isgq-github01 · pull · Apr 30, 2026 · Apr 30, 2026 · May 5, 2026 · May 5, 2026
diff --git a/Config/CIPPTimers.json b/Config/CIPPTimers.json
@@ -78,6 +78,7 @@
     "Cron": "0 0 */12 * * *",
     "Priority": 4,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "PreferredProcessor": "standards"
   },
   {
@@ -87,6 +88,7 @@
     "Cron": "0 15 */12 * * *",
     "Priority": 5,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "PreferredProcessor": "standards"
   },
   {
@@ -120,6 +122,7 @@
     "Cron": "0 0 0 * * 0",
     "Priority": 7,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -137,6 +140,7 @@
     "Description": "Orchestrator to process domains",
     "Cron": "0 30 5 * * *",
     "Priority": 22,
+    "TZOffset": true,
     "RunOnProcessor": true
   },
   {
@@ -149,6 +153,7 @@
     "Cron": "0 0 23 * * *",
     "Priority": 10,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -158,6 +163,7 @@
     "Cron": "0 0 0 * * *",
     "Priority": 10,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -166,6 +172,7 @@
     "Description": "Timer to process billing",
     "Cron": "0 0 0 * * *",
     "Priority": 12,
+    "TZOffset": true,
     "RunOnProcessor": true
   },
   {
@@ -174,6 +181,7 @@
     "Description": "Orchestrator to process BPA reports",
     "Cron": "0 0 3 * * *",
     "Priority": 10,
+    "TZOffset": true,
     "RunOnProcessor": true
   },
   {
@@ -191,6 +199,7 @@
     "Cron": "0 0 0 * * *",
     "Priority": 15,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -200,6 +209,7 @@
     "Cron": "0 0 23 * * *",
     "Priority": 20,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -212,6 +222,7 @@
     "Cron": "0 0 0 * * *",
     "Priority": 20,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -221,6 +232,7 @@
     "Cron": "0 0 2 * * *",
     "Priority": 21,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -230,6 +242,7 @@
     "Cron": "0 30 2 * * *",
     "Priority": 22,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -239,6 +252,7 @@
     "Cron": "0 0 3 * * *",
     "Priority": 23,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   },
   {
@@ -248,6 +262,7 @@
     "Cron": "0 0 4 * * *",
     "Priority": 24,
     "RunOnProcessor": true,
+    "TZOffset": true,
     "IsSystem": true
   }
 ]
diff --git a/...iggers/Public/Entrypoints/Activity Triggers/Graph Requests/Push-ListGraphRequestQueue.ps1 b/...iggers/Public/Entrypoints/Activity Triggers/Graph Requests/Push-ListGraphRequestQueue.ps1
@@ -63,6 +63,15 @@ function Push-ListGraphRequestQueue {
             Data         = [string]$Json
         }
         Add-CIPPAzDataTableEntity @Table -Entity $GraphResults -Force | Out-Null
+
+        if ($env:CIPPNG -eq 'true') {
+            try {
+                [Craft.Services.CacheBridge]::InvalidateByScope('AllTenants')
+            } catch {
+                Write-Information "CacheBridge invalidation skipped: $($_.Exception.Message)"
+            }
+        }
+
         return $true
     } catch {
         Write-Warning "Queue Error: $($_.Exception.Message)"

diff --git a/...CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1 b/...CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1
@@ -5,9 +5,11 @@ function Push-UpdatePermissionsQueue {
     #>
     param($Item)
 
-    try {
-        $DomainRefreshRequired = $false
+    $Status = 'Failed'
+    $FailureMessage = $null
+    $DomainRefreshRequired = $false
 
+    try {
         if (!$Item.defaultDomainName) {
             $DomainRefreshRequired = $true
         }
@@ -46,33 +48,55 @@ function Push-UpdatePermissionsQueue {
 
         if ($Item.defaultDomainName -ne 'PartnerTenant') {
             Write-Information 'Pushing CIPP-SAM admin roles'
-            Set-CIPPSAMAdminRoles -TenantFilter $Item.customerId
+            try {
+                Set-CIPPSAMAdminRoles -TenantFilter $Item.customerId
+            } catch {
+                $SamRoleError = Get-CippException -Exception $_
+                Write-Information "Failed to set CIPP-SAM admin roles for $($Item.displayName): $($_.Exception.Message)"
+                Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Failed to set CIPP-SAM admin roles for $($Item.displayName) - $($_.Exception.Message)" -Sev 'Warning' -API 'UpdatePermissionsQueue' -LogData $SamRoleError
+                if ($Status -eq 'Success') {
+                    $Status = 'Failed'
+                    $FailureMessage = "Set-CIPPSAMAdminRoles: $($_.Exception.Message)"
+                }
+            }
         }
-
-        $Table = Get-CIPPTable -TableName cpvtenants
-        $unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
-        $GraphRequest = @{
-            LastApply     = "$unixtime"
-            LastStatus    = "$Status"
-            applicationId = "$($env:ApplicationID)"
-            Tenant        = "$($Item.customerId)"
-            PartitionKey  = 'Tenant'
-            RowKey        = "$($Item.customerId)"
+    } catch {
+        Write-Information "Error updating permissions for $($Item.displayName): $($_.Exception.Message)"
+        Write-Information $_.InvocationInfo.PositionMessage
+        Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Error updating permissions for $($Item.displayName) - $($_.Exception.Message)" -Sev 'Error' -API 'UpdatePermissionsQueue' -LogData (Get-CippException -Exception $_)
+        $Status = 'Failed'
+        if (-not $FailureMessage) {
+            $FailureMessage = $_.Exception.Message
         }
-        if ($PermissionFailures) {
-            $GraphRequest.LastError = $FailureMessage
+    } finally {
+        try {
+            $CpvTable = Get-CIPPTable -TableName cpvtenants
+            $unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
+            $GraphRequest = @{
+                LastApply     = "$unixtime"
+                LastStatus    = "$Status"
+                applicationId = "$($env:ApplicationID)"
+                Tenant        = "$($Item.customerId)"
+                PartitionKey  = 'Tenant'
+                RowKey        = "$($Item.customerId)"
+            }
+            if ($FailureMessage) {
+                $GraphRequest.LastError = "$FailureMessage"
+            }
+            Add-CIPPAzDataTableEntity @CpvTable -Entity $GraphRequest -Force
+        } catch {
+            Write-Information "Failed to persist cpvtenants row for $($Item.displayName): $($_.Exception.Message)"
         }
-        Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force
 
         if ($DomainRefreshRequired) {
-            $UpdatedTenant = Get-Tenants -TenantFilter $Item.customerId -TriggerRefresh
-            if ($UpdatedTenant.defaultDomainName) {
-                Write-Information "Updated tenant domains $($UpdatedTenant.defaultDomainName)"
+            try {
+                $UpdatedTenant = Get-Tenants -TenantFilter $Item.customerId -TriggerRefresh
+                if ($UpdatedTenant.defaultDomainName) {
+                    Write-Information "Updated tenant domains $($UpdatedTenant.defaultDomainName)"
+                }
+            } catch {
+                Write-Information "Failed to refresh tenant domains for $($Item.displayName): $($_.Exception.Message)"
             }
         }
-    } catch {
-        Write-Information "Error updating permissions for $($Item.displayName): $($_.Exception.Message)"
-        Write-Information $_.InvocationInfo.PositionMessage
-        Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Error updating permissions for $($Item.displayName) - $($_.Exception.Message)" -Sev 'Error' -API 'UpdatePermissionsQueue' -LogData (Get-CippException -Exception $_)
     }
 }
diff --git a/...les/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-Z_CIPPQueueTrigger.ps1 b/...les/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Push-Z_CIPPQueueTrigger.ps1
diff --git a/...es/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Tests/Push-CIPPTestsList.ps1 b/...es/CIPPActivityTriggers/Public/Entrypoints/Activity Triggers/Tests/Push-CIPPTestsList.ps1
@@ -31,7 +31,7 @@ function Push-CIPPTestsList {
 
         # Emit one task per suite — suite names must match the ValidateSet in Invoke-CIPPTestCollection.
         # Function discovery happens inside Invoke-CIPPTestCollection via Get-Command (path-independent).
-        $Suites = @('ZTNA', 'ORCA', 'EIDSCA', 'CISA', 'CIS', 'CopilotReadiness', 'GenericTests', 'Custom')
+        $Suites = @('ZTNA', 'ORCA', 'EIDSCA', 'CISA', 'CIS', 'SMB1001', 'CopilotReadiness', 'GenericTests', 'Custom')
 
         $Tasks = foreach ($Suite in $Suites) {
             [PSCustomObject]@{

diff --git a/Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertIntunePolicyConflicts.ps1 b/Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertIntunePolicyConflicts.ps1
@@ -48,9 +48,10 @@ function Get-CIPPAlertIntunePolicyConflicts {
         return
     }
 
-    $AlertableStatuses = @()
-    if ($Config.AlertErrors) { $AlertableStatuses += 'error', 'failed' }
-    if ($Config.AlertConflicts) { $AlertableStatuses += 'conflict' }
+    $AlertableStatuses = @(
+        if ($Config.AlertErrors) { 'error'; 'failed' }
+        if ($Config.AlertConflicts) { 'conflict' }
+    )
 
     if (-not $AlertableStatuses) {
         return
@@ -68,7 +69,7 @@ function Get-CIPPAlertIntunePolicyConflicts {
         return
     }
 
-    $Issues = @()
+    $Issues = [System.Collections.Generic.List[object]]::new()
 
     if ($Config.IncludePolicies) {
         try {
@@ -77,16 +78,16 @@ function Get-CIPPAlertIntunePolicyConflicts {
             foreach ($Device in $ManagedDevices) {
                 $PolicyStates = $Device.deviceConfigurationStates | Where-Object { $_.state -and ($AlertableStatuses -contains $_.state) }
                 foreach ($State in $PolicyStates) {
-                    $Issues += [PSCustomObject]@{
-                        Message           = "Policy '$($State.displayName)' is $($State.state) on device '$($Device.deviceName)' for $($Device.userPrincipalName)."
-                        Tenant            = $TenantFilter
-                        Type              = 'Policy'
-                        PolicyName        = $State.displayName
-                        IssueStatus       = $State.state
-                        DeviceName        = $Device.deviceName
-                        UserPrincipalName = $Device.userPrincipalName
-                        DeviceId          = $Device.id
-                    }
+                    $Issues.Add([PSCustomObject]@{
+                            Message           = "Policy '$($State.displayName)' is $($State.state) on device '$($Device.deviceName)' for $($Device.userPrincipalName)."
+                            Tenant            = $TenantFilter
+                            Type              = 'Policy'
+                            PolicyName        = $State.displayName
+                            IssueStatus       = $State.state
+                            DeviceName        = $Device.deviceName
+                            UserPrincipalName = $Device.userPrincipalName
+                            DeviceId          = $Device.id
+                        })
                 }
             }
         } catch {
@@ -105,16 +106,16 @@ function Get-CIPPAlertIntunePolicyConflicts {
                 }
 
                 foreach ($Status in $BadStatuses) {
-                    $Issues += [PSCustomObject]@{
-                        Message           = "App '$($App.displayName)' install is $($Status.installState) on device '$($Status.deviceName)' for $($Status.userPrincipalName)."
-                        Tenant            = $TenantFilter
-                        Type              = 'Application'
-                        AppName           = $App.displayName
-                        IssueStatus       = $Status.installState
-                        DeviceName        = $Status.deviceName
-                        UserPrincipalName = $Status.userPrincipalName
-                        DeviceId          = $Status.deviceId
-                    }
+                    $Issues.Add([PSCustomObject]@{
+                            Message           = "App '$($App.displayName)' install is $($Status.installState) on device '$($Status.deviceName)' for $($Status.userPrincipalName)."
+                            Tenant            = $TenantFilter
+                            Type              = 'Application'
+                            AppName           = $App.displayName
+                            IssueStatus       = $Status.installState
+                            DeviceName        = $Status.deviceName
+                            UserPrincipalName = $Status.userPrincipalName
+                            DeviceId          = $Status.deviceId
+                        })
                 }
             }
         } catch {
@@ -132,11 +133,11 @@ function Get-CIPPAlertIntunePolicyConflicts {
         $AppCount = ($Issues | Where-Object { $_.Type -eq 'Application' }).Count
 
         $AlertData = @([PSCustomObject]@{
-                Message        = "Found $PolicyCount policy issues and $AppCount application issues in Intune."
-                Tenant         = $TenantFilter
-                PolicyIssues   = $PolicyCount
-                AppIssues      = $AppCount
-                Issues         = $Issues
+                Message      = "Found $PolicyCount policy issues and $AppCount application issues in Intune."
+                Tenant       = $TenantFilter
+                PolicyIssues = $PolicyCount
+                AppIssues    = $AppCount
+                Issues       = $Issues
             })
     } else {
         $AlertData = $Issues

diff --git a/Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertNewAppApproval.ps1
@@ -14,7 +14,7 @@ function Get-CIPPAlertNewAppApproval {
     )
 
     try {
-        $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests?`$top=100&`$filter=userConsentRequests/any (u:u/status eq 'InProgress')" -tenantid $TenantFilter
+        $Approvals = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests?`$top=100&`$filter=userConsentRequests/any(u:u/status eq 'InProgress')" -tenantid $TenantFilter
 
         if ($Approvals.count -gt 0) {
             $TenantGUID = (Get-Tenants -TenantFilter $TenantFilter -SkipDomains).customerId
@@ -24,6 +24,9 @@ function Get-CIPPAlertNewAppApproval {
                 $userConsentRequests = New-GraphGetRequest -Uri "https://graph.microsoft.com/v1.0/identityGovernance/appConsent/appConsentRequests/$($App.id)/userConsentRequests" -tenantid $TenantFilter
 
                 $userConsentRequests | ForEach-Object {
+                    if ($_.status -eq 'Expired') {
+                        return
+                    }
                     $consentUrl = if ($App.consentType -eq 'Static') {
                         # if something is going wrong here you've probably stumbled on a fourth variation - rvdwegen
                         "https://login.microsoftonline.com/$($TenantFilter)/adminConsent?client_id=$($App.appId)&bf_id=$($App.id)&redirect_uri=https://entra.microsoft.com/TokenAuthorize"

diff --git a/Modules/CIPPCore/Public/Add-CIPPBPAField.ps1 b/Modules/CIPPCore/Public/Add-CIPPBPAField.ps1
@@ -34,7 +34,7 @@ function Add-CIPPBPAField {
             $Result[$fieldName] = [string]$JsonString
         }
         'string' {
-            $Result[$fieldName], [string]$FieldValue
+            $Result[$fieldName] = [string]$FieldValue
         }
     }
     Add-CIPPAzDataTableEntity @Table -Entity $Result -Force

diff --git a/Modules/CIPPCore/Public/AuditLogs/New-CippAuditLogSearch.ps1 b/Modules/CIPPCore/Public/AuditLogs/New-CippAuditLogSearch.ps1
@@ -123,7 +123,7 @@ function New-CippAuditLogSearch {
     $SearchParams = @{
         displayName         = $DisplayName
         filterStartDateTime = $StartTime.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
-        filterEndDateTime   = $EndTime.AddHours(1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
+        filterEndDateTime   = $EndTime.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
     }
     if ($OperationsFilters) {
         $SearchParams.operationFilters = @($OperationsFilters)

diff --git a/Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1 b/Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1
@@ -21,6 +21,7 @@ function New-CippQueueEntry {
     }
 
     if ($env:CIPPNG -eq 'true') {
+        [Craft.Services.QueueStatusBridge]::RegisterQueueMetadata($QueueEntry.RowKey, $Name, $Link, $Reference)
         return $QueueEntry
     }
 

diff --git a/Modules/CIPPCore/Public/Compare-CIPPIntuneObject.ps1 b/Modules/CIPPCore/Public/Compare-CIPPIntuneObject.ps1
@@ -12,7 +12,7 @@ function Compare-CIPPIntuneObject {
         [Parameter(Mandatory = $false)]
         [string[]]$CompareType = @()
     )
-    if ($CompareType -ne 'Catalog') {
+    if ($CompareType -notcontains 'Catalog') {
         $defaultExcludeProperties = @(
             'id',
             'createdDateTime',
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,6 +21,7 @@ function New-CippQueueEntry { @@
         }
         if ($env:CIPPNG -eq 'true') {
+            [Craft.Services.QueueStatusBridge]::RegisterQueueMetadata($QueueEntry.RowKey, $Name, $Link, $Reference)
             return $QueueEntry
         }
@@ Expand Down @@