Security ๐งช Community โ Claude Code โ Claude Desktop Standalone โข CIPP
CIPP
CIPP (CyberDrain Improved Partner Portal) - Microsoft 365 multi-tenant management for MSPs: tenants, users, mailboxes, conditional access, standards, BPA, licensing, GDAP, and alerts
Installation
Install this plugin individually:
/plugin marketplace add wyre-technology/msp-claude-plugins --plugin cipp Or install all MSP plugins at once:
/plugin marketplace add wyre-technology/msp-claude-plugins Features
- Alert Handling
- Groups
- Licenses
- Mailbox & Email
- Ops
- Security Posture
- Standards
- Tenants
- User Management
Skills
This plugin provides 9 skills that teach Claude about CIPP:
| Skill | Description |
|---|---|
alerts | Use this skill when working with CIPP alerts and audit logs โ reviewing the queued alert backlog across tenants, investigating sign-in or admin activity in audit logs, correlating alerts with tenants. |
groups | Use this skill when listing or creating M365 groups in CIPP โ security groups, distribution lists, M365 groups, mail-enabled security groups. |
licenses | Use this skill when working with M365 license assignments and CSP license inventory through CIPP โ listing license usage per tenant, identifying unused licenses, surfacing license SKUs available for assignment, and reviewing CSP-level license commitments. |
mailboxes | Use this skill when working with Exchange Online mailboxes through CIPP โ listing mailboxes, auditing mailbox permissions, configuring out-of-office auto-replies, and setting email forwarding. |
ops | Use this skill when working with CIPP operational tooling โ GDAP role and invite management, scheduled tasks, server health checks, version reporting, and CIPP application logs. |
security | Use this skill when reviewing M365 conditional access policies and named locations through CIPP โ auditing CA coverage, finding policies that exclude critical apps, listing trusted IP ranges, identifying tenants without baseline conditional access. |
standards | Use this skill when working with CIPP Standards, Best Practice Analyser (BPA), and domain health checks โ listing configured standards per tenant, triggering on-demand compliance checks, retrieving BPA results, checking SPF/DKIM/DMARC. |
tenants | Use this skill when working with CIPP tenants โ listing managed M365 tenants, checking tenant details, identifying tenant ID/domain, and scoping operations to a specific tenant. |
users | Use this skill when working with CIPP-managed M365 users โ creating accounts, editing properties, disabling, resetting passwords, resetting MFA, revoking sessions, full offboarding, BEC investigation, MFA status reporting, and listing user devices/groups. |
Agents
This plugin provides 2 agents for autonomous task execution:
| Agent | Description |
|---|---|
security-posture-reviewer | Use this agent when an MSP security lead, vCISO, or service manager needs to sweep the M365 portfolio for security posture issues โ Secure Score regressions, MFA enrollment gaps, conditional access drift, BPA failures, and broken domain authentication. |
user-offboarding-runner | Use this agent when an MSP technician, dispatcher, or HR-facing operator needs to run a complete M365 user offboarding through CIPP. |
Commands
Available slash commands:
| Command | Description |
|---|---|
/offboard-user | Run the complete CIPP M365 offboarding workflow for a departing user โ capture audit state, revoke access, handle mailbox, reclaim licenses |
/secure-score-report | Generate a portfolio-wide M365 security posture report โ Secure Score equivalents, MFA enrollment, conditional access coverage, and domain authentication across all managed tenants |
/standards-drift | Find tenants that have drifted from the MSP's configured CIPP standards baseline โ missing standards, standards in Report-only mode, recent compliance failures |
/tenant-health | Quick health snapshot for a single tenant โ BPA failures, conditional access enforcement, MFA gaps, domain authentication, standards compliance |
API Reference
| Base URL | |
| Authentication | |
| Rate Limit | |
| Documentation |
Example Usage
Run the complete CIPP M365 offboarding workflow for a departing user โ capture audit state, revoke access, handle mailbox, reclaim licenses
/offboard-userGenerate a portfolio-wide M365 security posture report โ Secure Score equivalents, MFA enrollment, conditional access coverage, and domain authentication across all managed tenants
/secure-score-reportFind tenants that have drifted from the MSP's configured CIPP standards baseline โ missing standards, standards in Report-only mode, recent compliance failures
/standards-driftQuick health snapshot for a single tenant โ BPA failures, conditional access enforcement, MFA gaps, domain authentication, standards compliance
/tenant-healthUsing Skills
/skill cipp:alerts
Use this skill when working with CIPP alerts and audit logs โ reviewing the queued alert backlog across tenants, investigating sign-in or admin activity in audit logs, correlating alerts with tenants.