deviation error and let you know. It'll just report. You then have the choice to set it up correctly with a one-off job, until it deviates again.

I hear you I hear you. "How do I explore this? how do I play with it?!" well, the documentation has been updated, but even cooler, try our new demos!

Creating a Drift Template

Managing a Drift Template

Audit Logging has been pimped

So the biggest issue with Microsoft's audit logs is the many formats they use; Exchange logging puts usernames in weird places or adds underscores, an Entra audit log can have the users GUID, username, or primary email address as the username, but all in slightly different situation

So, we improved that, we now enrich the data in the audit logs with "CIPP" versions of them, for example "CIPPUsername" is 100% guaranteed to actually be the username, and not a random signifier. We didn't stop there. Why do that when you can expand what you have available. We added the ability to not just create audit log searches, but you can zoom in on each log entry, getting all the CIPP enhanced interace. No more messing with CSV or JSON files from the audit api.

Also, we made sure that for the log entries we also pull in the correct users when they come from your partner tenant. No more User_longguid, but immediately seeing edits made.

Of course we made a demo for you, check that one out here.

Want to see on how you setup alerting? Check that one out over here.

Making History

Another cool feature that we've built is tracking the history for tenants. We've always had the logbook, but those are a little hard to read, so we improved the filtering, and now generate a timeline of every single event CIPP had on a tenant inside of the standards management. That easily allows you to see what change was made and when.

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ https://augmentt.com/ and newly added Domotz and Guardz!

What's Changed

What's changed in CIPP-API:

New Contributors

Full Changelog: v8.2.0...v8.3.0

Contributors

OfficialEsco, dszp, and 5 other contributors
Assets 2
Loading

v8.2.0 - The Little Dirty Paloma

14 Jul 16:11
@KelvinTegelaar KelvinTegelaar
v8.2.0
a674097
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.2.0 - The Little Dirty Paloma

Are we aligned?

You know that someone recently analyzed all the CIPP release notes in AI and tried to figure out my personality based on that? It said "Kelvin truly enjoys the release days". The AI wasn't wrong. I do! I like it so much because I'm able to bring almost 9000 MSPs exactly what they ask for each time they speak to us in our community, I get excited about that because it means that we publicly get to encourage more input, and each feature request you make is one that brings CIPP closer to being the perfect piece of software for any MSP.

This version is called the Little Dirty Paloma, mostly because this release is a little dirty, mixed with all sorts of good ingredients, but lets first take a moment to celebrate a new milestone: CyberDrain has received yet another sponsor!

Please go say hi to Guardz! Guardz is our newest logo sponsor so you'll see them in the app, They specialize in building a Unified Cybersecurity Platform that puts you in control!

Where we're going, we don't need no native portals!

You know what's really annoying, you're building a perfect policy, and you're almost done, but you already created a template. The only problem is there is one small typo, or you want to replace an item with a variable. This means logging back into the portal, or editing complex JSON, both jobs most people really don't like doing.

So, we fixed that. We're introducing the ability to edit Conditional Access Policies and Intune Policies without ever leaving CIPP. Need to change a setting that's a dropdown in M365? We got you boo. We're delivering the exact experience you're used to in the portal, but instead you can just use CIPP. Want an example? Let's edit a policy together real quick. We'll replace a staticly set number in an Intune Policy, to one that uses the CIPP variables engine.

screen01.mp4

God I hate deploying these unique little app registrations

That complaint was made by one of the users in our Discord. Of course we could not let him hanging! We hate it when people are doing stuff by hand, so lets make sure that no longer happens: Introducing App Templates with Gallery support. You can now add any application from the gallery, or an app manifest to easily deploy the app using CIPP:

image

The big one: More tenant alignment updates

We've had some questions about drift monitoring. CIPP can easily handle drift monitoring by setting up your standards and setting the ones you'd like to monitor to "Alert", however there's a lot more than that. Our Tenant Reports are pretty loved, but sometimes you just want an overview over all your tenants in one go.

The issue with that? Licenses. Like secure score, it becomes hard to see what is actually allowed to drift and what is not based on your license model. Did we fix that? We sure did. The new tenant alignment report page shows you a quick overview for all your tenants and how they align with your set standards.

Cool thing about this page? you immediately see what your score would be if you had all licenses available. We've added these same filters to the reports.

image image

QoL? Hell yeah.

  • Standards now automatically report when remediating too, so you always have the latest status
  • The Microsoft license database has been updated
  • The Rich Text Editor no longer loses focus unexpectedly.
  • Actions in the users menu have been consolidated, allowing a cleaner menu
  • We fixed some bugs with CIPP heater mode.
  • New standards have been added for custom banned password lists, and more
  • edit Script is fixed for Intune scripts.
  • The BEC page has had a backend makeover.

There's more improvements, but the best way to check it out is https://standards.cipp.app - A website that dynamically updates based on what standards we make available.

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ https://augmentt.com/ and newly added Domotz!

What's Changed

  • Feat: Add advanced filtering, sorting, and UI enhancements to standards dialog by @kris6673 in #4322
  • Fixed dublicate JSON key in standards.json by @JNRavnIT in #4334
  • FIX: Edit contact fix by @Zacgoose in #4329
  • Feat: Add Autopilot Deployments report by @kris6673 in #4325
  • Fix Add/Edit contacts and the automap setting for mailbox permissions by @Zacgoose in #4352
  • Fix: Corrected Typo in Offboarding Wizard by @zenops-aa in #4357
  • Fixed Mailbox Rule offCanvas erroring when attempting to open by @Jr7468 in #4351
  • Fixed another duplicate Tag key in Standards.json by @JNRavnIT in #4354
  • Fix: Remove "Default" from mailbox permissions dropdown by @kris6673 in #4348
  • Fix for BEC page with undefined index problem by @Zacgoose in #4371
  • Dev to hotfix by @JohnDuprey in #4373
  • Fix: Fix broken filters and enhance UI components by @kris6673 in #4374
  • Remove last of grid and unstable grid 2 imports by @Zacgoose in #4372
  • Feat: Avaliable license count in manage license user action by @kris6673 in #4367
  • View options for Standard templates by @Jr7468 in #4349
  • Feat: Enhance group editing and add hide/show M365 group in outlook by @kris6673 in #4347
  • Added Clear Immutable ID to preferences page by @BNWEIN in #4346
  • Feat: Add functionality for managing room lists by @kris6673 in #4336
  • Added a Dialog box to show applied standards by @Jr7468 in #4350
  • HOTFIX: Another index on BEC page not defined by @Zacgoose in #4376
  • Fix: Script Edit not working by @ngms-psh in #4375
  • Feat: Add Custom Banned Password List standard by @kris6673 in #4377
  • Feat: Add new standard for SharePoint default sharing link configuration and deprecate SPDirectSharing by @kris6673 in #4368
  • Feat: Add defender exclusions option by @kris6673 in #4380
  • FIX: Another CIPP heater issues by @Zacgoose in #4394
  • Feat: Consolidate actions and add validators for actions by @kris6673 in #4398
  • Fix: Add loading skeleton for edit room pages by @kris6673 in #4415
  • Fix: Fix focus loss in RichTextEditor by @kris6673 in #4413
  • Chore: Update license files to latest version from Microsoft by @kris6673 in #4425
  • Feat: Add loading skeleton for contact edit and template pages by @kris6673 in #4419
  • Fix: Update .gitignore with AI rules section by @kris6673 in #4430
  • Dev to release by @KelvinTegelaar in #4431

API Release notes:

What's Changed

Read more

Contributors

JohnDuprey, BNWEIN, and 7 other contributors
Loading

v8.1.0 - Rey Del Mar

20 Jun 17:17
@KelvinTegelaar KelvinTegelaar
v8.1.0
1113feb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.1.0 - Rey Del Mar

You wanted features?! WE GOT YOU FEATURES!

Wow, these past few weeks have been a whirlwind. Our team has been pounding out features daily, tackling so many of your feature requests. Our European team went to Edinburgh for a couple of days of education recently, and met up with some of our amazing contributors. These guys are absolutely mad. During their train ride over they decided to help everyone and create bug fixes, entirely new features, and improve everyones quality of life. These notes are going to be hard to not skip anything.

8.1.0 is called the Rey Del Mar, a cocktail made with Gin, blue curaçao, ginger liquer, lime and orgeat. What is Orgeat you ask? I have no clue, but it makes the cocktail taste fantastic.

We also have a new sponsor, go and say hi to Domotz! Domotz is our new logo sponsor so you'll see them in the app.

Executives deserve love too, so we have given them love.

One of our contributors, @Jr7468 has created an application for internal use at his company. This application also allows them to create reports. Jack was kind enough to show me how they build their reports and shared examples. We've decided to integrate these reports into CIPP too. From the dashboard you can now click the "Executive Report" button, and it creates a report for you including your standards, their licenses, some user information, secure score information, and more.

Oh, and these reports are completely brandable. You can add your own logo and colours to these easily. Thanks for the help on this @Jr7468

demo.mp4

Compliance sucks, we're making it a little easier.

There are so many compliance standards these days, it's hard to keep up. So we decided to make that a little easier for you too. The CIPP standards now include a tag on each standard which compliance standards they hit. Want to easily apply everything CISA? CIS? EDSCA? Essentials 8? No worries. Just use the standards search to apply any compliance standard you want. Build you own? Of course that's possible too.

image

Group editing? We gotchu boo.

Groups have always been a hassle, multiple portals, multiple hoops, Microsoft deciding to deprecate features or entire group types. We've simplified this for you. the group edit screen now allows you to edit most group settings, without ever having to leave CIPP? Want to update the dynamic group rules? Cool, go for it. Want to update the mail nickname because it looks weird? of course. Go ahead. We have your back.

Bulk license changes

So the Microsoft portal only allows you to apply 20 license changes at a time before you have to reach for your trusty PowerShell toolbelt. CIPP added the option to bulk change user licences with just the click of a button, well, a couple of clicks, but you catch the drift. Simplification for the win.

image

Autopilot make-over

Adding autopilot devices received some extra lovin' too. Adding autopilot devices is now easier than ever, especially when using a barcode scanner. Hit the PKID field, scan the code, hit enter or move on to the next box. We're also now allowing you to upload all the weird formats that they can come in. Partner Portal, direct hash in the file, or Intune Portal files. Great job on this @rvdwegen

QoL? Hell yeah.

  • We've improved OoO settings
  • You can now add groups to calendar and mailbox permissions
  • You can now enter your own URLS in the SharePoint onedrive shortcut wizard
  • Automapping switch is now always visible instead of conditional
  • CA Policies now have improvements for named location wait times
  • some of the forms now automatically reset to allow you to immediately jump into the next one
  • Had an engineer ruin your exchange permissions? no worries. CIPP now fixes that for you.

New Standards? We got you boo.

We don't wanna stand still, so we kept on building and building. Special thanks to our contributors for some of the standards too!

  • Disable Exchange Online PowerShell for Non-admins
  • Enable DMARC on MOERA domain names
  • Add CAPTCHA meeting verification to block bots from joining meetings they should not record.
  • Readded the Restrict Access to SharePoint and OneDrive for unmanaged devices
  • Add the two-click confirmation for encrypted emails
  • Enabled internal phishing protection for forms
  • Enable name pronunciation
  • and even more!

There's more improvements, but the best way to check it out is https://standards.cipp.app - A website that dynamically updates based on what standards we make available.

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ https://augmentt.com/ and newly added Domotz!

What's Changed

  • Huntress Alert: Make it possible to ignore disabled apps by @Zacgoose in #4178
  • Fix: Fix missing category for Exchange Connector Template by @kris6673 in #4174
  • Update language label to include geographic area in AutopilotProfileForm by @kris6673 in #4163
  • Chore: Update licenses data to the latest version from Microsoft by @kris6673 in #4160
  • Fix: Global Quaratine Policy not updating with tenant select by @ngms-psh in #4161
  • Feat: Add delete team action by @kris6673 in #4157
  • Feat: Reset from after adding Teams by @kris6673 in #4156
  • Feat: Add new standard for Direct Send in Exchange Online by @kris6673 in #4155
  • Added a section to remove proxy addresses and set primary addresses by @Jr7468 in #4164
  • Dev to hotfix by @JohnDuprey in #4180
  • Add Mailbox Recipient Limits standard to standards.json by @Jr7468 in #4158
  • Feat: Add TERRL alert by @kris6673 in #4170
  • Enhance CippExchangeSettingsForm and user exchange page with mailbox permissions management by @Jr7468 in #4187
  • Add CippDocsLookup component to display documentation links for error severity results in CippApiResults by @Jr7468 in #4183
  • Out of Office by @Jr7468 in #4211
  • Dev to hotfix by @JohnDuprey in #4217
  • Add Missing GDAP Roles by @NullCubed in #4219
  • Dev to hotfix by @JohnDuprey in #4232
  • Modified CippAddGroupForm to add dynamic membership rules for M365 groups by @Jr7468 in #4233
  • Added Cursor Rules by @Jr7468 in #4210
  • Feat: Add FormsPhishingProtection standard by @kris6673 in #4231
  • Alignment of UI elements for mailbox actions and conditions for alias removal/setting by @Zacgoose in #4227
  • Fix: Fix loading bug when switching between device pages by @kris6673 in #4224
  • Standard name pronounciation by @Jr7468 in #4226
  • Added Calendar Processing Action by @Jr7468 in #4223
  • Added alerts to user info card and edit user page by @Jr7468 in #4212
  • Feat: New standard for disabling unlicensed resource mailbox Entra accounts by @kris6673 in #4190
  • Feat: Contact Templates and Standards by @Zacgoose in #4186
  • Feat: Bulk actions now consider conditions when selected by @Zacgoose in #4202
  • Feat: Add equipment management pages and refactor forms by @kris6673 in #4222
  • Add words by @kris6673 in #4239
  • Feat: Add standard to restrict third-party storage services in Microsoft 365 by @kris6673 in #4228
  • Feat: Alert on % OneDrive quota used by @ngms-psh in #4238
  • Fixes query key for GroupTemplatesList beeing incorrect, should be ListGroupTemplates by @Zacgoose in #4245
  • Fix: Change API endpoint to EditUserAliases and update aliases list by @kris6673 in #4248
  • Chore: Some House Keeping by @Zacgoose in #4214
  • Add FolderName to permission object in user exchange page by @Jr7468 in #4249
  • Feat: Safe Links Policy - Management, Standards, and Templates by @Zacgoose in #4197
  • Feat: Add "Microsoft managed" option to standards.json by ...
Read more

Contributors

NullCubed, OfficialEsco, and 10 other contributors
Loading

v8.0.0 - The Sun Also Rises

28 May 17:01
@KelvinTegelaar KelvinTegelaar
v8.0.0
19ff0c5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v8.0.0 - The Sun Also Rises

The world has ended, and started again this morning.

I love writing release notes, especially when using a cocktail name as impactful as this, but that's just what this release is; impactful. It's one of those releases that changes the way we all work, that allows for new possibilities and expansions of who works with CIPP. Also I'm a really big nerd so Hemmingway quotes are my jam. Don't tell anyone about that nerd part. I want them to figure it out on their own.

Let's get started on the myriad of upgrades we've made. This is version 8.0 so there must be a lot right? Well, I don't think we've ever had as many contributions as in the last 3 weeks so lets get to it.

In the words of Jeremy Clarkson: SPEEEEDDDDDD

We've added a new method of caching data, nothing is stored, but refreshing your browser should allow you to resume exactly where you left off, without having to wait. This immense improves the feeling of speed for the application. Combined with our 30% performance boost for hosted clients on Linux this should be a considerable improvement for anyone. We sure as hell love it.

A brand new way to onboard tenants, even without GDAP.

You've read that right. We've revised our onboarding wizard. How? Well we've started with improving the usability, but while we did that our core focus was giving users the ability to easily add new tenants outside of scope of their M365 partnerships. This means onboarding new tenants to CIPP has become so much simpler. Not a Microsoft Partner? No problem. Not even an MSP? CIPP is available to you too now. We already had several non-MSP clients like Disney, but now we have full support for adding any tenant that you'd like.

Our setup wizard added the ability to immediately download several of our baselines, like the CyberDrain baseline, JoeyV's conditional access baselines, or the Open Intune Baseline.

A quick peek? Of course. Here you go.
image

No more invites?! That's right. No more need. Just add users to an M365 group and they can use CIPP

Another cool new feature that we added is the ability to use M365 groups as the source for which role a user should get. We already had custom roles, but you always had to invite users to CIPP to be able to use CIPP, now you can add a Entra group to a specific role and everyone in that group can immediately use CIPP, allowing you to easily onboard new admins to CIPP.

Oh, and you can RBAC these roles anyway you'd like, allowing you to create roles with access to everything, or even nothing.

image

Templating deployed App Registrations

QoL? Hell yeah, we've updated the way you can deploy app registrations to other tenants. This means you can now create a template of any application registration or enterprise app and deploy that template directly to your clients. That allows you to deploy something like SSO in seconds, instead of hours.

New Standards? We got you boo.

While outdated engineers are still recommending you disable Basic Authentication for POP3 and IMAP, or enable Mailbox Auditing, we actually listen to Microsoft and improve our standards on that. Expansion expansion and expansion. Our contributors looked at new things to deploy and improve and we got many;

  • We added the ability to deploy enterprise apps via templates
  • We added anti-phishing settings to standards
  • We've added quarantine policies to our standards and deployment pages
  • We've improved the approval for oauth apps to update when new apps are added.
  • We've updated phishing policy management in standards

There's more improvements, but the best way to check it out is https://standards.cipp.app - A website that dynamically updates based on what standards we make available.

Other notable improvements.

  • We've updated the privileged we use for the application to not require excessive permissions.
  • We've updated the mailbox report API to return more information
  • We've added the option in notifications to send a test PSA alert to see how tickets look in your PSA
  • We've updated the first setup wizard to allow immediate notification tests during the wizard.
  • We've included custom domains by default for phishing policies, and added defaults.
  • We've fixed an issue with duplicate alerts happening in some cases.
  • We've added the ability to exclude groups from standards if a group was included.
  • we've added the ability to remove groups from the edit user page directly.
  • we've fixed a filter for the 90 day guest report.
  • we've updated all URLs to the new Microsoft.cloud URLs.
  • we've added capabilities to editing a users calender.
  • and so much more....

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

What's Changed

Read more

Contributors

homotechsual, OfficialEsco, and 10 other contributors
Loading

v7.5.0 - Cantillon Lou Pepe

13 Apr 18:07
@KelvinTegelaar KelvinTegelaar
v7.5.0
331e106
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.5.0 - Cantillon Lou Pepe

March Migration madness? Oh, it's April!

I'm always comfortable when I write release notes, it's one of those cherries on top of a job well done. The final touches, the beauty in writing and documenting what you've achieved. This release is packed with QoL most of all, but also a very nice addition to our Sherweb integration.

If you noticed that this time the title isn't a cocktail, that's right! I've had a wonderful bottle of beer that I recently shared with two of my amazing friends and wanted to make sure I remember that forever, and what better way to immortalize it than in release notes of niche software right?!

Sherweb Automated Migrations

The Sherweb integration has received a pretty awesome update and something I've been dying to release for a while, fully automated migrations. This allows us to migrate your old legacy CSP to Sherweb without you ever having to touch anything. You know how sometimes other CSPs just don't want to work with you to migrate stuff? Well, this is the solution for that.

No more needing to go to check when a license expires, no needing to check if its in the correct window, no more hands needed to buy or remove the licenses. It's all done for you.

How? well, our docs have already been updated to reflect the new change: https://docs.cipp.app/user-documentation/cipp/integrations/sherweb but I know you like images more, so how about a screenshot?

image

When setting up the integration, you can select the type of automation you'd like to use; just being notified, buying and notifying, or buying, notifying, and cancelling. More vendors are going to be supported for cancellation soon so keep checking in!

New and better filters

On both our standards page and standards overview page we've added the ability to filter and sort the standards, giving you a little bit more insight on how an environment is setup. We're also letting you know if you haven't enabled "Report" on a standard yet in case you're confused about where the data is.

The new standards overview also gives you a better overview on compliance of a standard. Want to see how it looks? of course you do. Here you go.

image

Custom variables but with more flair.

Remember how we introduced custom variables a release ago? no? Oh let me share that with you again:https://docs.cipp.app/user-documentation/cipp/settings/global-variables

Pretty cool right? we've adapted these to allow you to use custom variables everywhere. Any template, any setting, go ahead and use the variables. Knock yourself out.

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

What's Changed

Full Changelog: v7.4.0...v7.5.0

Contributors

OfficialEsco, JohnDuprey, and 3 other contributors
Loading

v7.4.0 - The Reverie

25 Mar 22:09
@KelvinTegelaar KelvinTegelaar
v7.4.0
6932342
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.4.0 - The Reverie

We are not the same

These past two weeks our team has been coding like mad, I've walked into their office and it smelled of energy drinks, iced coffee, and inspiration. At least, that's what I'm telling myself. So many new feature requests have been tackled that will increase the pleasure you get from this version of CIPP, I almost called it the satisfier. Instead, I decided on The Reverie after having some cocktails with a close friend of mine.

I chose The Reverie due to me getting lost in my own reverie thanks to our team. We've added stuff our users dreamed up and I freaking love how we are able to deliver on these.

"Which tenant was that again?" - Tenant Aliases and groups

We've introduced some major changes to our tenants - First off we all know that Microsoft locks GDAP names in places. For the longest time we tried convincing them to the fix the APIs but it was just taking too much time, that's why we decided to take matters into our own hands. Introducing the Tenant Aliases. A tenant alias is a name you can give to a tenant that is just available inside of CIPP.

We've also added the ability to put tenants into groups. These groups can then be used in Standards to assign tenants to a specific standard immediately. This eases onboarding immensely. these groups can also be used as tags, such as "Managed Tenant", "Unmanaged Tenant", "That one guy that hates security" - That jazz.

image

Standards and how to compare them (This is a play on dragons and how to tame them, I had to add this because I don't think people would get it)

Our team put their blood sweat and tears, many many tears into creating a new report for you, but not just a new report. We wanted to expand on the way we compared policies to each other.

CIPP always had the ability to either Alert, Report, or Remediate standards, we've now added the ability to do the same for Intune policies, which you previously could only remediate. Now let's talk about that a little, and how we improved these.

Alert allowed you to receive an email, webhook, or PSA ticket. We've revamped the layout for this and made it more explicit. Your standard emails now have a slightly different subject, and they have more information in them - We include the expected setting, and the current setting if it doesn't match.

Report previously allowed you to create custom BPA reports, our dev team and UX didn't like that much, so now we've build the report for you. Go to your standard, click on the action button and click on "View Report" to look at the new report, immediately allowing you to compare the entire tenant to your baseline.

We've also heavily enhanced the Intune policies - These now to a full compare, and you're able to see the results of this compare inside of your report or alert, knowing exactly which setting was changed and why they aren't in sync anymore, giving a complete baseline report of your tenants.

image

Custom variables, custom data, custom everything!

You thought that was it didn't you? that we did just that in two weeks? Do you know how long two weeks really is? its 14 days!

And on the 14th day of Reverie-mass my CIPPer gave to me a custom variable on a tree! Well, not on a tree but in the app. You can now add any variable to your templates using %variablename%. How does this work?

For global variables, for example, an MSP name, an agent id that's always the same, a piece of text, you go to CIPP -> Application Settings -> Custom Variables.

Anything you add here is automatically replaces in your templates. Have an Intune policy that always needs the right text? Use the global variables.

Now of course some clients have some other variables; their RMM Id, their Halo PSA ID, you can add these at the edit tenant section. Of course, the preset variables %tenantid%, %tenantdomain% and %tenantname% are still available too.

Oh, and one more thing; we've added an option to allow you as advanced users to create your own data objects on users. Imagine directly being able to query graph if a mailbox is shared or not, or what type of MFA they are using. This is done using custom schema extensions. Now that sounds hard right? Yup. That's right. That's why we are documenting this for you. You'll be able to create any type of report you want, with data from any location directly in Graph. That also means other tools can use that information, or you can use your own scripting solutions. Pretty wicked!

Very advanced. Very Mindful, Very Demure.

QoL updates

Ready for the list of other things we added, just to amaze you? We hope you're awestruck, and have to pick up your jaw from the floor.

  • We've added an exclude button to tenant alerts, you can now select "All Tenants" and exclude the tenants you don't want in an alert.
  • The MFA report has been performance tweaked, it's about 1000% times faster, and 100% accurate.
  • The mobile interface is now more responsive, allowing you to increase sizes of tables, buttons, etc.
  • We've fixed an issue where labels sometimes didn't show up for scheduled tasksk
  • We've fixed an issue with our rich text editor not always showing data after a reload.
  • We've added the headers of page to always have the tenant in there
  • We've added an advanced menu to GDAP role mappings for when you really know what you're doing.
  • We've resolved an issue with sorting date time objects in tables that sometimes had null options.
  • Fixed an issue where the buttons on the user actions didn't have their conditional formatting.
  • Fixed an issue where license names didn't always show up, we've added an extra API to prevent this from happening.
  • Increased the speed and usability of edit group - It's now able to show more data and changes are applied with the speed of light(well, the speed of Microsoft's light)

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

What's Changed

New Contributors

Full Changelog: v7.3.0...v7.4.0

Contributors

OfficialEsco, JohnDuprey, and 4 other contributors
Loading

V7.3.0 - The Sidecar

04 Mar 18:36
@KelvinTegelaar KelvinTegelaar
v7.3.0
c92dedf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
V7.3.0 - The Sidecar

New release, who dis?

And boom! It's story time again. A slightly out of band release due to the date but mostly because we have been brewing up new features and some very cool updates to CIPP. This release is called "The Sidecar" (Link to the cocktail here) because we focused on extensions and integrations. Improvements to the tooling for our friends at HaloPSA and at NinjaOne as these integrations got some love we decide to level up their usability too.

NinjaOne integration goes brrrrrr

We updated our NinjaOne integration to use the internal scheduling engine. Sometimes data collection and updating Ninjaone could take up to 10 minutes, sometimes longer. With these changes we're tackling that and have seen tenants of almost 2000 users be uploaded in seconds instead. Not just that but we've made the standards overview compatible with our new methods of standards; you'll be able to view the standards in the integration directly no matter what template they come from.

Manual intervention required

To use the integration, you must go into the integration settings inside of CIPP and click on save. You don't need to change any settings, just hitting save is enough to enable the integration once more and enjoy the speed upgrade.

Halo PSA

Halo PSA also got some good updates; one that was long awaited by many of you; Ticket consolidation. What does this mean? How this mean? Why does this mean? Well, its pretty easy; It simply means that you now have a checkbox in your Halo PSA integration to prevent duplicate tickets. We check if we've sent this as a ticket before, and if that is open, we update it. That means you don't get hundreds of new tickets for the same issue. Go ahead and enable that in your HaloPSA settings today!

QoL updates

We've reintroduced some settings that were loved by many but didn't exactly make it into the new interface, let's talk about those, I'll put them in a list format so its easy to read for you. Ready?

  • We've reintroduced a way to create menu favourites; these are now called bookmarks, hover over a menu item and you'll be able to bookmark it. Bookmarks can be found at the top of your page under the bookmark icon.
  • We've brought back context sensitive help. Hover over our speed dial button at the bottom right and you'll find a direct link to the documentation there.
  • We've resolved an issue with BPA that caused you to not be able to edit table reports as it only used to show one field. @JohnDuprey fixed this and made sure you can now create multiple columns again.
  • External links no longer open multiple tabs, sorry about that! we thought you enjoyed having lots of tabs open.
  • Brought back add-to-group when you edit a user, easily add groups when editing a user.
  • We've added the ability to add exclusions to your Intune Policies in standards and deployments, allowing you to exclude those pesky users and groups that don't deserve your pretty software.

Standards updates

God I love talking about our standards, these are easily our most used functionality inside of CIPP and they receive all the love. Special shout outs to @OfficialEsco, @kris6673 and @bmsimp for helping us update both the standards and their documentation. Let's do some more lists but this time a number one, because I enjoy using lists.

  1. We've added a "Standards Date" property for when a specific standard was added to the product. This allows you to see exactly when a new standard has been added, and allows us to give you a pretty little "New" marker.
  2. We've added a standard to disable QR Code Pin logon.
  3. We've added a standard to allow you to set the preferred language for all users
  4. We've added a standard to allow you to automatically add all available domain names as a proxy address, kind of like how Exchange Domain rules used to work. Easily giving everyone the new domain name(s)
  5. We've added a standard to set the anti-spam connection filter safe list.
  6. We've added a policy that allows you to clear the deleted items after a specified amount of days, no more people storing important files in their recycle bin ;)
  7. We've added a standard to allow you to update and configure the MDM usage scope.
  8. We've updated our spam filter standards to include more spamfiltering spammy options. Please look at our beautiful selection of spam, including spicy spam.
  9. We solved a bug with autopilot profiles not applying.
  10. and so much more! check out the standards section in CIPP to see all updates

Audit logs & Cost Management updates

We've been hard at work to see if we could improve audit logs and we did! the processing of audit logs is now about 10000% faster, and a lot more stable. Especially in large environments with tens of thousands of users you'll notice a boost in processing speed of audit logs and alerting. We hope you enjoy this, as we sure do. The cool benefit? It also brings down costs a lot if you're selfhosting. Wait, that's actually a benefit for us too! ;)

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

What's Changed

New Contributors

Full Changelog: v7.2.0...v7.3.0

Contributors

markheydon, OfficialEsco, and 4 other contributors
Loading

v7.2.0 - The Community Love

13 Feb 00:13
@KelvinTegelaar KelvinTegelaar
v7.2.0
0e4d787
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.2.0 - The Community Love

Here everyone, we are back with a new release drafted by our wonderful team. Just here for the cocktail? go check out the recipe to our community love.

This version we focused on a request by some of our devs/members - @MWGMorningwood came up with the idea that he wanted to share some Intune templates with others, and our devs ran with this. More about that below.

This version is packed with QoL changes, minor facelifts to things like the dialog boxes, but also to output options. Let's dive into the nitty-gritty.

Community repositories

CIPP7.2 allows you to consume community repositories, simply go to Tools -> Community Repositories and you're able to download templates created by others. We already include some amazing repositories by default

  • The CIPP Templates repositories by CyberDrain will slowly be filled with the best of the best templates, resources such as Standards, ISO27001 or other compliance framework policies, etc etc. You'll also be able to pick up ready made standards based on risk levels here, or example templates to expand on.

  • @SkipToTheEndpoint Open Intune Baselines are available for import too. Imagine OIB as the best of all worlds - Microsoft Best Practices, CIS, other frameworks, all applied in a neat package.

  • @j0eyv his Conditional Access Framework is available as a default import location too, allowing you to set up a Conditional Access Strategy in minutes instead of days. The repository contains groups template, conditional access policies, and so much more.

Now that's all really cool stuff, but manual imports are boring right? We don't want to manually import when someone updates the repo. Of course we thought of that. Using the Template Library functionality you can now import the entire repository without having to worry about updates - It'll all take care of that automagically.

API Authentication

We've made changes to the way you setup APIs within CIPP, giving you more freedom and power for both self-hosted and hosted clients. Use the documentation to process a small update: https://docs.cipp.app/api-documentation/setup-and-authentication and enjoy the huge rewards,

The ability to whitelist IPs, add custom permissions per API, easily find the URL you need to use for the API, all of this and more can now be found in the integrations menu

Rooms Management, Contact Management, and more

We now have the ability to manage rooms in a smoother interface, allowing you to set all the properties that a room has, resource management has never been this easy. We added new standards for QR MFA, for new authentication methods, and improved on existing standards.

Github Integrations

Oh, I almost missed talking about this. Having a template library is fun right? Is it enough? No way! you need a way to easily store templates. If you look at our integration you can store all of these templates in your own Github account. That means you can privately store your templates securely, or even use the IntuneManagement tool to create your own template repository using Github. You can store any file in your Github repo directly from CIPP.

Intune Script Management

I don't like intune scripts, there's so many caveats for them. That's why we decided to make management better, specifically @redanthrax rocked out this new feature to manage Intune scripts directly from CIPP. Awesome work!

QoL

This release was also QoL focused, the frontend team introduced new buttons in our dialog boxes, we added a view as table option, and a download results button, this allows you to easily share the results, or copy and paste them somewhere you need them.

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

What's Changed

Full Changelog: v7.1.0...v7.2.0

Contributors

redanthrax, MWGMorningwood, and 6 other contributors
Loading

v7.1.0 - The Negroni

26 Jan 19:40
@KelvinTegelaar KelvinTegelaar
v7.1.0
1d499e8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.1.0 - The Negroni

And here we go! version 7.1.0 ready for CIPP users, I love being back to our normal release cycle, it just makes it so much more fun to bring everyone the features they've been clamoring for, that combined with our amazing contributors adding cool bug fixes or new functionality too really gets the gears going.

This release has one key new feature which we're pretty excited about; Dark Web Scanning. Some of you already found out that we now support HIBP lookups, but that's not all.

Dark Web Scanning

7.1.0 has new tools in the Alert Configuration, and under the tools section you'll be able to find our new Dark Web scanning tools. What do these do? Well, the video explains it well but in general; all your M365 domains can now be protected by using a constant dark web scanning tool that checks in which breaches you have been involved, including returning partial passwords

Check out the video for more information:

How.to.Use.CIPPs.new.darkweb.scanning.features.1.mp4

And yes, that does mean you no longer need external dark web scanning tool. Cool fact? No extra cost. It's free. We don't believe in limiting you by asking a couple of $ per user, or having you pay by tenant. The HIBP integration is free to all hosted users, if you're self hosted all you need is a HIBP API key to make this work.

New User Edit and User View features

The view user display has gotten some new banners to help you find more info, such as group and role membership. We've also added to the edit user and exchange overview to give you more options to easily manage user information.

New Alerts, Pages, and standards

Our contributors added new alerts, new pages such as the ability to view the GAL, and some new standards. We also have new filters added so go check those out.,

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

Bug fixes and changes

New Contributors

Full Changelog: v7.0.1...v7.1.0

Contributors

OfficialEsco, JohnDuprey, and 7 other contributors
Loading

v7.0.1 - The Winter

10 Jan 14:47
@KelvinTegelaar KelvinTegelaar
v7.0.1
1813c25
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v7.0.1 - The Winter

Wow. Just wow. It's been so long that I've wrote one of these that the entire concept of release notes feel foreign. I almost forgot that we name all of our releases after a cocktail. It's also been pretty cold here so hence the name of this release. Only here for the cocktail recipe? Check this out. Here for the actual goodies? the amazing CIPPv7 release? Let's get going!

Complete rewritten interface, by Devias

CIPPv7 contains an entirely new interface, complete rewritten from the ground up by our designers Devias. This interface rewrite was in beta for the past several weeks and tested by a good team of users. CIPPv7 has some pretty changes in regards to the interface, but also loading times and speeds. Of course we would not be us if we would not develop new features, and improve on what we had. This isn't just a minor rewrite, it's a huge change of some of the concepts we use inside of CIPP.

I truly hope you'll all enjoy it. The new interface is blazingly fast, has many new options and has a huge increase in UX.

Standards re-envisioned. WARNING: Attention required

We have revised our standards engine to be much more flexible. Instead of having 1 standard per tenant you can now build standard templates. You can also decide not to apply standards on a schedule, or just apply one or two items to all tenants. It also became easier than ever to create exclusions and complex standard setups. Want to know more? see it in action? Check out the video below.

You do need to take some action after upgrading. Head on over to the standards page, click on "Convert Standards" and enable their schedule once more if you like your setup.

Creating.your.standards.mp4

Audit log view

We've also made it possible to get the auditlogs that have been triggered inside of CIPP, including some cool new geo-location stuff. Something I've personally really wanted for a while. Again, video, right below.

How.to.use.CIPP.to.analyse.received.events.mp4

Business Email Compromise detection; improved being recognition.

Our previous BEC wizard was great; but still required you to have a pretty technical mind on things. We've eased this for you. CIPP now checks the logs for any sign, and tells you if it happened or not. Still wanna do the analysis yourself? that's okay too. We've made the report available so you can actually see and read the data yourself after a potential compromise. Check out the video below.

How.to.research.a.potentially.compromised.account.in.CIPP.mp4

Sherweb PUBLIC beta

And with the release of CIPPv7 we're also very proud to announce the public beta of the Sherweb CSP integration. This integration allows you to buy licenses, remove licenses, see which are assigned, and increase/decrease the count on demand using Sherwebs API.

One very cool coming feature is fully automated NCE migrations. Are you migrating away from an old CSP to Sherweb? CIPP will do this for you. It will decrease the license count at your old CSP and increase the license count at Sherweb so no one has to manually monitor NCE expiration dates anymore.

How.to.manage.M365.licenses.with.CIPP.mp4

OSS 4Lyfe

We also want to give special thanks to a couple of other OSS projects that have helped us in making CIPP as pretty as it can be;

Go check them out!

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ and of course https://augmentt.com/!

In this release, special thanks to @sherweb at https://sherweb.com for the CSP integration. We absolutely love it.

but wait there's more.

We've embedded so many new features, we've made so many QoL changes that not everything can be listed. Over the next few weeks we'll release more videos and guides about feature updates, and some very cool new stuff that's coming in two weeks. That's right. We're back to our two week release cycle.

Self hosted frontend update instructions

  1. Open Your Repository on GitHub

    • Go to GitHub.com and open the repository where you want to make changes.

  2. Find the .github/workflows Folder

    • Look for the folder named .github at the root of your repo.
    • Inside .github, click on workflows.

  3. Locate the Relevant Workflow Files

    • Within workflows, look for all files whose names begin with azure-static-web-apps.
    • Examples: azure-static-web-apps-main.yml, azure-staticweb-apps-xyz.yml, etc.

  4. Edit Each File

    • Click on one of the azure-static-web-apps... files.
    • Click the pencil icon (✏️) or “Edit this file” button (top-right).
    • Search (Ctrl+F or Cmd+F) for the line: 
      output_location: "" # Built app content directory - optional
    • Replace that line with: 
      output_location: "/out" # Built app content directory - optional

  5. Commit Changes

    • Scroll to the bottom of the page.
    • In the “Commit changes” box, type a brief message (e.g., Update output_location to /out).
    • Make sure “Commit directly to the branch” is selected.
    • Click Commit changes.

  6. Repeat for All Matching Files

    • If multiple files start with azure-staticweb-apps, repeat steps 3–5 for each.

Are you getting the message that you must discard or make a pull request? Don't know Github or how PRs work?

Discard your changes and follow these instructions: https://docs.cipp.app/troubleshooting/troubleshooting#you-discarded-changes-when-syncing-github-repositories then return to do above. Remember to change/correct the output location as it says in the instructions above :)

Contributors

troyhunt, Leaflet, and sherweb
Loading