World cup Woooo!
As we've all been watching the world cup with amazement and surprise, we're still building pretty cool stuff at the same time. This release is in honour of the many hydration breaks we've had during the cup so far. Because there's been so many, its not one cocktail, but three. Check them out here and remember to stay hydrated!
ps: This release contains some new permissions, so make sure to apply those using CIPP -> Application Settings -> Permissions and refreshing your CPV permissions to get everything up and running.
Copilot & Shadow AI detection
One of our requested features was "Can we do more with Copilot and AI". After clarifying the feature requests a little and getting a clear sign of what you were looking for we of course delivered. You asked for the ability to manage copilot settings and see them. You've asked for standards around copilot settings, and you wanted to see more in depth information about adoption of AI in general.
That's all included. Not just in our dashboard where you can find the copilot readiness report, but also in our entirely new Copilot and AI section. You can now use CIPP to manage copilot in-depth; pinning the chat, blocking access to specific content, blocking or allowing image generation, allowing copilot to search the web, disabling or enabling copilot in the admin centers; all possible with just a click. As a standard, but also on demand.
We've also introduced Agent365 package management; create, share, or prevent agents from deploying in your managed tenants. Whether its for one tenant or all. Of course we've also included Microsoft's Copilot report data, adoption, usage trends, or activity.
But now the really cool part; with all that M365 data, we've heard your comments about the worries of Shadow AI, and created a reporting and executive report for that too. Let me show you how that looks;
Now, this page uses information already present in M365 and does not require any additional licensing; we use Intune to discover installed applications, we use Entra to discover any approved apps, now that does leave you with some blindspots; a lot of AI usage is done in the browser instead of installed apps. In our next release we'll be adding a detection method for those too. Shadow AI detection for everyone.
SharePoint Madness unmaddend (Is that even a word? It is now!)
This release cycle we've had 5 different SharePoint feature requests coming in, ranging from permissions, to sharing links visibility, to adding groups instead of users, and boy did we deliver, and we're building on this so much.
The biggest issue we've had with this was GDAP; Microsoft officially does not want you to manage SharePoint data directly with GDAP, so we had to work around that just a little bit, and we've done so with the expected CyberDrain flair. Instead of me just chatting away about it, let me show you.
We've added a bunch of options under SharePoint Management, like these;
Including allowing you to Revoke sharing links, delete an entire site, but also setting library level permissions.
Thought that was all? Of course not. No more going to the SharePoint admin center to try and undelete an accidentally deleted file, either bulk or singluar. No more struggling with infinite pagination on the portal itself, and instead just selecting the things you need:
Oh, and finally, the extended info display was also updated to show the exact site members, who the owners and visitors are. Jeez that's a lot of Sharepoint, and we're only getting started.
because of course it's cool to manage SharePoint, but seeing the risk in SharePoint is something that's just as important. That's why we've created the SharePoint Sharing Report.
A report that immediately tells you how much of your data in your tenant has been shared, where data has been used, how many links have been generated, what kind of links. This information can be key to understand how data was ingested by an AI, or how specific users had data they should not have had. The report shows your biggest sharers, and also allows you to invalidate links when they should not be shared.
Want a quick look? of course, here you go:
This report is being extended as we speak; Purview, applications with access, retention labels, and even automated labeling is all coming soon.
So what else is up? Well, we've pimped some of our integrations.
One of our newest community contributors introduced CVE Management within CIPP using Defender TVM. This allows you to manage known CVEs easily using our interface, but that's not all. The fantastic @DamienMatthys also made sure this integrates directly with Ninjaone's vunerability management. Are you a NinjaOne user? enable the sync for this in the integration settings and see M365 and Defender vunerabilities flow into NinjaOne easily for each tenant.
@renada-jacob also worked at our integrations; Reneda loves Halo and they love us(They are one of our Professional Services Partners!) and decided to contribute code to the Halo integration. You now have the ability to link tickets directly to the correct user. No more "General User" - If a MFA ticket is about "James Logan-Howlett" It'll be assigned to him, and not to the generic user. Pretty awesome stuff!
Jeez these are getting long, what else did you do?
The dashboard has gotten a nice update; Alerts now show up there directly, BEC has received a facelist and some new features by @kris6673, we've added the ability to completely configure auth methods from the frontend too - No longer just needing to use Standards, one-off quick changes are possible too. We've also added a feature to vacation mode to create a temporary scoped CA policy for the duration of someone's vacation, special thanks to @StoricU for that.
I'm just here for the list. Gimme the list.
We've added:
- Add pages for Deleted Sites and External Users; update navigation
- Enhance SharePoint site management
- Add Edit Site Properties form and integrate with site management
- Enhance SharePoint site member role handling
- improve source of authority state change
- Improve set sign in state with validation
- enhance user actions TAP generation
- add option to include mail-enabled security groups and group them
- Add handling for license missing deviations in drift management
- Enhance proxy address handling by merging Entra ID and Exchange data
- Add color picker support for sensitivity labels and enhance label color handling
- add Microsoft 365 / Entra Backup roles to JIT list
- show MCP API URL (/api/ExecMcp) on CIPP-API integration page
- add email aliases and hide-from-GAL to group templates
- Add default checkboxes for webhooks.
- Add Stale Entra Devices Remediation Action for standards
- add mailbox access card to exchange page
- add bulk remove mailbox permissions functionality
- Add delivery insights
- add tooltips and keyboard shortcut hints
- add per-method auth method config UI
- Adds an Alerts card to the dashboard showing fired alert instances for the selected tenant: active alerts on top (each snooze-able), with snoozed alerts greyed at the bottom showing time remaining and who snoozed them. Lets you review and manage alerts without leaving the dashboard.
- restore manual searches
- Add audit log alert presets for external forwarding and Exchange admin elevation
- include/exclude group pickers for Intune assign
- add sent messages check and update checks numbering
- add severity action to incidents list
- add navigation links to various cards for better UX
- Add default calendar permission options and warning
- Add room calendar processing options
- add allTenants support for shared mailbox enabled report
- show SMTP auth state on user tab
- expose PSA Ticket Strategy on the alert configuration form
- ability to add/remove nested groups in group memberships
- add Link tickets to affected users toggle
- add functions to manage SharePoint external users and site user removal
- Enhance group member addition and removal logging with group names
- Improve SharePoint site role membership handling
- Support non-group SharePoint member updates
- add license name to offboarding
- Add or update the Azure App Service build and deployment workflow config
- add functions to format alert cell values and normalize alert display rows
- Refactor target object handling in Get-CippCustomDataAttributes and enhance user attribute selection in Invoke-ListUsers
- Enhance reusable settings template handling in tenant alignment functions and standards
- Adds a read-only endpoint that surfaces the currently-active fired alert items for a tenant, so the frontend can display live alert instances (not just configured rules or snoozed items). Backs the new Alerts card on the dashboard.
- and so much more
We've fixed:
- Fixed Drift Template names not found when using tags.
- ensure sorted output for child values and handle comparison errors in Intune template
- exclude .None permissions from permission check
- remove users from mail-enabled security groups during license removal
- add caching for hudu relations to reduce api overload
- increase template depth in get-cippdrift
- sync mailbox permission cache after changes
- update sherweb functions to support API client callers
- exclude imAddresses from user backup/restore
- add system32,osdrive to protected variables
- Hudu sync improvements
- Fixes for array value business phone number in templates
- Fix CA template list and table side filter when ID/GUID provided
- Fixes for CA template editing dropping the package tag
- Fix Check extension alerts repeating on every run (watermark never advanced)
- and so much more
Sponsors
We extend our gratitude to our supporters at https://renroros.no/, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com/, https://rewst.io/ https://augmentt.com/ and newly added Domotz and Guardz!
New Contributors
- @michaelmsonne made their first contribution in #6213
- @matstocks made their first contribution in #6242
- @CTaylor-1 made their first contribution in #6193
- @matstocks made their first contribution in KelvinTegelaar/CIPP-API#2114
- @tfournet made their first contribution in KelvinTegelaar/CIPP-API#2112
- @DamienMatthys made their first contribution in KelvinTegelaar/CIPP-API#2080
- @renada-jacob made their first contribution in KelvinTegelaar/CIPP-API#2051
Full Changelog: v10.5.0...v10.6.0