Update#50
Merged
Merged
Conversation
Signed-off-by: James Tarran <jtarran@techary.com>
Restore Invoke-AddCustomScript.ps1
## Summary
The ExternalMFATrusted standard configures `inboundTrust.isMfaAccepted`
on the cross-tenant access policy. Microsoft gates this advanced
cross-tenant setting behind **Azure AD Premium P1**, returning:
> Failed to set External MFA Trusted to enabled. Error: To add and
configure advanced settings, you'll need to link a subscription with
Azure AD Premium P1 to your tenant.
The standard had no license check, so it ran on every Exchange-licensed
tenant and surfaced this Error-level log entry on every standards run
for tenants without P1.
## Fix
Add the canonical `Test-CIPPStandardLicense` gate covering `AAD_PREMIUM`
and `AAD_PREMIUM_P2` capabilities, matching the pattern already used by
other P1-gated standards (Branding, ConditionalAccessTemplate,
CustomBannedPasswordList).
```powershell
$TestResult = Test-CIPPStandardLicense -StandardName 'ExternalMFATrusted' -TenantFilter $Tenant -RequiredCapabilities @('AAD_PREMIUM', 'AAD_PREMIUM_P2')
if ($TestResult -eq $false) {
return $true
}
```
Plus a `REQUIREDCAPABILITIES` block in the `.NOTES` comment so the
standards comment regenerator and tooling pick it up.
## Effect
On unlicensed tenants:
- Standards run logs Info ("Tenant does not have the required
capability...") instead of Error ("Failed to set External MFA
Trusted...")
- Drift page renders "Not Licensed" via the `LicenseAvailable=false`
flag set by `Test-CIPPStandardLicense`
- No spurious Microsoft API call attempting to write the advanced
setting
## Test plan
- [ ] Tenant **with** AAD P1/P2 — standard runs as before, configures
cross-tenant MFA trust, drift page reflects current vs expected
- [ ] Tenant **without** AAD P1 (e.g., Business Basic/Standard,
post-Business Premium downgrade) — standard short-circuits at the gate,
logs Info, drift page shows Not Licensed, no Error-level log
Added package tags for conditional access policy templates Added required piping for standards evaluation Frontend PR: KelvinTegelaar/CIPP#5794
…ce (#1945) Introduce a Levenshtein distance function to enable fuzzy matching for Intune policy names. This allows for configurable matching thresholds, improving policy deployment accuracy while maintaining exact match functionality. This is mostly thought to be a way to replace versioned Intune templates, like updating to a newer version of an OIB template easily. Frontend PR: KelvinTegelaar/CIPP#5685
Enhance functionality to support allTenants for Teams and SharePoint pages Add words too Since SharePoint sites takes so damn long to load on tenants with lots of sites, it got it's own CollectionType. It felt risky to put it into the Graph type, that already does so many things. Frontend PR: KelvinTegelaar/CIPP#5921
This pull request updates documentation links across multiple standard-related PowerShell scripts to point to the new location for the available standards documentation. It also adds license capability checks for Microsoft Defender for Office 365 (MDO) to two standards, ensuring that actions are only performed if the appropriate licenses are present. **Documentation updates:** * Updated `.LINK` URLs in all `Invoke-CIPPStandard*` scripts and related documentation to reference `https://docs.cipp.app/user-documentation/tenant/standards/alignment/templates/available-standards` instead of the old `list-standards` path. [[1]](diffhunk://#diff-6daa4e29aad7a00f121ba5678948d750ab0b9b9df1feaf114333ba49be7ae567L60-R60) [[2]](diffhunk://#diff-42f2b422b0841f984d62f15d6127b01eb7894af88906ff550f0778301fbd4c72L37-R37) [[3]](diffhunk://#diff-246347952c1150b0fdecaf288c287097af3cf5144b6901c7cf5dd27a8c811b41L40-R40) [[4]](diffhunk://#diff-b3057df1a79ca4124310da51cf8501ff96b72ff0c91b336e318dfeaf232404d8L37-R37) [[5]](diffhunk://#diff-6c5620a829da87e51a159ce94e1a4c624b3432b2b390e973034a8d07b72e1848L34-R34) [[6]](diffhunk://#diff-c5f5d9af3e66f961e641a83f09943dec87365ed75882b101836c973e074876abL30-R30) [[7]](diffhunk://#diff-2f951a1a9bd1ff01e312c33110405a68bb9a4e7dbaf28ece29ca01008bd22f8dL80-R80) [[8]](diffhunk://#diff-1b07267454b4235396ce7177b6b10524e4ff1e49693ed80997a9041f7183e738L37-R37) [[9]](diffhunk://#diff-1b6ab7fea4c88490866d12d51aac5ca75f0e6486340ffa4834f13a59ff3137d9L32-R32) [[10]](diffhunk://#diff-fbe15d270bbc5c739da1cd611e54a08c5e7eae921eb67f1e223d2599789d4851L33-R33) [[11]](diffhunk://#diff-9765f25907237f01c5702aea22e8b0b81581ce74509859dc44ca2e1169e2121eL36-R36) [[12]](diffhunk://#diff-82b2436f655f10ab49a873863460fbfeeaebef3302e05e98c66689b4d0e6408eL39-R39) [[13]](diffhunk://#diff-833db7ae85a554092b17dc78ae82532e6d4d108ecc136d81fd078842fee768caL42-R42) [[14]](diffhunk://#diff-3584b16f91716ce21552f951aac1a64769c0bb8eba8f9ef050f5d7972a92878dL31-R31) [[15]](diffhunk://#diff-2b87f20db110c8778aa040aa7037b5125268cfa228345aaf9f1498b83f7172fcL36-R36) [[16]](diffhunk://#diff-25fe8402560d6ecdf05aeed80dfb2fb40b78ebcfa600116a68f6281541552758L31-R31) [[17]](diffhunk://#diff-422a107a67a54e6f851f707c908e9aa7e92be1bbcab3ee5ecf71f8618d95f65dL36-R36) [[18]](diffhunk://#diff-016bb91a82a19805612ba8c325c9cec9a94a6009f8a593e229b9d99e0c2d0031L36-R36) [[19]](diffhunk://#diff-24916b62e880960161f9f9e875598efe8ee0ca2b0225d00256b5a53717ce0abeL35-R35) **License checks for Microsoft Defender for Office 365:** * Added a license capability check in `Set-CIPPDBCacheExoPresetSecurityPolicy` to skip caching Exchange Preset Security Policies if the tenant lacks the required MDO licenses. * Added a license capability check in `Invoke-CIPPStandardAtpPolicyForO365` to ensure the standard only runs if the tenant has the required MDO licenses.
Fix duplicate code mistake
…r standards templates
use correct forms settings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.