Tenants

Exclude Tenants

Excludes the selected tenant(s) from being managed by CIPP. They will no longer display in the tenant selector and standards, alerts, etc. will not apply

Include Tenants

Removes an exclusion on selected tenant(s)

Refresh CPV Permissions

Refreshes the CPV permissions for the selected tenant(s) [More information]

Reset CPV Permissions

Resets the CPV permissions for the selected tenant(s) by deleting the Service Principal and re-adding it [More information]

Remove Tenant

Available for tenants added via the Direct Add method, this will remove the tenant from CIPP. The app registration remains though, so a user with rights to the tenant should remove the CIPP-SAM app manually.

Refresh CIPPDB Cache

Refreshes the CIPP reporting DB cache for the selected tenant. You can select a specific cache collection type to refresh, or trigger all collections at once. See Refreshing the CIPPDB Cache for details on what each collection requires.

Trace GDAP

This will open a modal that will allow you to test the GDAP access for a specific user from your tenant.

More Info

Opens Extended Info flyout

Graph

Users, Groups, Guests, Service Principals, Apps, Devices, Organization, Roles, Admin Consent Request Policy, Authorization Policy, Authentication Methods Policy, Device Settings, Directory Recommendations, Cross-Tenant Access Policy, Default App Management Policy, Settings, Secure Score, Domains, B2B Management Policy, Device Registration Policy, OAuth2 Permission Grants, App Role Assignments, Licence Overview, BitLocker Keys

None

MFAState

MFA state for all users, including per-user MFA state and Security Defaults coverage

None — but Entra ID P1 is required for MFA registration status, method details, and Conditional Access policy coverage. Without P1 those fields will be empty.

CopilotUsage

Copilot Usage User Detail, User Count Summary, User Count Trend, Readiness Activity

None (returns empty if no Copilot licences are assigned)

SharePoint

SPO Tenant config, Sync Client Restriction, SharePoint Site Usage, OneDrive Usage

SharePoint Online (SHAREPOINTWAC, SHAREPOINTSTANDARD, SHAREPOINTENTERPRISE, ONEDRIVE_BASIC, ONEDRIVE_ENTERPRISE)

Teams

Teams Meeting Policy, Client Configuration, External Access Policy, Federation Configuration, Messaging Policy, App Permission Policy, Teams, Teams Activity, Teams Voice

Teams (MCOSTANDARD, MCOEV, MCOIMP, TEAMS1)

ExchangeConfig

Anti-Phish Policies, Malware Filter Policies, Safe Links Policies†, Safe Attachment Policies†, Transport Rules, DKIM Signing Config, Organisation Config, Accepted Domains, Hosted Content Filter Policy, Hosted Outbound Spam Filter Policy, ATP Policy for O365†, Quarantine Policy, Remote Domain, Sharing Policy, Admin Audit Log Config, Preset Security Policy†, Tenant Allow/Block List, OWA Mailbox Policy, Report Submission Policy, Transport Config

Exchange Online

ExchangeData

CAS Mailboxes, Mailbox Usage, Office Activations, HVE Accounts

Exchange Online

Mailboxes

All mailboxes, including permissions, calendar rules, and forwarding (runs as a dedicated activity)

Exchange Online

ConditionalAccess

Conditional Access Policies, Credential User Registration Details, User Registration Details

Entra ID P1 (AAD Premium)

IdentityProtection

Risky Users, Risky Service Principals, Service Principal Risk Detections, Risk Detections, Role Eligibility Schedules, Role Assignment Schedule Instances, Role Management Policies

Entra ID P2 (AAD Premium P2)

Intune

Managed Devices, Intune Policies, Intune Applications, Assignment Filters, Compliance Policies, Device Encryption States, App Protection Policies, Scripts, Reusable Settings, Detected Apps, MDE Onboarding

Intune / EMS

Compliance

Sensitivity Labels, DLP Compliance Policies

Microsoft Purview / AIP