starred/CIPP
1
0
Fork 0
mirror of https://github.com/KelvinTegelaar/CIPP.git synced 2026-04-25 16:26:09 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1424] Outlook Spoof Warning Not Working #789

New issue
Closed
opened 2026-03-02 12:45:15 +03:00 by kerem · 4 comments
kerem commented 2026-03-02 12:45:15 +03:00
Owner
Copy link

Originally created by @CorneliousJD on GitHub (Mar 20, 2023).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1424

Description

I had been in discussion via Discord with MrGeek who I know was also in discussion with you as well at some point on this.

The issue is that the spoof warning set to be turned on only logs in the CIPP logs as "Spoofing warnings set to false" when it should be ENABLING it for all of them.
What's worse is after manually enabling it and then manually running a standard, it gets RESET to false again.

If I check later with Get-ExternalInOutlook it confirms that the Spoof warning is indeed set to false.
Here's a sample of that.
image
image

My Standards config is a single line in the standards table for AllTenants -- no other standards applied.
Note that I have also deleted/recreated this table, and tried to delete/recreate the standard on 3.1.0 and 3.2.0 but issues persist the same regardless.

My actual standard config is here, with e-mails redacted.
{ "Tenant": "AllTenants", "AddedBy": "me@domain.net", "AppliedAt": "2023-03-17T20:35:42", "Standards": { "SendFromAlias": true, "DisableSelfServiceLicenses": true, "AutoExpandArchive": true, "AnonReportDisable": true, "PWdisplayAppInformationRequiredState": true, "DelegateSentItems": true, "AuditLog": true, "DisableViva": true, "DisableUserSiteCreate": true, "NudgeMFA": true, "PasswordExpireDisabled": true, "TAP": { "Enabled": true, "config": "true" }, "DeletedUserRentention": true, "ModernAuth": true, "MailContacts": { "MarketingContact": { "Enabled": true, "Mail": "365marketing@domain.net" }, "GeneralContact": { "Enabled": true, "Mail": "365general@domain.net" }, "SecurityContact": { "Enabled": true, "Mail": "365security@domain.net" }, "TechContact": { "Enabled": true, "Mail": "365technical@domain.net" } }, "SecurityDefaults": true, "SpoofWarn": { "enable": true } }}

If I manually PowerShell into a tenant it does indeed let me enable it...
image

What's worse is after manually enabling it and then manually running a standard, it gets RESET to false again.

Environment data

self-hosted via Azure app, latest production version. (3.2 at time of writing)
Originally created by @CorneliousJD on GitHub (Mar 20, 2023). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/1424 ### Description I had been in discussion via Discord with MrGeek who I know was also in discussion with you as well at some point on this. The issue is that the spoof warning set to be turned on only logs in the CIPP logs as "Spoofing warnings set to false" when it should be ENABLING it for all of them. **What's worse is after manually enabling it and then manually running a standard, it gets RESET to false again.** If I check later with Get-ExternalInOutlook it confirms that the Spoof warning is indeed set to false. Here's a sample of that. ![image](https://user-images.githubusercontent.com/724777/226338721-1e4148c6-5183-4fdc-a7cf-192b2ac814e7.png) ![image](https://user-images.githubusercontent.com/724777/226338781-d31572f2-238a-49a7-a542-08be098d8690.png) My Standards config is a single line in the standards table for AllTenants -- no other standards applied. Note that I have also deleted/recreated this table, and tried to delete/recreate the standard on 3.1.0 and 3.2.0 but issues persist the same regardless. My actual standard config is here, with e-mails redacted. `{ "Tenant": "AllTenants", "AddedBy": "me@domain.net", "AppliedAt": "2023-03-17T20:35:42", "Standards": { "SendFromAlias": true, "DisableSelfServiceLicenses": true, "AutoExpandArchive": true, "AnonReportDisable": true, "PWdisplayAppInformationRequiredState": true, "DelegateSentItems": true, "AuditLog": true, "DisableViva": true, "DisableUserSiteCreate": true, "NudgeMFA": true, "PasswordExpireDisabled": true, "TAP": { "Enabled": true, "config": "true" }, "DeletedUserRentention": true, "ModernAuth": true, "MailContacts": { "MarketingContact": { "Enabled": true, "Mail": "365marketing@domain.net" }, "GeneralContact": { "Enabled": true, "Mail": "365general@domain.net" }, "SecurityContact": { "Enabled": true, "Mail": "365security@domain.net" }, "TechContact": { "Enabled": true, "Mail": "365technical@domain.net" } }, "SecurityDefaults": true, "SpoofWarn": { "enable": true } }}` If I manually PowerShell into a tenant it does indeed let me enable it... ![image](https://user-images.githubusercontent.com/724777/226337863-ae4733d8-2965-4bba-b70d-673f047a26fa.png) **What's worse is after manually enabling it and then manually running a standard, it gets RESET to false again.** ### Environment data ```PowerShell self-hosted via Azure app, latest production version. (3.2 at time of writing) ```
kerem 2026-03-02 12:45:15 +03:00
kerem commented 2026-03-02 12:45:16 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 20, 2023):

Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP
If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.".

Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".

<!-- gh-comment-id:1476140503 --> @github-actions[bot] commented on GitHub (Mar 20, 2023): Thank you for creating a bug. Please make sure your bug is indeed a unique case by checking current and past issues, and reading the complete documentation at https://kelvintegelaar.github.io/CIPP If your bug is a known documentation issue, it will be closed without notice by a contributor. To confirm that this is not a bug found in the documentation, please copy and paste the following comment: "I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.". Without confirming, your report will be closed in 24 hours. If you'd like this bug to be assigned to you, please comment "I would like to work on this please!".
kerem commented 2026-03-02 12:45:16 +03:00
Author
Owner
Copy link

@CorneliousJD commented on GitHub (Mar 20, 2023):

I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.

<!-- gh-comment-id:1476141584 --> @CorneliousJD commented on GitHub (Mar 20, 2023): I confirm that I have checked the documentation thoroughly and believe this to be an actual bug.
kerem commented 2026-03-02 12:45:16 +03:00
Author
Owner
Copy link

@CorneliousJD commented on GitHub (Mar 20, 2023):

Worked with Kelvin via Discord chat.

Tested by created a new individual standard for one tenant that included ONLY enable spoof warn, which worked.
{ "Tenant": "tenant.com", "AddedBy": "me@domain.net", "AppliedAt": "2023-03-20T17:46:25", "Standards": { "SpoofWarn": { "enable": true } }}
image

Then I removed their individual standard and let them be part of the "AllTenants" standard again which flipped them back to having it disabled again. Confirmed this via Get-ExternalInOutlook cmdlet.

Once this is fixed under alltenants I can test and confirm that it is working correctly across various tenants.

<!-- gh-comment-id:1476708124 --> @CorneliousJD commented on GitHub (Mar 20, 2023): Worked with Kelvin via Discord chat. Tested by created a new individual standard for one tenant that included ONLY enable spoof warn, which worked. `{ "Tenant": "tenant.com", "AddedBy": "me@domain.net", "AppliedAt": "2023-03-20T17:46:25", "Standards": { "SpoofWarn": { "enable": true } }}` ![image](https://user-images.githubusercontent.com/724777/226428441-86a59a1a-caa7-4dd5-ba0a-653849930c5f.png) Then I removed their individual standard and let them be part of the "AllTenants" standard again which flipped them back to having it disabled again. Confirmed this via Get-ExternalInOutlook cmdlet. Once this is fixed under alltenants I can test and confirm that it is working correctly across various tenants.
kerem commented 2026-03-02 12:45:16 +03:00
Author
Owner
Copy link

@KelvinTegelaar commented on GitHub (Mar 21, 2023):

Fixed in dev. @BNWEIN See latest commit for the changed you needed to make.

<!-- gh-comment-id:1477771183 --> @KelvinTegelaar commented on GitHub (Mar 21, 2023): Fixed in dev. @BNWEIN See latest commit for the changed you needed to make.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
docs
dev
dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42
dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2
dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0
dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2
dependabot/npm_and_yarn/dev/recharts-3.8.1
dependabot/github_actions/dev/actions/setup-node-6.4.0
copilot/add-alert-for-report-only-ca
release/beta
release/nightly
docs-maintenance
v10.4.0
v10.3.0
v10.2.0
v10.1.0
v10.0.0
v8.8.0
v8.7.0
v8.6.0
v8.5.0
v8.4.0
v8.3.0
v8.2.0
v8.1.0
v8.0.0
v7.5.0
v7.4.0
v7.3.0
v7.2.0
v7.1.0
v7.0.1
v6.4.0
v6.3.0
v6.2.0
v6.1.0
v6.0.0
v5.9.0
v5.8.5
v5.8.0
v5.7.0
v5.6.0
v5.5.0
v5.4.0
v5.3.0
v5.2.0
v5.1.0
v5.0.0
v4.9.0
v4.8.0
v4.7.0
v.4.6.0
v4.5.0
v4.4.0
v4.3.0
v4.2.0
v4.1.0
v4.0.0
v3.8.0
v3.7.0
v3.6.0
v3.5.0
v3.4.0
v3.3.0
v3.2.0
v3.1.0
v3.0.0
v2.20.0
v2.19.0
v2.18.0
v2.17.0
v2.16.0
v2.15.0
v2.13.0
v2.12.0
v2.11.2
v2.1.11.0
v.2.10.0
v2.9.0
v2.8.0
v2.7.0
v2.6.0
v2.5.5
v2.5.0
v2.4.0
v.2.3.0
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.1
2.0.0
v1.5.1
v1.5.0
v1.4.3
v1.4.2
v1.4.0
v1.3.0
v1.2.1
v1.2.0
1.1.0
release
Labels
Clear labels   
API

   
Feature

   
NotABug

   
NotABug

   
Planned

   
Sponsor Priority

   
Sponsor Priority

   
bug

   
documentation

   
duplicate

   
enhancement

   
needs more info

   
no-activity

   
no-priority

   
not-assigned

   
pull-request

Mirrored from GitHub Pull Request

  
react-conversion

   
react-conversion

   
roadmap

   
security

   
stale

   
unconfirmed-by-user

   
unconfirmed-by-user

   
wontfix
No labels
API
Feature
NotABug
NotABug
Planned
Sponsor Priority
Sponsor Priority
bug
documentation
duplicate
enhancement
needs more info
no-activity
no-priority
not-assigned
pull-request
react-conversion
react-conversion
roadmap
security
stale
unconfirmed-by-user
unconfirmed-by-user
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/CIPP#789
No description provided.