MetsCaniac · pull · Dec 19, 2025 · Dec 17, 2025 · Dec 18, 2025 · Dec 18, 2025
diff --git a/.github/workflows/dev_api.yml b/.github/workflows/dev_api.yml
@@ -25,67 +25,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
-      - name: Install ModuleBuilder
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module ModuleBuilder -AllowClobber -Force
-
-      - name: Build CIPPCore Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CIPPCore"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Generate function permissions before replacing the source module
-          $ToolsPath = Join-Path $env:GITHUB_WORKSPACE "Tools"
-          $ScriptPath = Join-Path $ToolsPath "Build-FunctionPermissions.ps1"
-          pwsh -File $ScriptPath -ModulePath $ModulePath
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CIPPCore") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-      - name: Build CippExtensions Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CippExtensions"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CippExtensions") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
 
       - name: Login to Azure
         uses: azure/login@v2

diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml
@@ -70,68 +70,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
-      - name: Install ModuleBuilder
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module ModuleBuilder -AllowClobber -Force
-
-      - name: Build CIPPCore Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CIPPCore"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Generate function permissions before replacing the source module
-          $ToolsPath = Join-Path $env:GITHUB_WORKSPACE "Tools"
-          $ScriptPath = Join-Path $ToolsPath "Build-FunctionPermissions.ps1"
-          pwsh -File $ScriptPath -ModulePath $ModulePath
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CIPPCore") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-      - name: Build CippExtensions Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CippExtensions"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CippExtensions") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-
       # Create ZIP File in a New Source Directory
       - name: Prepare and Zip Release Files
         if: env.tag_exists == 'false'

diff --git a/.github/workflows/upload_dev.yml b/.github/workflows/upload_dev.yml
@@ -17,66 +17,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: Setup PowerShell module cache
-        id: cacher
-        uses: actions/cache@v3
-        with:
-          path: "~/.local/share/powershell/Modules"
-          key: ${{ runner.os }}-ModuleBuilder
-
-      - name: Install ModuleBuilder
-        if: steps.cacher.outputs.cache-hit != 'true'
-        shell: pwsh
-        run: |
-          Set-PSRepository PSGallery -InstallationPolicy Trusted
-          Install-Module ModuleBuilder -AllowClobber -Force
-
-      - name: Build CIPPCore Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CIPPCore"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Generate function permissions before replacing the source module
-          $ToolsPath = Join-Path $env:GITHUB_WORKSPACE "Tools"
-          $ScriptPath = Join-Path $ToolsPath "Build-FunctionPermissions.ps1"
-          pwsh -File $ScriptPath -ModulePath $ModulePath
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CIPPCore") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
-
-      - name: Build CippExtensions Module
-        shell: pwsh
-        run: |
-          $ModulePath = Join-Path $env:GITHUB_WORKSPACE "Modules/CippExtensions"
-          $OutputPath = Join-Path $env:GITHUB_WORKSPACE "Output"
-
-          Write-Host "Building module from: $ModulePath"
-          Write-Host "Output directory: $OutputPath"
-
-          # Build the module using ModuleBuilder
-          Build-Module -SourcePath $ModulePath -OutputDirectory $OutputPath -Verbose
-
-          # Replace the source module with the built module
-          Remove-Item -Path $ModulePath -Recurse -Force
-          Copy-Item -Path (Join-Path $OutputPath "CippExtensions") -Destination $ModulePath -Recurse -Force
-
-          Write-Host "Module built and replaced successfully"
-
-          # Clean up output directory
-          Remove-Item -Path $OutputPath -Recurse -Force
 
       # Create ZIP File in a New Source Directory
       - name: Prepare and Zip Release Files

diff --git a/Config/schemaDefinitions.json b/Config/schemaDefinitions.json
@@ -2,15 +2,46 @@
   {
     "id": "cippUser",
     "description": "CIPP User Schema",
-    "targetTypes": ["User"],
+    "targetTypes": [
+      "User"
+    ],
     "properties": [
-      { "name": "jitAdminEnabled", "type": "Boolean" },
-      { "name": "jitAdminExpiration", "type": "DateTime" },
-      { "name": "jitAdminReason", "type": "String" },
-      { "name": "mailboxType", "type": "String" },
-      { "name": "archiveEnabled", "type": "Boolean" },
-      { "name": "autoExpandingArchiveEnabled", "type": "Boolean" },
-      { "name": "perUserMfaState", "type": "String" }
+      {
+        "name": "jitAdminEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "jitAdminExpiration",
+        "type": "DateTime"
+      },
+      {
+        "name": "jitAdminReason",
+        "type": "String"
+      },
+      {
+        "name": "jitAdminStartDate",
+        "type": "DateTime"
+      },
+      {
+        "name": "jitAdminCreatedBy",
+        "type": "String"
+      },
+      {
+        "name": "mailboxType",
+        "type": "String"
+      },
+      {
+        "name": "archiveEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "autoExpandingArchiveEnabled",
+        "type": "Boolean"
+      },
+      {
+        "name": "perUserMfaState",
+        "type": "String"
+      }
     ],
     "status": "Available"
   }

diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertGlobalAdminAllowList.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertGlobalAdminAllowList.ps1
@@ -46,8 +46,8 @@ function Get-CIPPAlertGlobalAdminAllowList {
             $UpnPrefix = ($admin.userPrincipalName -split '@')[0].ToLowerInvariant()
             if ($AllowedLookup -notcontains $UpnPrefix) {
                 [PSCustomObject]@{
-                    Admin      = $admin
-                    UpnPrefix  = $UpnPrefix
+                    Admin     = $admin
+                    UpnPrefix = $UpnPrefix
                 }
             }
         }
@@ -69,10 +69,10 @@ function Get-CIPPAlertGlobalAdminAllowList {
             } else {
                 $NonCompliantUpns = @($UnapprovedAdmins.Admin.userPrincipalName)
                 $AlertData = @([PSCustomObject]@{
-                        Message            = "Found $($NonCompliantUpns.Count) Global Administrator account(s) not in the approved allow list."
-                        NonCompliantUsers  = $NonCompliantUpns
-                        ApprovedPrefixes   = if ($AllowedAdmins) { $AllowedAdmins -join ', ' } else { 'Not provided' }
-                        Tenant             = $TenantFilter
+                        Message           = "Found $($NonCompliantUpns.Count) Global Administrator account(s) not in the approved allow list."
+                        NonCompliantUsers = $NonCompliantUpns -join ', '
+                        ApprovedPrefixes  = if ($AllowedAdmins) { $AllowedAdmins -join ', ' } else { 'Not provided' }
+                        Tenant            = $TenantFilter
                     })
             }
 

diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMXRecordChanged.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertMXRecordChanged.ps1
@@ -30,12 +30,12 @@ function Get-CIPPAlertMXRecordChanged {
         # Update cache with current data
         foreach ($Domain in $DomainData) {
             $CacheEntity = @{
-                PartitionKey    = $TenantFilter
-                RowKey          = $Domain.Domain
-                Domain          = $Domain.Domain
-                ActualMXRecords = $Domain.ActualMXRecords
-                LastRefresh     = $Domain.LastRefresh
-                MailProvider    = $Domain.MailProvider
+                PartitionKey    = [string]$TenantFilter
+                RowKey          = [string]$Domain.Domain
+                Domain          = [string]$Domain.Domain
+                ActualMXRecords = [string]$Domain.ActualMXRecords
+                LastRefresh     = [string]$Domain.LastRefresh
+                MailProvider    = [string]$Domain.MailProvider
             }
             Add-CIPPAzDataTableEntity @CacheTable -Entity $CacheEntity -Force
         }

diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertRestrictedUsers.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertRestrictedUsers.ps1
@@ -37,6 +37,6 @@
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
         }
     } catch {
-        Write-AlertMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+        Write-LogMessage -tenant $($TenantFilter) -message "Could not get restricted users for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)" -severity 'Error' -API 'Get-CIPPAlertRestrictedUsers' -LogData (Get-CippException -Exception $_)
     }
 }
diff --git a/Modules/CIPPCore/Public/Authentication/Get-CippAllowedPermissions.ps1 b/Modules/CIPPCore/Public/Authentication/Get-CippAllowedPermissions.ps1
@@ -32,7 +32,7 @@ function Get-CippAllowedPermissions {
     $AllPermissionCacheTable = Get-CIPPTable -tablename 'cachehttppermissions'
     $AllPermissionsRow = Get-CIPPAzDataTableEntity @AllPermissionCacheTable -Filter "PartitionKey eq 'HttpFunctions' and RowKey eq 'HttpFunctions' and Version eq '$($Version)'"
 
-    if (-not $AllPermissionsRow) {
+    if (-not $AllPermissionsRow.Permissions) {
         $AllPermissions = Get-CIPPHttpFunctions -ByRole | Select-Object -ExpandProperty Permission
         $Entity = @{
             PartitionKey = 'HttpFunctions'

diff --git a/...re/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAServiceExclusion.ps1 b/...re/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAServiceExclusion.ps1
@@ -1,4 +1,4 @@
-Function Invoke-ExecCAServiceExclusion {
+function Invoke-ExecCAServiceExclusion {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -17,15 +17,15 @@ Function Invoke-ExecCAServiceExclusion {
     try {
         $result = Set-CIPPCAPolicyServiceException -TenantFilter $TenantFilter -PolicyId $ID
         $Body = @{ Results = $result }
-        Write-LogMessage -headers $Headers -API 'Set-CIPPCAPolicyServiceException' -message $Message -Sev 'Info' -tenant $TenantFilter
+        Write-LogMessage -headers $Headers -API 'Set-CIPPCAPolicyServiceException' -message $result -Sev 'Info' -tenant $TenantFilter
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
         $Body = @{ Results = "Failed to add service provider exception to policy $($ID): $($ErrorMessage.NormalizedError)" }
         Write-LogMessage -headers $Headers -API 'Set-CIPPCAPolicyServiceException' -message "Failed to update policy $($PolicyId) with service provider exception for tenant $($CSPtenantId): $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_)
     }
 
     return ([HttpResponseContext]@{
-        StatusCode = [HttpStatusCode]::OK
-        Body       = $Body
-    })
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Body
+        })
 }
diff --git a/...PPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPAccessAssignments.ps1 b/...PPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPAccessAssignments.ps1
@@ -2,6 +2,8 @@ function Invoke-ListGDAPAccessAssignments {
     <#
     .FUNCTIONALITY
         Entrypoint,AnyTenant
+    .ROLE
+        Tenant.Relationship.Read
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)

diff --git a/...s/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-CIPPStandardsRun.ps1 b/...s/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-CIPPStandardsRun.ps1
@@ -53,26 +53,21 @@ function Invoke-CIPPStandardsRun {
             Test-CIPPRerun -ClearAll -TenantFilter $TenantFilter -Type 'Standard'
         }
 
-        # Get tenant list for batch processing
-        write-host "Getting tenants for filter: $TenantFilter"
-        $AllTenantsList = if ($TenantFilter -eq 'allTenants') {
-            Get-Tenants
-        } else {
-            Get-Tenants | Where-Object {
-                $_.defaultDomainName -eq $TenantFilter -or $_.customerId -eq $TenantFilter
-            }
+        $StandardsParams = @{
+            TenantFilter = $TenantFilter
+            runManually  = $runManually
         }
-
-        if ($AllTenantsList.Count -eq 0) {
-            Write-Information "No tenants found for filter $TenantFilter"
-            return
+        if ($TemplateID) {
+            $StandardsParams['TemplateId'] = $TemplateID
         }
 
+        $AllTenantsList = Get-CIPPStandards @StandardsParams | Select-Object -ExpandProperty Tenant | Sort-Object -Unique
+
         # Build batch of per-tenant list activities
         $Batch = foreach ($Tenant in $AllTenantsList) {
             $BatchItem = @{
                 FunctionName = 'CIPPStandardsList'
-                TenantFilter = $Tenant.defaultDomainName
+                TenantFilter = $Tenant
                 runManually  = $runManually
             }
             if ($TemplateID) {