This is the code for a PowerShell module for CIPP. It is a work in progress, and only has about 134 out of the almost 300 API Endpoints built in. However, more will follow and it does have a generic 'Invoke-CIPPRestMethod' available so you can make any API call you want. See advanced usage examples below.
The module is written for PowerShell 7.
CIPPAPIModule provides a PowerShell wrapper around the CIPP API. The module handles all the authentication for you. All you need to do is supply your CIPP API Details using the 'Set-CIPPAPIDetails' command.
This module is published to the PowerShell Gallery and can be installed from within PowerShell with Install-Module
Install-Module -Name CIPPAPIModule
This module is updated regularly. Remember to always check for the latest version from within PowerShell with Update-Module
Update-Module -Name CIPPAPIModule
The first and probably most important requirement for this module is getting it connected to your CIPP API.
- Set API Connection details
Set-CIPPAPIDetails -CIPPClientID "YourClientIDGoesHere" -CIPPClientSecret "YourClientSecretGoesHere" -CIPPAPIUrl "https://your.cipp.apiurl" -TenantID "YourTenantID"
- Test your first call to the API
Get-CIPPLogs
- Core
- Scheduler
- Settings
- Setup
- Get-CIPPAccessCheck
- Get-CIPPExecAPIPermissionsList
- Get-CIPPFunctionParameters
- Get-CIPPKnownIPDB
- Get-CIPPLogs
- Get-CIPPPublicPhishingCheck
- Set-CIPPExecCPVPerms
- Get-CIPPExcludedLicenses
- Get-CIPPExcludedTenants
- Get-CIPPExtensionMapping
- Get-CIPPVersion
- Set-CIPPExcludeLicense
- Set-CIPPExcludeTenant
- Set-CIPPExtensionMappingHaloPSA
- Set-CIPPPasswordSettings
- Add-CIPPContact
- Add-CIPPRoomMailbox
- Add-CIPPSharedMailbox
- Get-CIPPCalendarPerms
- Get-CIPPContacts
- Get-CIPPEnabledSharedMailboxes
- Get-CIPPExchangeConnectors
- Get-CIPPExchangeConnectorTemplates
- Get-CIPPMailboxCAS
- Get-CIPPMailboxes
- Get-CIPPMailboxMobileDevices
- Get-CIPPMailboxPermissions
- Get-CIPPMailboxRestores
- Get-CIPPMailboxRules
- Get-CIPPMailboxStatistics
- Get-CIPPMailQuarantine
- Get-CIPPMessageTrace
- Get-CIPPOutOfOffice
- Get-CIPPPhishPolicies
- Get-CIPPRecipients
- Get-CIPPSpamFilter
- Get-CIPPSpamFilterTemplates
- Get-CIPPTransportRules
- Get-CIPPUserMailboxDetails
- Get-CIPPUserMailboxRules
- Set-CIPPCalendarPermissions
- Set-CIPPContact
- Set-CIPPConvertMailbox
- Set-CIPPCopyToSent
- Set-CIPPEnableArchive
- Set-CIPPExchConnector
- Set-CIPPHideFromGAL
- Set-CIPPMailboxForwarding
- Set-CIPPMailboxMobileDevices
- Set-CIPPMailboxPermissions
- Set-CIPPMailboxQuota
- Set-CIPPOOO
- Set-CIPPQuarantineManagement
- Set-CIPPSpamFilter
- Set-CIPPTransportRule
- Applications
- Autopilot
- MEM
- Reports
- Get-CIPPApps
- Get-CIPPAPDevices
- Get-CIPPAutoPilotConfig
- Set-CIPPMEMPolicy
- Get-CIPPDevices
- Administration
- Reports
- Devices
- Groups
- Users
- Add-CIPPUser
- Get-CIPPBECCheck
- Get-CIPPDeletedItems
- Get-CIPPPerUserMFA
- Get-CIPPUniversalSearch
- Get-CIPPUserCAPolicies
- Get-CIPPUserCounts
- Get-CIPPUserDevices
- Get-CIPPUserGroups
- Get-CIPPUserPhoto
- Get-CIPPUsers
- Get-CIPPUserSignIns
- New-CIPPUserOffboarding
- Remove-CIPPUser
- Send-CIPPPush
- Set-BECRemediate
- Set-CIPPClrImmID
- Set-CIPPCreateTap
- Set-CIPPResetPassword
- Set-CIPPRestoreDeletedUser
- Set-CIPPRevokeSessions
- Set-CIPPSignInStatus
- Set-CIPPUser
- Get-CIPPRoles
- Get-CIPPGroups
- Get-CIPPGroupTemplates
- Remove-CIPPGroup
- Set-CIPPGroupDeliveryManagement
- Set-CIPPGroupHideFromGAL
- Add-CIPPUser
- Get-CIPPBECCheck
- Get-CIPPDeletedItems
- Get-CIPPPerUserMFA
- Get-CIPPUniversalSearch
- Get-CIPPUserCAPolicies
- Get-CIPPUserCounts
- Get-CIPPUserDevices
- Get-CIPPUserGroups
- Get-CIPPUserPhoto
- Get-CIPPUsers
- Get-CIPPUserSignIns
- New-CIPPUserOffboarding
- Remove-CIPPUser
- Send-CIPPPush
- Set-BECRemediate
- Set-CIPPClrImmID
- Set-CIPPCreateTap
- Set-CIPPResetPassword
- Set-CIPPRestoreDeletedUser
- Set-CIPPRevokeSessions
- Set-CIPPSignInStatus
- Set-CIPPUser
- Get-CIPPBasicAuth
- Get-CIPPInactiveAccounts
- Get-CIPPMFAUsers
- Get-CIPPSignIns
- Device
- Get-CIPPGetBitLockerKey
- Get-CIPPIntuneIntents
- Get-CIPPIntunePolicy
- Get-CIPPIntuneTemplates
- Get-CIPPLocalAdminPassword
- Set-CIPPAutoPilotSync
- Set-CIPPDeviceAction
- Defender
- Incidents
- Reports
- Get-CIPPDefenderState
- Get-CIPPDefenderTVM
- Get-CIPPAlertsList
- Get-CIPPIncidentList
- Get-CIPPDeviceCompliance
- OneDrive
- Sharepoint
- Teams
- Get-CIPPOneDriveList
- Set-CIPPOneDrivePerms
- Set-CIPPOneDriveShortCut
- Add-CIPPSharePointSite
- Get-CIPPSharePointQuota
- Get-CIPPSharePointSites
- Set-CIPPSharePointSiteAdmin
- Set-CIPPSharePointSiteMembers
- Add-CIPPTeam
- Get-CIPPTeams
- Get-CIPPTeamsActivity
- Get-CIPPTeamsVoice
- Administration
- Conditional
- GDAP
- Reports
- Standards
- Tools
- Alerts
- Application Approval
- Tenant
- Get-CIPPAppConsentReqs
- Get-CIPPDomains
- Get-CIPPAlerts
- Get-CIPPADConnectStatus
- Get-CIPPOrg
- Get-CIPPPartnerRelationships
- Get-CIPPTenantDetails
- Get-CIPPTenants
- Get-CIPPCAPolicies
- Get-CIPPCATemplates
- Get-CIPPNamedLocations
- Set-CIPPCAPolicy
- Get-CIPPGDAPInvite
- Get-CIPPGDAPRoles
- Remove-CIPPGDAPRelationship
- Get-CIPPLicenses
- Get-CIPPOAuthApps
- Get-CIPPBPA
- Get-CIPPBPATemplates
- Get-CIPPDomainAnalyser
- Get-CIPPDomainHealth
- Get-CIPPStandards
- Remove-CIPPStandard
- Set-CIPPStandardsRun
- Get-CIPPAuditLogTest
- Get-CIPPExternalGEOIPLookup
- Get-CIPPExternalTenantInfo
- Get-CIPPGraphRequest
Below are some examples for some generic requests
Invoke-CIPPRestMethod -Endpoint '/api/Listusers' -Method 'GET' -Params @{ 'tenantfilter' = '11c11ab1-527a-1d29-l92e-76413h012s76' }
This example sends a GET request to the '/api/Listusers' endpoint with a query parameter 'tenantfilter' set to '11c11ab1-527a-1d29-l92e-76413h012s76'.
Invoke-CIPPRestMethod -Endpoint '/api/ListMailboxPermissions' -Params @{ 'tenantfilter' = 'M365x72601982.onmicrosoft.com', 'userid' = '11c11ab1-527a-1d29-l92e-76413h012s76'}
This example sends a GET request to the '/api/ListMailboxPermissions' endpoint with a query parameter 'tenantfilter' set to 'M365x72601982.onmicrosoft.com' and 'userid' set to '11c11ab1-527a-1d29-l92e-76413h012s76'
Invoke-CIPPRestMethod -Endpoint '/api/adduser' -method 'POST' -Body @{ 'tenantID' = '11c11ab1-527a-1d29-l92e-76413h012s76';'DisplayName' = 'Test User';'UserName' = 'testuser';'AutoPassword' = $true;'FirstName' = 'Test';'LastName' = 'User';'Domain' = 'M365x72601982.onmicrosoft.com';'CopyFrom' = "" }
This example sends a POST request to the '/api/adduser' endpoint with a Body 'tenantID' set to '11c11ab1-527a-1d29-l92e-76413h012s76' and 'DisplayName' set to 'Test User', 'UserName' set to 'testuser', 'AutoPassword' set to $true, 'FirstName' set to 'Test', 'LastName' set to 'User', 'Domain' set to 'M365x72601982.onmicrosoft.com'
Some example scripts can be found Below:
- Get-AllTenants-Licenses.ps1
- Get-AllTenants-SharedMailboxesEnabledAccount.ps1
- Get-AllTenants-SoftDeletedMailboxes.ps1
- Get-AllTenants-LicensedUsers.ps1
Special thanks to @KelvinTegelaar, @JohnDuprey, @rvdwegen and @Jr7468. I Could not have got this far without you!