Merge pull request #100 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: isgq-github01

.github/agents/CIPP-Alert-Agent.md

@@ -102,16 +102,13 @@ When adding or modifying alerts:
 
 When an alert depends on a tenant having certain SKUs or capabilities, you **must**:
 
-- Use `Test-CIPPStandardLicense`  
+- Use `Test-CIPPStandardLicense`
+- Prefer `-Preset` for common capability sets: `Exchange`, `SharePoint`, `Intune`, `Entra`, `EntraP2`, `Teams`, `Compliance`
+- Use `-RequiredCapabilities` only when no preset matches, or combine it with `-Preset` for extra edge-case capabilities
 - Do **not** manually inspect SKUs, raw license IDs, or raw capability lists.
 
 Example pattern (adapt to the specific feature):
 
 ```powershell
-$TestResult = Test-CIPPStandardLicense -StandardName 'AutopilotProfile' -TenantFilter $Tenant -RequiredCapabilities @(
-    'INTUNE_A',
-    'MDM_Services',
-    'EMS',
-    'SCCM',
-    'MICROSOFTINTUNEPLAN1'
-)
+$TestResult = Test-CIPPStandardLicense -StandardName 'AutopilotProfile' -TenantFilter $Tenant -Preset Intune
+```

.github/agents/CIPP-Standards-Agent.md

@@ -82,6 +82,7 @@ When adding or modifying standards:
   - Similar logging and error handling
 - Reuse helper functions instead of inlining raw Graph calls or custom HTTP code.
 - Keep behaviour predictable.
+- If a standard needs license gating, use `Test-CIPPStandardLicense` with `-Preset` for common capability sets (`Exchange`, `SharePoint`, `Intune`, `Entra`, `EntraP2`, `Teams`, `Compliance`). Use `-RequiredCapabilities` only when no preset matches, or combine it with `-Preset` for extra edge-case capabilities.
 
 ### 2. Return the code for the frontend.
 

.github/instructions/alerts.instructions.md

@@ -97,14 +97,11 @@ if ($InputValue -is [string] -and $InputValue.Trim().StartsWith('{')) {
 If the alert depends on a specific M365 capability (Intune, Exchange, Defender, etc.), gate it early with `Test-CIPPStandardLicense`. Never inspect raw SKU IDs manually.
 
 ```powershell
-$Licensed = Test-CIPPStandardLicense -StandardName '<AlertName>' -TenantFilter $TenantFilter -RequiredCapabilities @(
-    'INTUNE_A',
-    'MDM_Services'
-)
+$Licensed = Test-CIPPStandardLicense -StandardName '<AlertName>' -TenantFilter $TenantFilter -Preset Intune
 if (-not $Licensed) { return }
 ```
 
-Reference existing alerts in the same domain for common capability strings. The `Test-CIPPStandardLicense` function source documents the capability matching logic.
+Use presets for common service families: `Exchange`, `SharePoint`, `Intune`, `Entra`, `EntraP2`, `Teams`, and `Compliance`. Use `-RequiredCapabilities` only when no preset matches, or combine it with `-Preset` when an alert needs a preset plus extra edge-case capabilities.
 
 ## Querying data
 

.github/instructions/cippdb.instructions.md

@@ -141,7 +141,7 @@ function Set-CIPPDBCacheMyNewType {
 
     try {
         # 1. Optional license check
-        $Licensed = Test-CIPPStandardLicense -StandardName 'MyFeature' -TenantFilter $TenantFilter -RequiredCapabilities @('REQUIRED_SKU')
+        $Licensed = Test-CIPPStandardLicense -StandardName 'MyFeature' -TenantFilter $TenantFilter -Preset Intune
         if (-not $Licensed) { return }
 
         # 2. Fetch data from API
@@ -160,7 +160,7 @@ function Set-CIPPDBCacheMyNewType {
 
 - **Always use `-AddCount`** unless you handle count rows manually
 - **Pipeline streaming** for large datasets: pipe directly from `New-GraphGetRequest` into `Add-CIPPDbItem`
-- **License gating**: use `Test-CIPPStandardLicense` when the API requires specific SKUs
+- **License gating**: use `Test-CIPPStandardLicense -Preset <Name>` for common capability sets (`Exchange`, `SharePoint`, `Intune`, `Entra`, `EntraP2`, `Teams`, `Compliance`); use `-RequiredCapabilities` only for non-preset capabilities or additional edge-case capabilities
 - **Conditional `$select`**: expand Graph `$select` fields based on license capabilities
 - **Error handling**: catch, log with `Write-LogMessage`, do not rethrow (allows other types in the collection to continue)
 - **No explicit return** of data — these functions write to the table as a side effect

.github/instructions/standards.instructions.md

@@ -57,7 +57,7 @@ function Invoke-CIPPStandard<Name> {
         UPDATECOMMENTBLOCK
             Run the Tools\Update-StandardsComments.ps1 script to update this comment block
     .LINK
-        https://docs.cipp.app/user-documentation/tenant/standards/list-standards
+        https://docs.cipp.app/user-documentation/tenant/standards/alignment/templates/available-standards
     #>
 
     param(
@@ -67,7 +67,7 @@ function Invoke-CIPPStandard<Name> {
 
     # 1. License gate (if the data source requires a specific SKU)
     $TestResult = Test-CIPPStandardLicense -StandardName '<Name>' -TenantFilter $Tenant `
-        -RequiredCapabilities @('CAPABILITY_1', 'CAPABILITY_2')
+        -Preset Exchange
     if ($TestResult -eq $false) { return $true }
 
     # 2. Get current state
@@ -235,13 +235,13 @@ Gate early using `Test-CIPPStandardLicense`. Never inspect raw SKU IDs.
 
 ```powershell
 $TestResult = Test-CIPPStandardLicense -StandardName '<Name>' -TenantFilter $Tenant `
-    -RequiredCapabilities @('EXCHANGE_S_STANDARD', 'EXCHANGE_S_ENTERPRISE')
+    -Preset Exchange
 if ($TestResult -eq $false) { return $true }
 ```
 
 The function checks tenant capabilities, logs if missing, and automatically sets the `Set-CIPPStandardsCompareField` with `LicenseAvailable = $false`.
 
-Reference existing standards in the same domain for common capability strings. The `Test-CIPPStandardLicense` function source documents the capability matching logic.
+Use presets for common service families: `Exchange`, `SharePoint`, `Intune`, `Entra`, `EntraP2`, `Teams`, and `Compliance`. Use `-RequiredCapabilities` only when no preset matches, or combine it with `-Preset` when a standard needs a preset plus extra edge-case capabilities.
 
 ## API call patterns
 
@@ -337,7 +337,7 @@ The comment-based help `.NOTES` block drives the frontend UI. Each field maps to
 | `RECOMMENDEDBY` | `recommendedBy` | `"CIS"`, `"CIPP"`, etc. |
 | `MULTIPLE` | `multiple` | `True` for template-based standards (can have multiple instances) |
 | `DISABLEDFEATURES` | `disabledFeatures` | JSON object disabling specific action modes |
-| `REQUIREDCAPABILITIES` | *(discovery only)* | One capability string per line; parsed for standards metadata/JSON generation. The explicit `Test-CIPPStandardLicense` call in the function body still performs the actual runtime license check. |
+| `REQUIREDCAPABILITIES` | *(discovery only)* | One capability string per line; generated from `Test-CIPPStandardLicense -Preset` and/or `-RequiredCapabilities` for standards metadata/JSON generation. The explicit `Test-CIPPStandardLicense` call in the function body still performs the actual runtime license check. |
 | `UPDATECOMMENTBLOCK` | *(tooling only)* | Always include with the literal value `Run the Tools\Update-StandardsComments.ps1 script to update this comment block`. Signals the comment-update tooling to regenerate this block. |
 
 ### Valid CAT values

Config/CIPPDBCacheTypes.json

@@ -244,6 +244,11 @@
     "friendlyName": "Mailboxes",
     "description": "All Exchange Online mailboxes"
   },
+  {
+    "type": "HVEAccounts",
+    "friendlyName": "HVE Accounts",
+    "description": "High Volume Email accounts"
+  },
   {
     "type": "CASMailboxes",
     "friendlyName": "CAS Mailboxes",

Config/CIPPTimers.json

@@ -78,6 +78,7 @@
     "Cron": "0 0 */12 * * *",
     "Priority": 4,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "PreferredProcessor": "standards"
   },
   {
@@ -87,6 +88,7 @@
     "Cron": "0 15 */12 * * *",
     "Priority": 5,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "PreferredProcessor": "standards"
   },
   {
@@ -120,6 +122,7 @@
     "Cron": "0 0 0 * * 0",
     "Priority": 7,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -137,6 +140,7 @@
     "Description": "Orchestrator to process domains",
     "Cron": "0 30 5 * * *",
     "Priority": 22,
+    "TZOffset": true,
     "RunOnProcessor": true
   },
   {
@@ -149,6 +153,7 @@
     "Cron": "0 0 23 * * *",
     "Priority": 10,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -158,6 +163,7 @@
     "Cron": "0 0 0 * * *",
     "Priority": 10,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -166,6 +172,7 @@
     "Description": "Timer to process billing",
     "Cron": "0 0 0 * * *",
     "Priority": 12,
+    "TZOffset": true,
     "RunOnProcessor": true
   },
   {
@@ -174,6 +181,7 @@
     "Description": "Orchestrator to process BPA reports",
     "Cron": "0 0 3 * * *",
     "Priority": 10,
+    "TZOffset": true,
     "RunOnProcessor": true
   },
   {
@@ -191,6 +199,7 @@
     "Cron": "0 0 0 * * *",
     "Priority": 15,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -200,6 +209,7 @@
     "Cron": "0 0 23 * * *",
     "Priority": 20,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -212,6 +222,7 @@
     "Cron": "0 0 0 * * *",
     "Priority": 20,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -221,6 +232,7 @@
     "Cron": "0 0 2 * * *",
     "Priority": 21,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -230,6 +242,7 @@
     "Cron": "0 30 2 * * *",
     "Priority": 22,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -239,6 +252,7 @@
     "Cron": "0 0 3 * * *",
     "Priority": 23,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -248,6 +262,16 @@
     "Cron": "0 0 4 * * *",
     "Priority": 24,
     "RunOnProcessor": true,
+    "TZOffset": true,
+    "IsSystem": true
+  },
+  {
+    "Id": "a3b4c5d6-e7f8-4a9b-8c1d-2e3f4a5b6c7d",
+    "Command": "Start-ContainerUpdateCheck",
+    "Description": "Check for container image updates and optionally auto-restart",
+    "Cron": "0 0 * * * *",
+    "Priority": 30,
+    "RunOnProcessor": false,
     "IsSystem": true
   }
 ]

Config/FeatureFlags.json

@@ -19,6 +19,29 @@
       "/tenant/standards/bpa-report",
       "/tenant/standards/bpa-report/builder",
       "/tenant/standards/bpa-report/view"
-    ]
+    ],
+    "Hidden": false
+  },
+  {
+    "Id": "SuperAdminNG",
+    "Name": "Super Admin",
+    "Description": "Additional super admin pages for CIPP instances (CIPP Users, SSO, Container management).",
+    "Enabled": false,
+    "AllowUserToggle": false,
+    "Timers": [],
+    "Endpoints": [
+      "ExecCIPPUsers",
+      "ListCIPPUsers",
+      "ExecSSOSetup",
+      "ExecContainerManagement",
+      "ListContainerLogs"
+    ],
+    "Pages": [
+      "/cipp/advanced/super-admin/cipp-users",
+      "/cipp/advanced/super-admin/sso",
+      "/cipp/advanced/super-admin/container",
+      "/cipp/advanced/container-logs"
+    ],
+    "Hidden": true
   }
 ]

Config/SAMManifest.json

@@ -571,6 +571,10 @@
         {
           "id": "a94a502d-0281-4d15-8cd2-682ac9362c4c",
           "type": "Role"
+        },
+        {
+          "id": "d72bdbf4-a59b-405c-8b04-5995895819ac",
+          "type": "Role"
         }
       ]
     },