search

KelvinTegelaar / CIPP

CIPP is a M365 multitenant management solution
https://cyberdrain.com / https://cipp.app
GNU Affero General Public License v3.0
756 stars 4.43k forks source link

[Feature Request]: Standard Overrides per tenant #2633

Closed AADAutomatisering closed 3 days ago

AADAutomatisering commented 3 days ago

Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.

Background

I wanted to deploy Intune for a customer, so i thought I'd try to use CIPP for this. However, I found that the only way to deploy the Intune and Group template standards for the single tenant is to create a new standard for this tenant and use the Do not apply All Tenants Standard to this tenant setting which means that none of the AllTenants standards won't be applied to this tenant anymore, which is not what I want. NinjaOne has a system with their policy overrides that works well, and something like that in CIPP would be a powerful addition to CIPP.

Proposal

The current standards system can stay, including the Do not apply All Tenants Standard to this tenant setting. But in addition to this I would love the following: Whenever I'm in the Edit Standards menu and I select a customer, instead of creating a new standard, I can add overrides to the AllTenants standard in the selected customer's scope. Whenever you change a setting in the standard in the tenant scope CIPP could mark that setting as an override, I can imagine it looking something like below: image

This override would then only affect the current tenant (Contoso.com in the above example) and that tenant would still receive all standards set in the AllTenants standard but ignore the overridden setting and use the overridden settings for that.

Benefits

This will allow MSPs to maintain a Standard across all their managed tenants, but still add customized settings for specific tenants. That tenant would then still benefit from any new settings in the AllTenant standard, while also having its own custom settings. The Do not apply All Tenants Standard to this tenant setting will still be useful for tenants that need a completely custom standard, and you could even add overrides to these standards so that you could, for example have the following

graph TD;
    1(AllTenants) --> 2(Example.com)
    1 -- Override --> 3(IntuneStandard);
    1 -- Don't apply --> 6(Fabrikam.com)
    3 --> 4(Contoso.com)
    3 --> 5(Acme.com)

In the above example the following would apply:

PowerShell commands you would normally use to achieve above request

No response

KelvinTegelaar commented 3 days ago

This already works that way. You can set any unique settings at the tenant level.

AADAutomatisering commented 2 days ago

@KelvinTegelaar I just tried it, and when i change a setting in the standard of a customer, it shows as just 3 items, not the 46 I'd expect (AllTenants 45 + cipptest 1): image

Or is the AllTenants standard applied to all tenants, even if they have their own standard? And in order not to receive the AllTenants standard you need to remediate the Do not apply All Tenants Standard to this tenant setting? If so, then this indeed works, but is unclear (to me at least) in the interface, and the design as shown in the proposal would still be useful.