You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"helpText": "**Remediate is currently not available**. Cleans up Entra devices that have not connected/signed in for the specified number of days.",
1660
-
"docsDescription": "Remediate is currently not available. Cleans up Entra devices that have not connected/signed in for the specified number of days. First disables and later deletes the devices. More info can be found in the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices)",
1659
+
"helpText": "Cleans up Entra devices that have not connected/signed in for the specified number of days. Remediation first disables stale enabled devices and, on a later run, deletes stale devices that are already disabled. Hybrid-joined, Intune-managed and Autopilot devices are skipped. Deleting a device permanently removes any BitLocker recovery keys stored on it.",
1660
+
"docsDescription": "Cleans up Entra devices that have not connected/signed in for the specified number of days. Remediation first disables stale enabled devices once they pass the disable threshold, and later deletes devices that are already disabled once they have been inactive for the disable threshold plus the configured grace delta (deletion age = disable threshold + grace days). The disable-before-delete grace period is further guaranteed by never deleting a device in the same pass it was disabled. Hybrid-joined (on-premises synced), Intune-managed/compliant, and system-managed Autopilot devices are excluded, in line with the [Microsoft guidance](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices). **Warning:** deleting a device permanently removes any BitLocker recovery keys stored on that device object.",
1661
1661
"executiveText": "Automatically identifies and removes inactive devices that haven't connected to company systems for a specified period, reducing security risks from abandoned or lost devices. This maintains a clean device inventory and prevents potential unauthorized access through dormant device registrations.",
"label": "Grace days after disable before deletion (0 = never delete). Devices are deleted once inactive for the disable threshold plus this many additional days.",
1678
+
"validators": {
1679
+
"min": { "value": 0, "message": "Minimum value is 0" }
Copy file name to clipboardExpand all lines: Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecModifyMBPerms.ps1
+22-2Lines changed: 22 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,7 @@ function Invoke-ExecModifyMBPerms {
15
15
# Extract mailbox requests - handle all three formats
$null=$Results.Add("Error processing $($CmdletMetadata.Permission) for $($CmdletMetadata.TargetUser) on $($CmdletMetadata.Mailbox): $($_.Exception.Message)")
242
248
}
@@ -249,13 +255,27 @@ function Invoke-ExecModifyMBPerms {
$null=$Results.Add("Error processing $($CmdletMetadata.Permission) for $($CmdletMetadata.TargetUser) on $($CmdletMetadata.Mailbox): $($_.Exception.Message)")
256
263
}
257
264
}
258
265
266
+
# Keep the reporting DB cache in step with what actually changed. The bulk path bypasses
267
+
# Set-CIPPMailboxPermission's own execute-mode sync (-AsCmdletObject returns early), so
268
+
# without this the cached permission report goes stale after every bulk change.
269
+
foreach ($Opin$SuccessfulOps) {
270
+
if ($Op.Permission-in@('FullAccess','SendAs','SendOnBehalf')) {
Copy file name to clipboardExpand all lines: Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListmailboxPermissions.ps1
+6Lines changed: 6 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,7 @@ function Invoke-ListmailboxPermissions {
14
14
$UserID=$Request.Query.userId
15
15
$UseReportDB=$Request.Query.UseReportDB
16
16
$ByUser=$Request.Query.ByUser
17
+
$User=$Request.Query.User
17
18
18
19
try {
19
20
# If UseReportDB is specified and no specific UserID, retrieve from report database
@@ -28,6 +29,11 @@ function Invoke-ListmailboxPermissions {
Copy file name to clipboardExpand all lines: Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1
+2-1Lines changed: 2 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,8 @@ function Invoke-listStandardTemplates {
35
35
} -Force
36
36
Write-LogMessage-headers $Request.Headers-API 'Standards'-message "Standards template '$($RowKey)' contained corrupt data (case-duplicate keys) and was automatically repaired and re-saved."-Sev 'Warning'
37
37
} catch {
38
-
Write-LogMessage-headers $Request.Headers-API 'Standards'-message "Standards template '$($RowKey)' was repaired for this response but could not be re-saved: $($_.Exception.Message)"-Sev 'Warning'
38
+
Write-LogMessage-headers $Request.Headers-API 'Standards'-message "Standards template '$($RowKey)' was repaired but could not be re-saved, so it was omitted from the response: $($_.Exception.Message)"-Sev 'Error'
0 commit comments