bmsimp · pull · Aug 21, 2025 · Aug 9, 2025 · Aug 11, 2025 · Aug 19, 2025
diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1
@@ -102,6 +102,7 @@ function Add-CIPPAzDataTableEntity {
 
                             $propertiesToRemove = [System.Collections.Generic.List[object]]::new()
                             foreach ($key in $SingleEnt.Keys) {
+                                if ($key -in @('RowKey', 'PartitionKey')) { continue }
                                 $newEntitySize = [System.Text.Encoding]::UTF8.GetByteCount($($newEntity | ConvertTo-Json -Compress))
                                 if ($newEntitySize -lt $MaxRowSize) {
                                     $propertySize = [System.Text.Encoding]::UTF8.GetByteCount($SingleEnt[$key].ToString())

diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertSmtpAuthSuccess.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertSmtpAuthSuccess.ps1
@@ -0,0 +1,32 @@
+function Get-CIPPAlertSmtpAuthSuccess {
+    <#
+    .FUNCTIONALITY
+        Entrypoint – Check sign-in logs for SMTP AUTH with success status
+    #>
+    [CmdletBinding()]
+    Param (
+        [Parameter(Mandatory = $false)]
+        [Alias('input')]
+        $InputValue,
+        $TenantFilter
+    )
+
+    try {
+        # Graph API endpoint for sign-ins
+        $uri = "https://graph.microsoft.com/v1.0/auditLogs/signIns?`$filter=clientAppUsed eq 'SMTP' and status/errorCode eq 0"
+
+        # Call Graph API for the given tenant
+        $SignIns = New-GraphGetRequest -uri $uri -tenantid $TenantFilter
+
+        # Select only the properties you care about
+        $AlertData = $SignIns.value | Select-Object userPrincipalName, createdDateTime, clientAppUsed, ipAddress, status
+
+        # Write results into the alert pipeline
+        Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
+
+    } catch {
+        # Suppress errors if no data returned
+        # Uncomment if you want explicit error logging
+        # Write-AlertMessage -tenant $($TenantFilter) -message "Failed to query SMTP AUTH sign-ins for $($TenantFilter): $(Get-NormalizedError -message $_.Exception.message)"
+    }
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1
@@ -364,7 +364,7 @@ function Push-ExecOnboardTenantQueue {
                 $Table = Get-CippTable -tablename 'templates'
                 $ExistingTemplates = Get-CippazDataTableEntity @Table -Filter "PartitionKey eq 'StandardsTemplateV2'" | Where-Object { $_.JSON -match 'AllTenants' }
                 foreach ($AllTenantsTemplate in $ExistingTemplates) {
-                    $object = $AllTenantesTemplate.JSON | ConvertFrom-Json
+                    $object = $AllTenantsTemplate.JSON | ConvertFrom-Json
                     $NewExcludedTenants = [system.collections.generic.list[object]]::new()
                     if (!$object.excludedTenants) {
                         $object | Add-Member -MemberType NoteProperty -Name 'excludedTenants' -Value @() -Force

diff --git a/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1 b/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionMapping.ps1
@@ -1,121 +1,127 @@
 using namespace System.Net
 
 Function Invoke-ExecExtensionMapping {
-    <#
+  <#
     .FUNCTIONALITY
         Entrypoint
     .ROLE
         CIPP.Extension.ReadWrite
     #>
-    [CmdletBinding()]
-    param($Request, $TriggerMetadata)
+  [CmdletBinding()]
+  param($Request, $TriggerMetadata)
 
-    $APIName = $Request.Params.CIPPEndpoint
-    $Headers = $Request.Headers
-    Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
+  $APIName = $Request.Params.CIPPEndpoint
+  $Headers = $Request.Headers
+  Write-LogMessage -headers $Headers -API $APIName -message 'Accessed this API' -Sev 'Debug'
 
-    $Table = Get-CIPPTable -TableName CippMapping
+  $Table = Get-CIPPTable -TableName CippMapping
 
-    if ($Request.Query.List) {
-        switch ($Request.Query.List) {
-            'HaloPSA' {
-                $Result = Get-HaloMapping -CIPPMapping $Table
-            }
-            'NinjaOne' {
-                $Result = Get-NinjaOneOrgMapping -CIPPMapping $Table
-            }
-            'NinjaOneFields' {
-                $Result = Get-NinjaOneFieldMapping -CIPPMapping $Table
-            }
-            'Hudu' {
-                $Result = Get-HuduMapping -CIPPMapping $Table
-            }
-            'HuduFields' {
-                $Result = Get-HuduFieldMapping -CIPPMapping $Table
-            }
-            'Sherweb' {
-                $Result = Get-SherwebMapping -CIPPMapping $Table
-            }
-            'HaloPSAFields' {
-                $TicketTypes = Get-HaloTicketType
-                $Result = @{'TicketTypes' = $TicketTypes }
-            }
-            'PWPushFields' {
-                $Accounts = Get-PwPushAccount
-                $Result = @{
-                    'Accounts' = $Accounts
-                }
-            }
+  if ($Request.Query.List) {
+    switch ($Request.Query.List) {
+      'HaloPSA' {
+        $Result = Get-HaloMapping -CIPPMapping $Table
+      }
+      'NinjaOne' {
+        $Result = Get-NinjaOneOrgMapping -CIPPMapping $Table
+      }
+      'NinjaOneFields' {
+        $Result = Get-NinjaOneFieldMapping -CIPPMapping $Table
+      }
+      'Hudu' {
+        $Result = Get-HuduMapping -CIPPMapping $Table
+      }
+      'HuduFields' {
+        $Result = Get-HuduFieldMapping -CIPPMapping $Table
+      }
+      'Sherweb' {
+        $Result = Get-SherwebMapping -CIPPMapping $Table
+      }
+      'HaloPSAFields' {
+        $TicketTypes = Get-HaloTicketType
+        $Outcomes = Get-HaloTicketOutcome
+        $Result = @{
+          'TicketTypes' = $TicketTypes
+          'Outcomes'    = $Outcomes
         }
+      }
+      'PWPushFields' {
+        $Accounts = Get-PwPushAccount
+        $Result = @{
+          'Accounts' = $Accounts
+        }
+      }
     }
+  }
 
-    try {
-        if ($Request.Query.AddMapping) {
-            switch ($Request.Query.AddMapping) {
-                'Sherweb' {
-                    $Result = Set-SherwebMapping -CIPPMapping $Table -APIName $APIName -Request $Request
-                }
-                'HaloPSA' {
-                    $Result = Set-HaloMapping -CIPPMapping $Table -APIName $APIName -Request $Request
-                }
-                'NinjaOne' {
-                    $Result = Set-NinjaOneOrgMapping -CIPPMapping $Table -APIName $APIName -Request $Request
-                    Register-CIPPExtensionScheduledTasks
-                }
-                'NinjaOneFields' {
-                    $Result = Set-NinjaOneFieldMapping -CIPPMapping $Table -APIName $APIName -Request $Request -TriggerMetadata $TriggerMetadata
-                    Register-CIPPExtensionScheduledTasks
-                }
-                'Hudu' {
-                    $Result = Set-HuduMapping -CIPPMapping $Table -APIName $APIName -Request $Request
-                    Register-CIPPExtensionScheduledTasks
-                }
-                'HuduFields' {
-                    $Result = Set-ExtensionFieldMapping -CIPPMapping $Table -APIName $APIName -Request $Request -Extension 'Hudu'
-                    Register-CIPPExtensionScheduledTasks
-                }
-            }
+  try {
+    if ($Request.Query.AddMapping) {
+      switch ($Request.Query.AddMapping) {
+        'Sherweb' {
+          $Result = Set-SherwebMapping -CIPPMapping $Table -APIName $APIName -Request $Request
+        }
+        'HaloPSA' {
+          $Result = Set-HaloMapping -CIPPMapping $Table -APIName $APIName -Request $Request
+        }
+        'NinjaOne' {
+          $Result = Set-NinjaOneOrgMapping -CIPPMapping $Table -APIName $APIName -Request $Request
+          Register-CIPPExtensionScheduledTasks
+        }
+        'NinjaOneFields' {
+          $Result = Set-NinjaOneFieldMapping -CIPPMapping $Table -APIName $APIName -Request $Request -TriggerMetadata $TriggerMetadata
+          Register-CIPPExtensionScheduledTasks
         }
-        $StatusCode = [HttpStatusCode]::OK
-    } catch {
-        $ErrorMessage = Get-CippException -Exception $_
-        $Result = "Mapping API failed. $($ErrorMessage.NormalizedError)"
-        Write-LogMessage -API $APIName -headers $Headers -message $Result -Sev 'Error' -LogData $ErrorMessage
-        $StatusCode = [HttpStatusCode]::InternalServerError
+        'Hudu' {
+          $Result = Set-HuduMapping -CIPPMapping $Table -APIName $APIName -Request $Request
+          Register-CIPPExtensionScheduledTasks
+        }
+        'HuduFields' {
+          $Result = Set-ExtensionFieldMapping -CIPPMapping $Table -APIName $APIName -Request $Request -Extension 'Hudu'
+          Register-CIPPExtensionScheduledTasks
+        }
+      }
     }
+    $StatusCode = [HttpStatusCode]::OK
+  }
+  catch {
+    $ErrorMessage = Get-CippException -Exception $_
+    $Result = "Mapping API failed. $($ErrorMessage.NormalizedError)"
+    Write-LogMessage -API $APIName -headers $Headers -message $Result -Sev 'Error' -LogData $ErrorMessage
+    $StatusCode = [HttpStatusCode]::InternalServerError
+  }
 
-    try {
-        if ($Request.Query.AutoMapping) {
-            switch ($Request.Query.AutoMapping) {
-                'NinjaOne' {
-                    $Batch = [PSCustomObject]@{
-                        'NinjaAction'  = 'StartAutoMapping'
-                        'FunctionName' = 'NinjaOneQueue'
-                    }
-                    $InputObject = [PSCustomObject]@{
-                        OrchestratorName = 'NinjaOneOrchestrator'
-                        Batch            = @($Batch)
-                    }
-                    #Write-Host ($InputObject | ConvertTo-Json)
-                    $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
-                    Write-Host "Started permissions orchestration with ID = '$InstanceId'"
-                    $Result = 'AutoMapping Request has been queued. Exact name matches will appear first and matches on device names and serials will take longer. Please check the CIPP Logbook and refresh the page once complete.'
-                }
-
-            }
+  try {
+    if ($Request.Query.AutoMapping) {
+      switch ($Request.Query.AutoMapping) {
+        'NinjaOne' {
+          $Batch = [PSCustomObject]@{
+            'NinjaAction'  = 'StartAutoMapping'
+            'FunctionName' = 'NinjaOneQueue'
+          }
+          $InputObject = [PSCustomObject]@{
+            OrchestratorName = 'NinjaOneOrchestrator'
+            Batch            = @($Batch)
+          }
+          #Write-Host ($InputObject | ConvertTo-Json)
+          $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
+          Write-Host "Started permissions orchestration with ID = '$InstanceId'"
+          $Result = 'AutoMapping Request has been queued. Exact name matches will appear first and matches on device names and serials will take longer. Please check the CIPP Logbook and refresh the page once complete.'
         }
-        $StatusCode = [HttpStatusCode]::OK
-    } catch {
-        $ErrorMessage = Get-CippException -Exception $_
-        $Result = "Mapping API failed. $($ErrorMessage.NormalizedError)"
-        Write-LogMessage -API $APIName -headers $Headers -message $Result -Sev 'Error' -LogData $ErrorMessage
-        $StatusCode = [HttpStatusCode]::InternalServerError
+
+      }
     }
+    $StatusCode = [HttpStatusCode]::OK
+  }
+  catch {
+    $ErrorMessage = Get-CippException -Exception $_
+    $Result = "Mapping API failed. $($ErrorMessage.NormalizedError)"
+    Write-LogMessage -API $APIName -headers $Headers -message $Result -Sev 'Error' -LogData $ErrorMessage
+    $StatusCode = [HttpStatusCode]::InternalServerError
+  }
 
-    # Associate values to output bindings by calling 'Push-OutputBinding'.
-    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-            StatusCode = $StatusCode
-            Body       = $Result
-        })
+  # Associate values to output bindings by calling 'Push-OutputBinding'.
+  Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+      StatusCode = $StatusCode
+      Body       = $Result
+    })
 
 }
diff --git a/...ic/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecModifyCalPerms.ps1 b/...ic/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ExecModifyCalPerms.ps1
@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecModifyCalPerms {
+function Invoke-ExecModifyCalPerms {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -64,6 +64,7 @@ Function Invoke-ExecModifyCalPerms {
         $Modification = $Permission.Modification
         $CanViewPrivateItems = $Permission.CanViewPrivateItems ?? $false
         $FolderName = $Permission.FolderName ?? 'Calendar'
+        $SendNotificationToUser = $Permission.SendNotificationToUser ?? $false
 
         Write-LogMessage -headers $Headers -API $APIName -message "Permission Level: $PermissionLevel, Modification: $Modification, CanViewPrivateItems: $CanViewPrivateItems, FolderName: $FolderName" -Sev 'Debug'
 
@@ -76,16 +77,17 @@ Function Invoke-ExecModifyCalPerms {
             try {
                 Write-LogMessage -headers $Headers -API $APIName -message "Processing target user: $TargetUser" -Sev 'Debug'
                 $Params = @{
-                    APIName              = $APIName
-                    Headers              = $Headers
-                    RemoveAccess         = if ($Modification -eq 'Remove') { $TargetUser } else { $null }
-                    TenantFilter         = $TenantFilter
-                    UserID               = $UserId
-                    folderName           = $FolderName
-                    UserToGetPermissions = $TargetUser
-                    LoggingName          = $TargetUser
-                    Permissions          = $PermissionLevel
-                    CanViewPrivateItems  = $CanViewPrivateItems
+                    APIName                = $APIName
+                    Headers                = $Headers
+                    RemoveAccess           = if ($Modification -eq 'Remove') { $TargetUser } else { $null }
+                    TenantFilter           = $TenantFilter
+                    UserID                 = $UserId
+                    folderName             = $FolderName
+                    UserToGetPermissions   = $TargetUser
+                    LoggingName            = $TargetUser
+                    Permissions            = $PermissionLevel
+                    CanViewPrivateItems    = $CanViewPrivateItems
+                    SendNotificationToUser = $SendNotificationToUser
                 }
 
                 # Write-Host "Request params: $($Params | ConvertTo-Json)"

diff --git a/.../Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListMailboxes.ps1 b/.../Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListMailboxes.ps1
@@ -17,7 +17,7 @@ Function Invoke-ListMailboxes {
     # Interact with query parameters or the body of the request.
     $TenantFilter = $Request.Query.tenantFilter
     try {
-        $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled,PersistedCapabilities,LitigationHoldEnabled,LitigationHoldDate,LitigationHoldDuration,ComplianceTagHoldApplied,RetentionHoldEnabled,InPlaceHolds'
+        $Select = 'id,ExchangeGuid,ArchiveGuid,UserPrincipalName,DisplayName,PrimarySMTPAddress,RecipientType,RecipientTypeDetails,EmailAddresses,WhenSoftDeleted,IsInactiveMailbox,ForwardingSmtpAddress,DeliverToMailboxAndForward,ForwardingAddress,HiddenFromAddressListsEnabled,ExternalDirectoryObjectId,MessageCopyForSendOnBehalfEnabled,MessageCopyForSentAsEnabled,PersistedCapabilities,LitigationHoldEnabled,LitigationHoldDate,LitigationHoldDuration,ComplianceTagHoldApplied,RetentionHoldEnabled,InPlaceHolds,RetentionPolicy'
         $ExoRequest = @{
             tenantid  = $TenantFilter
             cmdlet    = 'Get-Mailbox'
@@ -76,7 +76,8 @@ Function Invoke-ListMailboxes {
         @{ Name = 'LicensedForLitigationHold'; Expression = { ($_.PersistedCapabilities -contains 'BPOS_S_DlpAddOn' -or $_.PersistedCapabilities -contains 'BPOS_S_Enterprise') } },
         ComplianceTagHoldApplied,
         RetentionHoldEnabled,
-        InPlaceHolds
+        InPlaceHolds,
+        RetentionPolicy
         # This select also exists in ListUserMailboxDetails and should be updated if this is changed here