github KelvinTegelaar/CIPP v10.5.0
v10.5.0 - The Jungle Juice
on GitHub

4 hours ago

Jungle juice has a little bit of everything in it.

The coolest thing about having an event like MSPGeekCon is that we get to be together with our entire team for a while and throw our wildest ideas out there. I love events because I get to spend it with people I care about and just build the most awesome software we can. The slight delay on releases is worth it as we have some huge things coming for you now.

This release is focused around AI, Compliance, standards, and more, but before we jump into lets talk about a little popup you'll get when logging in after updating; we're performing some improvements on how we handle SSO and we're preparing for some infrastructural changes that'll allow us more flexibility. After login, you'll be greeted by a pop-up asking you to create the SSO app for us. Click the button, so you're prepared for the future migration.

Oh and if you're a user of CW, AT, or Kaseya BMS, you should head over to the integration page for a little surprise, right after drinking some Jungle Juice of course

The Official CIPP-MCP Beta!

Yes, you're reading that right - We're release the CIPP Tools MCP into the wild, but behind a feature flag. Get on over to CIPP -> Application Settings-> Features to enable the MCP. After enabling the MCP you'll be able to ask any questions to Claude or any other AI you like using, with natural language. For example:
image

We're releasing the beta as a read-only tool, but in a couple of weeks we'll be introducing more MCP-Goodness. Together with @cipp-ashe as our COO and AI lead we're going to make sure we bring more AI assistance to you in a responsible and controlled manner.

Purview and purwho?

This release we've also added the ability to completely run with compliance management; we already could do some things such as DLP policies and setting retention, but we figured why stop there? You can now completely template your entire Purview environment, including Sensitive information Types, and deploy them everywhere. It makes handling Purview and AI compliance so much easier.

Of course we didn't just add the templates; we've also made sure you can use our standards to get the same configuration deployed to your clients in an explainable way.

image

Application Deployment as a standard

A couple of months ago we've added the ability to deploy any custom application using CIPP

We've now added the ability to deploy applications as a standard. You create an application template in our system from an existing app, or you use WinGet, Choco, or your own custom application. You can all upload it inside of the portal and deploy anything you want directly to Intune.

As soon as you add a tenant to the standard, they receive these applications to be installed, or even better; uninstalled. Massively uninstall bloatware with the click of a button using CIPP now.

image

SharePoint Retention Management

One of the biggest complaints my MSPs team has is how hard it is to manage SharePoint retention at times; especially when there are a million copies of the same file everywhere, with a million versions because Microsoft's managed SharePoint file history can be a tad aggresive.

So we've added two cool new options; one is to set the SharePoint versioning for existing and new sites to a specific number of files or days. The other is the ability to launch a SharePoint cleanup job. No more using 10TB of data just on 100x versions:

image

New Tenant Tests and Compliance testing

We've added a full test suite for SMB1001:2026 to CIPP using the test suites, allowing you to easily see how far along you are using our test suites, we've also added the M365 Foundations Benchmark v6 and v7 suites to test against.

image image

Of course just willy nilly creating tests for frameworks doesn't help anyone so we've also improved the testing overviews to show you which standards make sure you can satisy the requirements for testing:
image

Talking about standards, whats new there?

We've always had the ability to configure Auth Methods, but they were split over a couple of different standards for flexbility, but some users asked if we could make a single standard where they configure all of them; that's one thing we've added for you, but we've added a lot more, about 15 new standards to use with all the added functionality in M365.

  • Email as alternate login ID standard
  • DLP via DCS standard
  • DLP via DCS OWA standard
  • Intune Device Join
  • Device Registration
  • Windows Hello - Added additional options
  • Smart Lockout standard
  • FIDO2 profile standards
  • Autopatch standard
  • New auth methods standard
  • CA template package tags (tag-based deployment)
  • AAD Premium license gate on ExternalMFATrusted
  • Levenshtein/fuzzy matching for Intune drift (configurable distance)
  • Manual standards run processes all templates for precedence
  • License capability presets
  • Standards template deployment for Intune apps
  • By-standard alignment summary view
  • Custom Test - alert on X statuses
  • Special beta standard: Configure Autopatch

What other new cool gizmos do you have for us?

There's so many feature requests in this list that its hard to keep track sometimes but some other features we've added that we're proud of are also built by our contributors:

  • Group License management, easily deploy licenses to groups using CIPP and CIPP Templates now
  • The ability to exclude licenses from alerts only instead of the entire product
  • The ability to deploy Device Prep Profiles

We've added:

  • Apple ADE + Android enrollment profile listing/deletion

  • Device Prep(Autopilot v2) profile

  • CAS mailbox management endpoint (ExecSetCASMailbox)

  • Remove users from admin roles

  • Add/remove nested groups in group memberships

  • Group-Based Licensing

  • Online archive report (mailbox + archive size columns)

  • Bulk update contact/UPN fields

  • AllTenants: Intune pages, Teams/SharePoint, SPO sites (greatly faster)

  • SharePoint management functionality

  • OneDrive sharing disable (offboarding + menu)

  • HVE user management + cache

  • Licence Universal Search

  • Apps and Service Principals in universal search

  • New license report endpoint

  • AutoExpandingArchive org-level property exposed

  • Backup excluded tenants config

  • PendingAcceptance guest handling + updated reporting

  • SSO auth popup

  • Additional portal links in Hudu extension sync

  • Exclude From Alert support on licenses

  • Optimize CIPP DB orchestration

  • CA policy editor + template creator/editor redesign

  • Lookup CA template names via API

  • CA policy to package tag UI elements

  • Run standard now UX — autocomplete for tenants/groups/individual

  • Breadcrumb text selectable/copyable

  • Icons in tabbed layouts

  • Intune template details improved

  • Template displayName used for labels

  • Side nav expanded for UX

  • Permanent dismissal for release notes

We've fixed

  • Standards run errors (Retention, MDO, general)

  • Manually run standards not in applied standards report

  • TenantAllowBlockList always non-compliant

  • Intune standard change detection queries

  • CIS 5.1.4.1 and SMB1001 (2.8) tags moved to join standard

  • intuneRestrictUserDeviceRegistration now targeting azureADRegistration

  • Presets applied to rest of standards (DefenderForOffice365 etc)

  • Desktop activations Copilot-ready test

  • Standard name retrieval logic improved

  • Tenant groups cache alternating on refresh

  • AllTenants retrieval issue

  • AllTenants sync on OneDrive/SharePoint

  • Intune policy listing speed for AllTenants

  • AllTenants SPO timeout with large tenant lists

  • Duplicate test calls

  • EditIntunePolicy wrong role

  • Autopilot endpoint roles (Autopilot.Read)

  • Quarantine deny action

  • Bulk mailbox rule changes

  • Template trigger

  • ExoGroups add-member (auto-retry for new users)

  • Mail contact standard reworked

  • CA policy compare blank line + pipe char escaping

  • "Temporary Access Password" → "Temporary Access Pass"

  • Template ID casing

  • Caching cleanup bug

  • Scheduler details/list headers removed

  • Queue rerun protection timing

  • 404 detection for non-existing roles

  • JIT admin autocomplete creatable removed

  • Tab title showing as undefined

  • Version check / version encoding updates

  • Translation keys updated

  • Fallback to app version if not specified

  • Tenant group scope cache

  • Explicit tenant removal from table

Sponsors

We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ https://augmentt.com/ and newly added Domotz and Guardz!

New Contributors

Full Changelog: v10.4.0...v10.5.0

Check out latest releases or
releases around KelvinTegelaar/CIPP v10.5.0

Don't miss a new CIPP release

NewReleases is sending notifications on new releases.

Get notifications