LogoLogo
Get CIPPJoin Discord
  • ☕CIPP Documentation
  • 🦸Setup
    • Self Hosting Guide
      • Prerequisites
      • Installation
      • Run From Package Mode
      • Post-Install Configuration
      • Configuring Automatic Updates
      • Updating Versions
      • Migrating to Hosted CIPP
      • Self-hosted API Setup
    • Service Account Setup
      • GDAP's Importance in CIPP
      • Creating the CIPP Service Account
      • Conditional Access best practices
      • Recommended Roles
    • Configuring CIPP
      • Adding users to CIPP
      • Executing the SAM Setup Wizard
      • Tenant Onboarding
      • Adding Tenants & Consenting the CIPP-SAM Application
      • User Roles in CIPP
      • Adding a custom domain name
      • I want to manage my own tenant
    • Implementing CIPP
      • Recommended First Steps
      • Standards Setup
    • Resources
      • Professional Onboarding Services
      • Sponsor Quick Start
  • 🙋User Documentation
    • Shared Features
      • Menu Bar
        • Tenant Select
        • Display Mode
        • 🔍Search
        • Bookmarks
        • User Preferences
      • Table Features
      • Speed Dial
      • Keyboard Shortcuts
    • CIPP Dashboard
    • Identity Management
      • Administration
        • Users
          • Bulk Add
          • Invite Guest
          • Add User
          • View Individual User
            • Edit User
            • Exchange Settings
            • Compromise Remediation
            • Conditional Access
        • Risky Users
        • Groups
          • Add Group
          • Edit Group
        • Group Templates
          • Add Group Template
          • Deploy Group Templates
        • Devices
        • Deleted items
        • Roles
        • JIT Admin
          • Add JIT Admin
        • Offboarding Wizard
      • Reports
        • MFA Report
        • Inactive Users
        • Sign Ins Report
        • AAD Connect Report
        • Risk Detections
    • Tenant Administration
      • Administration
        • Tenants
          • Edit Tenant
          • Tenant Groups
            • Add Tenant Group
            • Edit Tenant Group
        • Alert Configuration
          • Add Alert
        • Audit Logs
        • Enterprise Applications
        • Secure Score
        • App Consent Requests
        • Authentication Methods
        • Partner Relationships
      • GDAP Management
        • Relationships
          • Relationship Summary
            • Role Mappings
        • Role Mappings
          • Map GDAP Roles
        • Role Templates
          • Add Template
        • Invites
          • New Invite
        • Onboarding
        • Offboarding
      • Configuration Backup
        • Backups
          • Restore Configuration Backup
          • Add Configuration Backup
      • Standards
        • List Standards Templates
        • Add Standards Template
        • Compare Tenant to Standard
        • Best Practice Analyser
          • Best Practice Templates
          • Custom Reports
        • Domains Analyser
      • Conditional Access
        • CA Policies
          • Deploy CA Policies
        • CA Vacation Mode
          • Add Vacation Schedule
        • CA Templates
        • Named Locations
          • Add Named Locations
      • Reports
        • License Report
        • Sherweb License Report
          • Add Subscription
        • Consented Applications
    • Security & Compliance
      • Incidents & Alerts
        • Incidents
        • Alerts
      • Defender
        • Defender Status
        • Defender Deployment
        • Vulnerabilities
      • Reports
        • Device Compliance
    • Intune
      • Applications
        • Applications
          • Add Application
            • Add MSP App
            • Add Store App
            • Add Choco App
            • Add Office App
        • Application Queue
      • Autopilot
        • Autopilot Devices
        • Add Autopilot Device
        • Profiles
        • Add Profile
        • Status Pages
        • Add Status Page
      • Device Management
        • Devices
        • Configuration Policies
        • Compliance Policies
        • Protection Policies
        • Apply Policy
        • Policy Templates
        • Scripts
      • Reports
        • Analytics Device Score
    • Teams & SharePoint
      • OneDrive
      • SharePoint
        • Add Site
        • Bulk Add Site
      • Teams
        • Teams
          • Add Team
        • Teams Activity
        • Business Voice
    • Email & Exchange
      • Administration
        • Mailboxes
          • Add Shared Mailbox
        • Deleted Mailboxes
        • Mailbox Rules
        • Contacts
          • Add Contact
          • Edit Contact
        • Quarantine
        • Tenant Allow/Block Lists
          • Add Entry
      • Transport
        • Transport rules
          • Deploy Template
        • Transport Templates
        • Connectors
          • Deploy connector Templates
        • Connector Templates
      • Spamfilter
        • Spamfilter
          • Deploy Spamfilter
        • Spamfilter Templates
        • Connection filter
          • Deploy Connection Filter
        • Connection filter templates
      • Tools
        • Mailbox Restore Wizard
        • Mail Test
      • Resource Management
        • Rooms
          • Add Room
          • Edit Room
        • Room Lists
      • Reports
        • Mailbox Statistics
        • Mailbox Client Access Settings
        • Anti-Phishing Filters
        • Malware Filters
        • Safe Link Filters
        • Safe Attachment Filters
        • Shared Mailbox with Enabled Account
        • Global Address List
    • Tools
      • Tenant Tools
        • Graph Explorer
        • Application Approval
        • Tenant Lookup
        • IP Database
        • Individual Domain Check
      • Email Tools
        • Message Trace
        • Mailbox Restores
        • Message Viewer
      • Dark Web Tools
        • Tenant Breach Lookup
        • Breach Lookup
      • Template Library
      • Community Repositories
        • View Repository Templates
      • Scheduler
        • Add Job
    • CIPP
      • Application Settings
        • Permissions
        • Tenants
        • Backend
        • Notifications
        • Partner Webhooks
        • Licenses
        • CIPP Backup
        • Global Variables
      • Logbook
      • SAM Setup Wizard
      • Integrations
        • Integration Sync
        • CIPP-API
        • Sherweb
        • Gradient
        • Halo PSA Ticketing
        • NinjaOne
        • Hudu
        • Password Pusher
        • Have I Been Pwned?
        • Cloudflare
        • GitHub
      • Custom Data
        • Directory Extensions
          • Add Directory Extension
        • Schema Extensions
          • Add Schema Extension
        • Mappings
          • Add Mapping
          • Edit Mapping
      • Advanced
        • Super Admin
          • Tenant Mode
          • Function Offloading
          • Custom Roles
          • SAM App Roles
          • SAM App Permissions
        • Exchange Cmdlets
        • Timers
        • Table Maintenance
  • 📂Troubleshooting
    • Error codes
    • Troubleshooting instructions
      • Refreshing a Specific Tenant's Permissions via CPV API
    • Frequently Asked Questions
      • I got a "Potential Phishing page detected" alert. What do I do with that?
  • 🔐Security
    • CIPP Security and Compliance
      • Security Policy
      • Security reports
    • CIPP Community Vulnerability Disclosure Policy
  • 👩‍💻👩💻 Dev Documentation
    • CIPP Dev Guide
      • Setting Up for Local Development
      • Executing Local Development
      • Project Structure
      • Development Tips
      • CIPP v7 Developer Brief
    • Contributing to the Code
    • Contributing to the Documentation
  • ⚙️API Documentation
    • Setup & Authentication
    • Endpoints
  • 🧰MSP Adoption Toolkit
    • Building a CIPP Business Case
  • ☕Sip & CIPP
    • Conditional Access
    • Autopilot & Intune
  • CIPP New Interface Release Candidate 2 (rc2)
Powered by GitBook
On this page
  • Advanced Table Filtering
  • 1. Overview
  • 2. Basic Filtering
  • 3. Advanced Filtering
  • 4. Graph Filtering
  • 5. Alert rules Filter

Was this helpful?

Edit on GitHub
Export as PDF
  1. User Documentation
  2. Shared Features

Filters

Advanced Table Filtering

Harness the power of CIPPs filtering capabilities to effortlessly sift through data. Whether you're searching for a specific user or refining a larger dataset, this guide will walk you through the basic and advanced filtering techniques at your disposal.


1. Overview

There are two main filtering methods:

  • Basic Filtering: Search for a keyword or phrase across all properties.

  • Advanced Filtering: Apply specific conditions to filter data based on individual properties.


2. Basic Filtering

How to:

Simply type in the keyword or phrase you wish to search in the textbox.

Example:

To find all users with the name "Megan", type Megan.


3. Advanced Filtering

Syntax:

To utilize advanced filtering, start with the Complex: prefix (case sensitive). The general structure is:

Complex: [PROPERTY] [OPERATOR] [VALUE]; ...

Operators:

Operator
Description
Example Input
Example Matched Entry

eq

Equals

Complex: department eq Marketing

{ "displayName": "Megan Bowen", "department": "Marketing" }

ne

Not equals

Complex: city ne Pittsburgh

{ "displayName": "John Doe", "city": "New York" }

like

Contains the value

Complex: displayName like Megan

{ "displayName": "Megan Bowen" }

notlike

Does not contain the value

Complex: userType notlike Guest

{ "displayName": "Megan Bowen", "userType": "Member" }

gt

Greater than (for numerical values)

Complex: createdDateTime gt 2023-01-01

{ "displayName": "Megan Bowen", "createdDateTime": "2023-07-06T18:01:16Z" }

lt

Less than (for numerical values)

Complex: postalCode lt 20000

{ "displayName": "Megan Bowen", "postalCode": "15212" }

  • PROPERTY: Indicate the property name you wish to filter on. You can find the possible properties by using the column selector button.

  • OPERATOR: Use the operation you want to perform from the table above.

  • VALUE: Specify the value you want to compare the property against.

You can combine multiple conditions with a semicolon (;) or with (or). The (;) separator operates as an AND, while the (or) operates as an OR.

Example 1:

To find users located in Pittsburgh who are members, use:

Complex: city like Pittsburgh; userType eq Member

Example 2:

To identify users who are not enabled, are members, and have a userPrincipalName containing the word "diego", you can chain the filters as:

Complex: accountEnabled eq false; userType eq Member; userPrincipalName like diego

Example 3:

To find login enabled users where per user MFA is enabled or enforced, use:

Complex: accountEnabled eq true; PerUser eq enforced or PerUser eq enabled

4. Graph Filtering

Select pages support Graph Filtering, which allow you to directly use a Graph filter Query.

Syntax:

To utilize Graph filtering, start with the Graph: prefix. The general structure is:

Graph: [GRAPH QUERY STATEMENT]

A Graph query can not be combined with other filters, and requires the query to be exactly as you would use it in the $filter parameter in a graph request. For example to filter on users with an assigned license, you enter:

Graph: assignedLicenses/$count ne 0

5. Alert rules Filter

Alerts can be filtered using the same method as Complex filtering, allowing the same rules and operators except chaining statements together. For example to filter on logs that only have the userId 123:

UserId eq 123

Last updated 4 months ago

Was this helpful?

For more information refer to the Microsoft documentation about Filtering

🙋
here

Feature Requests / Ideas

We value your feedback and ideas. Please raise any on GitHub.

feature requests