It has been a while since I wrote these release notes, almost 3.5 weeks! I am use to writing them each week but for this release we took some extra time, put all of our love into it and created the masterpiece of CIPP v4.0.0 - The Vesper Martini.

We're calling this the Vesper Martini because this release might just make you feel a little bit like James Bond, it brings clarity, spycraft, and gadgets together and wraps it up in one cool package.

This version contains so many cool new features that it's hard for me to pick out specific ones to talk about. First we've consulted closely with Microsoft and they have confirmed that they are allowing all tenants, no matter the license level access to the Management API for Audit logs. This is huge news for CIPP as the only reason we held off on this is because we didn't want to impede on MS's license terms.

So, let's get started on the new features shall we?

Audit Log API and Webhook Alerts

This release has the ability to ingest webhook alerts from the audit log API, we receive the audit logs, store the IPs in a special database, and compare the IPs against our central Geo-IP database.

This means you can alert on new Mailbox rules, New Admins that are added to tenants, logons from non-allowed locations, all without the requirement of a P1/P2 subscription. When these events happen, you either receive a PSA ticket, or a email/webhook if configured that looks something like the one below;

You'll be able to immediately jump to the right page using the button and take action if required. These alerts are sent as soon as they come in from Microsoft so you'll be able to react so much faster than ever before.

Required Actions

As always, perform a permission check after release. You'll have to add some permissions to your CIPP environment to make this all work.

Best Practice Analyser - Custom Reports

The entire Best Practice Analyser has gotten an overhaul, not only is reporting more accurate now, but we're also giving you the ability to create your own reports.

You read that right. You can now use our JSON templating engine to write your own reports. Take a look at the existing templates to start creating your own, or saunter over to our docs at docs.cipp.app to get some more help on customizing these reports.

Because we give you the ability to call any Graph or Exchange API, this also means it become simple to add reports for specific compliance standards, CIS, ISO, Cyber Essentials+, all of these can be added easily and reported on.

But that's not all we've done to BPA, because we also heard your ask about overview reports for a single tenant. That's been added too where you can even add description fields and expected results to overviews:

Other new features

We can't write about every single feature we've added, because that would swamp these release notes, but here's some other notable things we've added;

• There is now a Geo-ip lookup tool under Tools
• The Tenant Access Checker now checks the GDAP permissions and roles if you are in the required groups.
• We've added the ability to remove GDAP roles (Thanks @johnduprey)
• The alerts can now be filtered by severity, no more receiving Info level alerts
• The Tenant Lookup tool under tools now supports the ID too, instead of just domain names.
• We've added the Azure Cloud Shell under the backend options, so you can easily jump to that environment with some templated information
• We've added a new standard for disabling OneDrive shortcuts(Thanks @redanthrax!)
• We've added a new standard for oauth phising while leaving low-level permissions allowed.
• We've added the ability to deploy templates in a specific state for Conditional Access, not having to rely on the state inside of the template.
• And so so much more, many bug fixes, many QoL improvements.

Fully automated updates

Don't want to manually update your CIPP anymore? We've setup Pull. Pull is a Github application that automatically updates your fork when required. Go to https://github.com/apps/pull to install the tool, select the repositories and you're done! automatic updates forever.

Sponsors

We extend our gratitude to our supporters at https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, Hudu at https://www.hudu.com/, Datto at https://datto.com/, Gradient at https://www.meetgradient.com/ and Rewst at https://rewst.io/.

We also welcome a new sponsor today! The MSP NetFriends(netfriends.com) is now a logo sponsor! this is the first MSP to achieve this level of sponsorship and we are super thankful that they have decided to sponsor us at this level.

What's Changed

• Correct client Azure portal link by @PeakeIT in #1647
• fix launch settings for https node 18 enforcement by @redanthrax in #1645
• standards tooltip added onedrive shortcut standard by @redanthrax in #1649
• Update ListLicences.js by @DChorn-ANS in #1659
• Update MEMListPolicyTemplates.js by @DChorn-ANS in #1657
• Dev by @BNWEIN in #1656
• removed ssl, fixed ws hotreload, azurite location by @redanthrax in #1664
• added chrome debug launch, task casing/formatting by @redanthrax in #1668
• Azure Cloud Shell by @johnduprey in #1671
• Fix input validation to support both domain and GUID by @rvdwegen in #1670
• CellBooleanformatter fix by @DChorn-ANS in #1675
• Added Functionality to CIPP Notifications so you can filter by severity by @BNWEIN in #1665
• M365 Portal Change by @johnduprey in #1679
• Add Delete GDAP Role Mapping by @johnduprey in #1677
• Update M365Licenses.json by @STG-Tanner in #1678
• BPA - Set report template in state for tenant change by @johnduprey in #1690
• Dev to release by @KelvinTegelaar in #1692

New Contributors

• @PeakeIT made their first contribution in #1647
• @STG-Tanner made their first contribution in #1678

Full Changelog: v3.8.0...v4.0.0