starred/CIPP

Fork 0

mirror of https://github.com/KelvinTegelaar/CIPP.git synced 2026-04-25 16:26:09 +03:00

[GH-ISSUE #3928] [Feature Request]: Inject CA exclude service provider for partner tenant #1762

New issue

Closed

opened 2026-03-02 13:46:53 +03:00 by kerem · 5 comments

kerem commented

2026-03-02 13:46:53 +03:00

Owner

Originally created by @mrapoc on GitHub (Apr 4, 2025).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3928

Originally assigned to: @rvdwegen on GitHub.

Please confirm:

I have searched existing feature requests (open and closed) and found no duplicates.
**me or my organization is currently an active sponsor of the product at the $99,- level.

Problem Statement

Will be great to inject in bulk the recommended CA exclusion for partner tenant for CIPP using standards and/or via the conditional access page. It could also be an option when importing CA policies from the repository or when importing to a tenant.

Benefits for MSPs

It takes time and can be missed when setting up CA policies meaning CIPP functions can be broken until rectified. It also means we do not need to modify the existing template files to try and hard code this prior to import.

Value or Importance

Very important to ensure CA policies do not break CIPP functionality and human error can mean it sometimes gets missed especially when using a repo import or baseline.

PowerShell Commands (Optional)

No response

Originally created by @mrapoc on GitHub (Apr 4, 2025). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3928 Originally assigned to: @rvdwegen on GitHub. ### Please confirm: - [x] **I have searched existing feature requests** (open and closed) and found no duplicates. - [x] **me or my organization is currently an active sponsor of the product at the $99,- level. ### Problem Statement Will be great to inject in bulk the recommended CA exclusion for partner tenant for CIPP using standards and/or via the conditional access page. It could also be an option when importing CA policies from the repository or when importing to a tenant. ### Benefits for MSPs It takes time and can be missed when setting up CA policies meaning CIPP functions can be broken until rectified. It also means we do not need to modify the existing template files to try and hard code this prior to import. ### Value or Importance Very important to ensure CA policies do not break CIPP functionality and human error can mean it sometimes gets missed especially when using a repo import or baseline. ### PowerShell Commands (Optional) _No response_

kerem

2026-03-02 13:46:53 +03:00

closed this issue
added the
enhancement

no-priority

roadmap
labels

kerem commented

2026-03-02 13:46:54 +03:00

Author

Owner

@HappyEarthDay commented on GitHub (Apr 6, 2025):

We would also love this feature. Maybe have it as a standard as well? "Exclude Partner Tenant from all CA Policies"

Loop through each existing CA policy in the tenant.
Check for existing partner tenant ID exclusion.
If it doesn't exist, create it.

Edit: I can't tell you how many times any engineer pings me and says: "CIPP/GDAP is broken!" It's always because there's CA policy that doesn't have the exclusion, and we have to manually check each one.

@HappyEarthDay commented on GitHub (Apr 6, 2025): We would also love this feature. Maybe have it as a standard as well? "_Exclude Partner Tenant from all CA Policies_" 1. Loop through each existing CA policy in the tenant. 2. Check for existing partner tenant ID exclusion. 3. If it doesn't exist, create it. Edit: I can't tell you how many times any engineer pings me and says: "CIPP/GDAP is broken!" It's always because there's CA policy that doesn't have the exclusion, and we have to manually check each one.

kerem commented

2026-03-02 13:46:54 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Apr 24, 2025):

This issue is stale because it has been open 10 days with no activity. We will close this issue soon. If you want this feature implemented you can contribute it. See: https://docs.cipp.app/dev-documentation/contributing-to-the-code . Please notify the team if you are working on this yourself.

@github-actions[bot] commented on GitHub (Apr 24, 2025): This issue is stale because it has been open 10 days with no activity. We will close this issue soon. If you want this feature implemented you can contribute it. See: https://docs.cipp.app/dev-documentation/contributing-to-the-code . Please notify the team if you are working on this yourself.

kerem commented

2026-03-02 13:46:54 +03:00

Author

Owner

@rvdwegen commented on GitHub (May 16, 2025):

@KelvinTegelaar I have most of this with the different scenarios in my old work files somewhere. Need to look it up when we start on this item.

@rvdwegen commented on GitHub (May 16, 2025): @KelvinTegelaar I have most of this with the different scenarios in my old work files somewhere. Need to look it up when we start on this item.

kerem commented

2026-03-02 13:46:54 +03:00

Author

Owner

@rvdwegen commented on GitHub (Jul 8, 2025):

Picking this up this week

@rvdwegen commented on GitHub (Jul 8, 2025): Picking this up this week

kerem commented

2026-03-02 13:46:54 +03:00

Author

Owner

@rvdwegen commented on GitHub (Jul 9, 2025):

Added as an action to the CA policies page. It should handle every possible scenario.

A standard needs a deeper think because you run the risk of the template deployment standard and a hypothetical exception adding standard of getting into a fight.

@rvdwegen commented on GitHub (Jul 9, 2025): Added as an action to the CA policies page. It should handle every possible scenario. A standard needs a deeper think because you run the risk of the template deployment standard and a hypothetical exception adding standard of getting into a fight.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1762

No description provided.

Rows
Columns