…derTVM

Changed  'affectedDevices' to create an array of objects instead of joining device names with commas. This makes them look a lot nicer in the tables.

Enhance Import-CommunityTemplate to detect duplicate templates (GroupTemplate, CATemplate, IntuneTemplate), preserve existing GUID/RowKey when updating, and skip imports when SHA matches (unless -Force). Introduce a $StatusMessage, log informative messages for create/update/skip cases, preserve Package from duplicates, and return the status string. Update callers (Invoke-ExecCommunityRepo and New-CIPPTemplateRun) to capture and use the import result (write/log it and include it in results), and pass Source where needed. These changes add feedback and prevent creating duplicate template records.

Fix(reusable-settings): Data normalizing and formatting

- Introduced logic to handle AssignmentFilterName and AssignmentFilterType.
- Updated parameters for Set-CIPPIntunePolicy to include assignment filter details if provided.

chore: Update .gitignore and improve alert device handling

…ed locations

When creating a new named location, the uncaptured Select-Object on line 198 leaked an id-less object into $LocationLookupTable. This caused duplicate lookup matches where $lookup.id resolved to @($null, "guid"), producing invalid nested-array JSON in excludeLocations/includeLocations.
Fixes KelvinTegelaar/CIPP#5368

fix: Fix named location creation in New-CIPPCAPolicy

Update Invoke-AddUser.ps1

feat: Add Invoke-ExecSyncDEP function for DEP sync

feat: Add assignment filter handling in Invoke-AddPolicy

Possibly fixes KelvinTegelaar/CIPP#5338
Sort licenses by License name by default
ADD WORD

Determine allowed tenants via Test-CIPPAccess and compute a TenantFilter (specific tenant domains or 'allTenants'), pass that TenantFilter into Search-CIPPDbData for Users/Groups/default branches, and update Search-CIPPDbData's TenantFilter parameter to accept string[] so multiple tenants can be supplied. This restricts search results to the caller's permitted tenants.

Add support for BitLocker recovery keys: new Search-CIPPBitlockerKeys (search + enrich with Devices/ManagedDevices), Set-CIPPDBCacheBitlockerKeys (cache keys from Graph beta), and Invoke-ExecBitlockerSearch entrypoint to expose search via HTTP with tenant filtering and limits. Also register 'BitlockerKeys' in Push-CIPPDBCacheData and Search-CIPPDbData types so BitLocker data is included in caching and DB searches.

Replace references to UserPrincipalName with UPN when selecting mailbox properties and when passing Identity to Set-Mailbox. Updated three locations: NonCompliantMailboxes selection, Set-Mailbox Parameters (Identity), and the report Filtered selection. This ensures correct property access for mailbox objects that expose UPN.

Feat: Add JIT reason to alert messages (add/remove)

… dev

Allow callers to explicitly request no types by adding 'None' to the Types ValidateSet and handling it by setting $Types to an empty array. Maintains existing 'All' behavior (expands to Permissions, CalendarPermissions, Rules) and preserves default of 'All'. This enables callers to skip processing types when desired.

Extend the Graph API signIns filter to match both 'Authenticated SMTP' and 'SMTP' clientAppUsed values. This ensures successful SMTP authentication events (status/errorCode eq 0) are captured even when the clientAppUsed is reported as 'SMTP'. Updated the $uri in Get-CIPPAlertSmtpAuthSuccess.ps1 accordingly.

Replace array coercion and debug output with a strongly-typed System.Collections.Generic.List[object] that is populated via foreach and assigned to PostExecParams['Results']. This removes the Write-Information debug line and ensures a consistent generic list type is passed to downstream consumers, avoiding array-coercion/serialization issues. (Change in Modules/CippEntrypoints/CippEntrypoints.psm1)

Feat: MFA alert data enrichment

fix(reusable-settings): casing, filtering, and RAWJson handling