LukeSteward · LukeSteward · Jan 20, 2026 · Jan 18, 2026 · Jan 18, 2026 · Jan 18, 2026
diff --git a/.github/workflows/Node_Project_Check.yml b/.github/workflows/Node_Project_Check.yml
@@ -1,31 +1,37 @@
----
 name: NodeJS Project Check
+
 on:
   pull_request:
     branches:
       - main
       - dev
+
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
-  cancel-in-progress: false
+  group: NodeJS Project Check ${{ github.event_name == 'pull_request' && format('PR:{0}', github.event.pull_request.number) || format('Branch:{0}', github.ref_name) }}
+  cancel-in-progress: true
+
 jobs:
   install-build:
-    if: github.repository_owner == 'KelvinTegelaar'
-    name: NPM Install and Build
+    #if: github.repository_owner == 'KelvinTegelaar'
+    name: Install, Build, and Test
     runs-on: ubuntu-latest
+
     strategy:
       matrix:
-        node-version: [16.x]
-        os: [ubuntu-latest]
+        node-version: [22.x]
+
     steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
-      - name: Install and Build Test
-        run: |
-          npm install --legacy-peer-deps
-          npm run build
-        env:
-          CI: true
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
diff --git a/.github/workflows/label_sponsor_requests.yml b/.github/workflows/label_sponsor_requests.yml
@@ -1,4 +1,3 @@
----
 name: Label Issues
 on:
   issues:
@@ -14,4 +13,6 @@ jobs:
       - name: Sponsor Labels
         uses: JasonEtco/is-sponsor-label-action@v1.2.0
         with:
-          label: 'Sponsor Request'
+          label: 'Sponsor Priority'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/src/api/ApiCall.jsx b/src/api/ApiCall.jsx
@@ -50,7 +50,7 @@ export function ApiGetCall(props) {
           title: `${
             error.config?.params?.tenantFilter ? error.config?.params?.tenantFilter : ""
           } Error`,
-        })
+        }),
       );
     }
     return returnRetry;
@@ -211,7 +211,7 @@ export function ApiPostCall({ relatedQueryKeys, onResult }) {
                   if (!query.queryKey || !query.queryKey[0]) return false;
                   const queryKeyStr = String(query.queryKey[0]);
                   const matches = wildcardPatterns.some((pattern) =>
-                    queryKeyStr.startsWith(pattern)
+                    queryKeyStr.startsWith(pattern),
                   );
 
                   // Debug logging for each query check
@@ -220,7 +220,7 @@ export function ApiPostCall({ relatedQueryKeys, onResult }) {
                       queryKey: query.queryKey,
                       queryKeyStr,
                       matchedPattern: wildcardPatterns.find((pattern) =>
-                        queryKeyStr.startsWith(pattern)
+                        queryKeyStr.startsWith(pattern),
                       ),
                     });
                   }
@@ -252,15 +252,22 @@ export function ApiGetCallWithPagination({
   waiting = true,
 }) {
   const dispatch = useDispatch();
+  const queryClient = useQueryClient();
   const MAX_RETRIES = retry;
-  const HTTP_STATUS_TO_NOT_RETRY = [401, 403, 404];
+  const HTTP_STATUS_TO_NOT_RETRY = [302, 401, 403, 404, 500];
 
   const retryFn = (failureCount, error) => {
     let returnRetry = true;
     if (failureCount >= MAX_RETRIES) {
       returnRetry = false;
     }
     if (isAxiosError(error) && HTTP_STATUS_TO_NOT_RETRY.includes(error.response?.status ?? 0)) {
+      if (
+        error.response?.status === 302 &&
+        error.response?.headers.get("location").includes("/.auth/login/aad")
+      ) {
+        queryClient.invalidateQueries({ queryKey: ["authmecipp"] });
+      }
       returnRetry = false;
     }
 
@@ -270,7 +277,7 @@ export function ApiGetCallWithPagination({
           message: getCippError(error),
           title: "Error",
           toastError: error,
-        })
+        }),
       );
     }
     return returnRetry;

diff --git a/src/components/CippComponents/CippAddTestReportDrawer.jsx b/src/components/CippComponents/CippAddTestReportDrawer.jsx
@@ -43,13 +43,13 @@ export const CippAddTestReportDrawer = ({ buttonText = "Create custom report" })
 
   const createReport = ApiPostCall({
     urlFromData: true,
-    relatedQueryKeys: ["ListTestReports"],
+    relatedQueryKeys: "ListTestReports",
   });
 
   // Fetch available tests for the form
   const availableTestsApi = ApiGetCall({
     url: "/api/ListAvailableTests",
-    queryKey: ["ListAvailableTests"],
+    queryKey: "ListAvailableTests",
   });
 
   const availableTests = availableTestsApi.data || { IdentityTests: [], DevicesTests: [] };

diff --git a/src/components/CippWizard/CippSAMDeploy.jsx b/src/components/CippWizard/CippSAMDeploy.jsx
@@ -92,7 +92,10 @@ export const CippSAMDeploy = (props) => {
             here
           </Link>
         </li>
-        <li>(Temporary) Global Administrator permissions for the CIPP Service Account</li>
+        <li>
+          An account with at minimum: <li>Application Administrator</li>
+          <li>User Administrator</li>
+        </li>
         <li>
           Multi-factor authentication enabled for the CIPP Service Account, with no trusted
           locations or other exclusions.

diff --git a/src/data/alerts.json b/src/data/alerts.json
@@ -331,5 +331,39 @@
     "label": "Alert on quarantine release requests",
     "recommendedRunInterval": "30m",
     "description": "Monitors for user requests to release quarantined messages and provides a CIPP-native alternative to the external email forwarding method. This helps MSPs maintain secure configurations while getting timely notifications about quarantine activity. Links to the tenant's quarantine page are provided in alerts."
+  },
+  {
+    "name": "SecureScore",
+    "label": "Alert on a low Secure Score",
+    "recommendedRunInterval": "1d",
+    "requiresInput": true,
+    "multipleInput": true,
+    "inputs": [
+      {
+        "inputType": "autoComplete",
+        "inputLabel": "Threshold type absolute number or percent",
+        "inputName": "ThresholdType",
+        "creatable": false,
+        "multiple": false,
+        "options": [
+          {
+            "label": "Percent",
+            "value": "percent"
+          },
+          {
+            "label": "Absolute",
+            "value": "absolute"
+          }
+        ],
+        "required": true
+      },
+      {
+        "inputType": "number",
+        "inputLabel": "Threshold Value (below this will trigger the alert)",
+        "inputName": "InputValue",
+        "required": true
+      }
+    ],
+    "description": "Monitors Secure Score and alerts when it falls below the specified threshold (absolute or percent value). Helps identify security gaps and areas for improvement."
   }
 ]
diff --git a/src/layouts/config.js b/src/layouts/config.js
@@ -719,7 +719,12 @@ export const nativeMenuItems = [
           {
             title: "Mailbox Permissions",
             path: "/email/reports/mailbox-permissions",
-            permissions: ["Exchange.Mailbox.Read"],
+            permissions: ["Exchange.Mailbox.*"],
+          },
+          {
+            title: "Calendar Permissions",
+            path: "/email/reports/calendar-permissions",
+            permissions: ["Exchange.Mailbox.*"],
           },
           {
             title: "Anti-Phishing Filters",

diff --git a/src/pages/cipp/logs/index.js b/src/pages/cipp/logs/index.js
@@ -37,7 +37,7 @@ const pageTitle = "Logbook Results";
 const actions = [
   {
     label: "View Log Entry",
-    link: "/cipp/logs/logentry?logentry=[RowKey]",
+    link: "/cipp/logs/logentry?logentry=[RowKey]&dateFilter=[DateFilter]",
     icon: <EyeIcon />,
     color: "primary",
   },
@@ -100,14 +100,14 @@ const Page = () => {
     setStartDate(
       data.startDate
         ? new Date(data.startDate * 1000).toISOString().split("T")[0].replace(/-/g, "")
-        : null
+        : null,
     );
 
     // Format end date if available
     setEndDate(
       data.endDate
         ? new Date(data.endDate * 1000).toISOString().split("T")[0].replace(/-/g, "")
-        : null
+        : null,
     );
 
     // Set username filter if available
@@ -117,7 +117,7 @@ const Page = () => {
     setSeverity(
       data.severity && data.severity.length > 0
         ? data.severity.map((item) => item.value).join(",")
-        : null
+        : null,
     );
 
     // Close the accordion after applying filters
@@ -157,13 +157,13 @@ const Page = () => {
                       <>
                         {startDate
                           ? new Date(
-                              startDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00"
+                              startDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00",
                             ).toLocaleDateString()
                           : new Date().toLocaleDateString()}
                         {startDate && endDate ? " - " : ""}
                         {endDate
                           ? new Date(
-                              endDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00"
+                              endDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00",
                             ).toLocaleDateString()
                           : ""}
                       </>

diff --git a/src/pages/cipp/logs/logentry.js b/src/pages/cipp/logs/logentry.js
@@ -11,12 +11,13 @@ import { getCippTranslation } from "../../../utils/get-cipp-translation";
 
 const Page = () => {
   const router = useRouter();
-  const { logentry } = router.query;
+  const { logentry, dateFilter } = router.query;
 
   const logRequest = ApiGetCall({
     url: `/api/Listlogs`,
     data: {
       logentryid: logentry,
+      dateFilter: dateFilter,
     },
     queryKey: `GetLogEntry-${logentry}`,
     waiting: !!logentry,
@@ -44,12 +45,12 @@ const Page = () => {
                 logData.Severity === "CRITICAL"
                   ? "error"
                   : logData.Severity === "Error"
-                  ? "error"
-                  : logData.Severity === "Warn"
-                  ? "warning"
-                  : logData.Severity === "Info"
-                  ? "info"
-                  : "default"
+                    ? "error"
+                    : logData.Severity === "Warn"
+                      ? "warning"
+                      : logData.Severity === "Info"
+                        ? "info"
+                        : "default"
               }
               variant="filled"
             />