From 2e8e0bf530b74d16c405aaa6227c76bbb5e6942d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Thu, 14 Dec 2023 14:28:56 +0000 Subject: [PATCH 01/58] Updated Intune Integration Tests --- .../M365DSCIntegration.INTUNE.Tests.ps1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 index 5a6a6af83d..d2629a8b75 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 @@ -2681,5 +2681,12 @@ } # Compile and deploy configuration - Master -ConfigurationData $ConfigurationData -Credscredential $Credential - Start-DscConfiguration Master -Wait -Force -Verbose + try + { + Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Start-DscConfiguration Master -Wait -Force -Verbose + } + catch + { + throw $_ + } From 79f3c61e56118342f1bb3acc1696317e47c6d796 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 14 Dec 2023 18:25:51 +0000 Subject: [PATCH 02/58] Use correct var --- .../MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 index bd8c2e719d..d5bc1f3b75 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10/MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10.psm1 @@ -372,7 +372,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Removing Endpoint Protection Policy {$($currentPolicy.DisplayName)}" - Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity + Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentPolicy.Identity } } From c3ed8bc19d5cf3e9131c7a5bd47f856568926884 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 14 Dec 2023 18:26:06 +0000 Subject: [PATCH 03/58] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..9c728e587c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Fix issue when trying to remove policy and an Identity set to a random GUID + or from another tenant + FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 From 00b0519aa24b3d8c9cc58777532d990e0ff1abbd Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 14 Dec 2023 18:27:09 +0000 Subject: [PATCH 04/58] Update CHANGELOG.md --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c728e587c..b4c99e3cc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,8 @@ # UNRELEASED * IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fix issue when trying to remove policy and an Identity set to a random GUID - or from another tenant + * Fix issue when trying to remove policy and set Identity to a random GUID or + from another tenant FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) # 1.23.1213.1 From cd5a70722b7d9b7b8548278226ab80c2df53388c Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 14 Dec 2023 18:32:44 +0000 Subject: [PATCH 05/58] Same as previous --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b4c99e3cc9..e54f0c3ea4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,8 @@ # UNRELEASED * IntuneEndpointDetectionAndResponsePolicyWindows10 - * Fix issue when trying to remove policy and set Identity to a random GUID or - from another tenant + * Fix issue when trying to remove policy and Identity is set to a random GUID + or from another tenant FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) # 1.23.1213.1 From bcc33861fed80a550cfcb445e145ee1a4e57fe02 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 14 Dec 2023 17:14:50 -0500 Subject: [PATCH 06/58] Updated Intune Examples --- ...alAdministratorPasswordSolutionPolicy.psm1 | 6 +- ...nistratorPasswordSolutionPolicy.schema.mof | 4 +- ...tectionLocalUserGroupMembershipPolicy.psm1 | 6 +- ...nLocalUserGroupMembershipPolicy.schema.mof | Bin 8456 -> 8450 bytes .../MSFT_IntuneAccountProtectionPolicy.psm1 | 6 +- ...T_IntuneAccountProtectionPolicy.schema.mof | Bin 12976 -> 12970 bytes .../MSFT_IntunePolicySets.psm1 | 6 +- .../MSFT_IntunePolicySets.schema.mof | 4 +- ...gCatalogASRRulesPolicyWindows10.schema.mof | Bin 16772 -> 16766 bytes ...RRulesPolicyWindows10.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 45 +++ .../3-Remove.ps1 | 24 ++ ...asswordSolutionPolicy.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 35 +++ .../3-Remove.ps1 | 25 ++ ...GroupMembershipPolicy.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 34 +++ .../3-Remove.ps1 | 25 ++ ...countProtectionPolicy.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 28 ++ .../3-Remove.ps1 | 24 ++ ...ndows10SettingCatalog.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 34 +++ .../3-Remove.ps1 | 24 ++ .../IntuneAppConfigurationPolicy/1-Create.ps1 | 37 +++ .../IntuneAppConfigurationPolicy/2-Update.ps1 | 37 +++ ...ppConfigurationPolicy.ps1 => 3-Remove.ps1} | 4 +- ...otectionPolicyAndroid.ps1 => 1-Create.ps1} | 2 - .../2-Update.ps1 | 45 +++ .../3-Remove.ps1 | 26 ++ ...App Protection Policy.ps1 => 1-Create.ps1} | 3 - .../IntuneAppProtectionPolicyiOS/2-Update.ps1 | 46 +++ .../IntuneAppProtectionPolicyiOS/3-Remove.ps1 | 23 ++ ...ontrolPolicyWindows10.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 29 ++ .../3-Remove.ps1 | 26 ++ ...indows10ConfigManager.ps1 => 1-Create.ps1} | 3 +- .../2-Update.ps1 | 26 ++ .../3-Remove.ps1 | 24 ++ .../{1-New Filter.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 26 ++ .../3-Remove.ps1 | 23 ++ .../{1-NewDeviceCategory.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1} | 9 +- .../3-Remove.ps1} | 7 +- ...-SetDeviceCleanupRule.ps1 => 2-Update.ps1} | 2 +- ...mpliancePolicyAndroid.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 43 +++ .../3-Remove.ps1 | 23 ++ ...icyAndroidDeviceOwner.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 40 +++ .../3-Remove.ps1 | 40 +++ ...icyAndroidWorkProfile.ps1 => 1-Create.ps1} | 0 ...viceCompliancePolicyAndroidWorkProfile.ps1 | 23 -- .../2-Update.ps1 | 41 +++ .../3-Remove.ps1 | 23 ++ ...CompliancePolicyMacOS.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 41 +++ .../3-Remove.ps1 | 23 ++ ...liancePolicyWindows10.ps1 => 1-Create.ps1} | 0 ...-RemoveDeviceCompliancePolicyWindows10.ps1 | 23 -- .../2-Update.ps1 | 56 ++++ .../3-Remove.ps1 | 23 ++ ...ceCompliancePolicyiOs.ps1 => 1-Create.ps1} | 0 .../2-RemoveDeviceCompliancePolicyiOs.ps1.ps1 | 23 -- .../2-Update.ps1 | 39 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 143 +++++++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 51 ++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 34 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 58 ++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 35 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 39 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 246 ++++++++++++++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 52 ++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 33 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 45 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 37 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 67 +++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 46 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 47 +++ .../3-Remove.ps1 | 24 ++ ...idDeviceAdministrator.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 78 +++++ .../3-Remove.ps1 | 24 ++ ...icyAndroidDeviceOwner.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 64 +++++ .../3-Remove.ps1 | 24 ++ ...roidOpenSourceProject.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 35 +++ .../3-Remove.ps1 | 24 ++ ...icyAndroidWorkProfile.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 43 +++ .../3-Remove.ps1 | 23 ++ ...figurationPolicyMacOS.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 115 ++++++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 272 ++++++++++++++++++ .../3-Remove.ps1 | 24 ++ ...onfigurationPolicyiOS.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 130 +++++++++ .../3-Remove.ps1 | 23 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 55 ++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 38 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 50 ++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 33 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 78 +++++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 44 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 46 +++ .../3-Remove.ps1 | 24 ++ ...ent Limit Restriction.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 25 ++ .../3-Remove.ps1} | 6 +- ...ewPlatformRestriction.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 62 ++++ .../3-Remove.ps1 | 23 ++ ...tatus Page Windows 10.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 43 +++ .../3-Remove.ps1 | 23 ++ ...sponsePolicyWindows10.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 26 ++ .../3-Remove.ps1 | 24 ++ ...ndows10SettingCatalog.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 177 ++++++++++++ .../3-Remove.ps1 | 24 ++ ...unePolicySets-Example.ps1 => 1-Create.ps1} | 1 - .../Resources/IntunePolicySets/2-Update.ps1 | 49 ++++ .../Resources/IntunePolicySets/3-Remove.ps1 | 25 ++ ...-IntuneRoleAssignment.ps1 => 1-Create.ps1} | 1 - .../IntuneRoleAssignment/2-Update.ps1 | 31 ++ .../IntuneRoleAssignment/3-Remove.ps1 | 23 ++ ...{IntuneRoleDefinition.ps1 => 1-Create.ps1} | 1 - .../IntuneRoleDefinition/2-Update.ps1 | 28 ++ .../IntuneRoleDefinition/3-Remove.ps1 | 23 ++ ...RRulesPolicyWindows10.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 33 +++ .../3-Remove.ps1 | 24 ++ ...licyWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 90 ++++++ .../3-Remove.ps1 | 24 ++ ...idDeviceAdministrator.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 35 +++ .../3-Remove.ps1 | 24 ++ ...EnterpriseDeviceOwner.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 38 +++ .../3-Remove.ps1 | 25 ++ ...EnterpriseWorkProfile.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 37 +++ .../3-Remove.ps1 | 25 ++ ...nPolicyAndroidForWork.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 39 +++ .../3-Remove.ps1 | 24 ++ ...roidOpenSourceProject.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 36 +++ .../3-Remove.ps1 | 24 ++ ...onfigurationPolicyIOS.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 38 +++ .../3-Remove.ps1 | 24 ++ ...figurationPolicyMacOS.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 37 +++ .../3-Remove.ps1 | 24 ++ ...rationPolicyWindows10.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 40 +++ .../3-Remove.ps1 | 24 ++ ...DHybridJoined-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 40 +++ .../3-Remove.ps1 | 24 ++ ...AzureADJoined-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 44 +++ .../3-Remove.ps1 | 24 ++ ...10MdmEnrolled-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 56 ++++ .../3-Remove.ps1 | 24 ++ ...fileWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 30 ++ .../3-Remove.ps1} | 7 +- ...fileWindows10-Example.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 62 ++++ .../3-Remove.ps1 | 24 ++ 220 files changed, 5400 insertions(+), 163 deletions(-) rename Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/{1-ConfigureIntuneASRRulesPolicyWindows10.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/{1-ConfigureIntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/{1-ConfigureIntuneAccountProtectionLocalUserGroupMembershipPolicy.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/{1-ConfigureIntuneAccountProtectionPolicy.ps1 => 1-Create.ps1} (90%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/{1-ConfigureIntuneAntivirusPolicyWindows10SettingCatalog.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/3-Remove.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-Create.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/2-Update.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/{1-NewAppConfigurationPolicy.ps1 => 3-Remove.ps1} (84%) rename Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/{1-ConfigureAppProtectionPolicyAndroid.ps1 => 1-Create.ps1} (91%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/{1-New iOS App Protection Policy.ps1 => 1-Create.ps1} (88%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/{1-ConfigureApplicationControlPolicyWindows10.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/{1-ConfigureIntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.ps1 => 1-Create.ps1} (87%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/{1-New Filter.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/{1-NewDeviceCategory.ps1 => 1-Create.ps1} (100%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-RemoveDeviceCompliancePolicyAndroidDeviceOwner.ps1 => IntuneDeviceCategory/2-Update.ps1} (51%) rename Modules/Microsoft365DSC/Examples/Resources/{IntuneAppConfigurationPolicy/1-RemoveAppConfigurationPolicy.ps1 => IntuneDeviceCategory/3-Remove.ps1} (60%) rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/{1-SetDeviceCleanupRule.ps1 => 2-Update.ps1} (88%) rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/{1-NewDeviceCompliancePolicyAndroid.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/{1-NewDeviceCompliancePolicyAndroidDeviceOwner.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/{1-NewDeviceCompliancePolicyAndroidWorkProfile.ps1 => 1-Create.ps1} (100%) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-RemoveDeviceCompliancePolicyAndroidWorkProfile.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/{1-NewIntuneDeviceCompliancePolicyMacOS.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/{1-NewIntuneDeviceCompliancePolicyWindows10.ps1 => 1-Create.ps1} (100%) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-RemoveDeviceCompliancePolicyWindows10.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/{1-NewDeviceCompliancePolicyiOs.ps1 => 1-Create.ps1} (100%) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-RemoveDeviceCompliancePolicyiOs.ps1.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/{1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 => 1-Create.ps1} (98%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/{1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/{1-IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10-Example.ps1 => 1-Create.ps1} (99%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/{1-IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/{1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 => 1-Create.ps1} (93%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/{1-IntuneDeviceConfigurationEmailProfilePolicyWindows10-Example.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/{1-IntuneDeviceConfigurationEndpointProtectionPolicyWindows10-Example.ps1 => 1-Create.ps1} (99%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/{1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/{1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 => 1-Create.ps1} (93%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/{1-IntuneDeviceConfigurationIdentityProtectionPolicyWindows10-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/{1-IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10-Example.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/{1-IntuneDeviceConfigurationKioskPolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/{1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/{1-IntuneDeviceConfigurationPkcsCertificatePolicyWindows10-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/{1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.ps1 => 1-Create.ps1} (97%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/{1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceOwner.ps1 => 1-Create.ps1} (97%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/{1-ConfigureIntuneDeviceConfigurationPolicyAndroidOpenSourceProject.ps1 => 1-Create.ps1} (93%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/{1-NewIntuneDeviceConfigurationPolicyAndroidWorkProfile.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/{1-ConfigureIntuneDeviceConfigurationPolicyMacOS.ps1 => 1-Create.ps1} (98%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/{1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 => 1-Create.ps1} (99%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/{1-NewIntuneDeviceConfigurationPolicyiOS.ps1 => 1-Create.ps1} (98%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/{1-IntuneDeviceConfigurationScepCertificatePolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/{1-IntuneDeviceConfigurationSecureAssessmentPolicyWindows10-Example.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/{1-IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/{1-IntuneDeviceConfigurationTrustedCertificatePolicyWindows10-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/{1-IntuneDeviceConfigurationVpnPolicyWindows10-Example.ps1 => 1-Create.ps1} (97%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/{1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/{1-IntuneDeviceConfigurationWiredNetworkPolicyWindows10-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/{1-New Device Enrollment Limit Restriction.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/2-Update.ps1 rename Modules/Microsoft365DSC/Examples/Resources/{IntuneDeviceCompliancePolicyAndroid/2-RemoveDeviceCompliancePolicyAndroid.ps1 => IntuneDeviceEnrollmentLimitRestriction/3-Remove.ps1} (58%) rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/{1-NewPlatformRestriction.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/{1-New Device Enrollment Status Page Windows 10.ps1 => 1-Create.ps1} (93%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/{1-ConfigureIntuneEndpointDetectionAndResponsePolicyWindows10.ps1 => 1-Create.ps1} (91%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/{1-ConfigureIntuneExploitProtectionPolicyWindows10SettingCatalog.ps1 => 1-Create.ps1} (98%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/{1-IntunePolicySets-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/{1-IntuneRoleAssignment.ps1 => 1-Create.ps1} (92%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/{IntuneRoleDefinition.ps1 => 1-Create.ps1} (91%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/{1-ConfigureIntuneSettingCatalogASRRulesPolicyWindows10.ps1 => 1-Create.ps1} (92%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/{1-IntuneSettingCatalogCustomPolicyWindows10-Example.ps1 => 1-Create.ps1} (98%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/{1-ConfigureIntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/{1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/{1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/{1-ConfigureIntuneWifiConfigurationPolicyAndroidForWork.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/{1-ConfigureIntuneWifiConfigurationPolicyAndroidOpenSourceProject.ps1 => 1-Create.ps1} (93%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/{1-ConfigureIntuneWifiConfigurationPolicyIOS.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/{1-ConfigureIntuneWifiConfigurationPolicyMacOS.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/{1-ConfigureIntuneWifiConfigurationPolicyWindows10.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/{1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/{1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 => 1-Create.ps1} (95%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/{1-IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled-Example.ps1 => 1-Create.ps1} (96%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/{1-IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10-Example.ps1 => 1-Create.ps1} (92%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/2-Update.ps1 rename Modules/Microsoft365DSC/Examples/Resources/{IntuneDeviceCompliancePolicyMacOS/2-RemoveDeviceCompliancePolicyMacOS.ps1 => IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/3-Remove.ps1} (54%) rename Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/{1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 => 1-Create.ps1} (97%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/3-Remove.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index 2a848f4f42..403974e7a0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, @@ -258,7 +258,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, @@ -446,7 +446,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof index c12ec5a624..b42167ba1f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof @@ -12,8 +12,8 @@ class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssign [ClassVersion("1.0.0.0"), FriendlyName("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy")] class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy : OMI_BaseResource { - [Key, Description("Identity of the account protection local administrator password solution policy.")] String Identity; - [Required, Description("Display name of the account protection local administrator password solution policy.")] String DisplayName; + [Write, Description("Identity of the account protection local administrator password solution policy.")] String Identity; + [Key, Description("Display name of the account protection local administrator password solution policy.")] String DisplayName; [Write, Description("Description of the account protection local administrator password solution policy.")] String Description; [Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[]; [Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 index 25d0b7f044..4524e0f42c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, @@ -192,7 +192,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, @@ -338,7 +338,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.schema.mof index 92fa66799573f9cd3560c34479d0d5a4af730bae..6254da09e60c2a6138edddec0fc58c810094cecc 100644 GIT binary patch delta 24 fcmeBhYI53OBQiNbQe$$0NY`W=5tYpnq93>cYY_-G delta 40 ucmZp2>Tud%BQp7&h|1&?kuLrqhE#?^hEj%1h9V#Sf diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 index bfa93b3e2a..1093519915 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.psm1 @@ -4,7 +4,7 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, @@ -246,7 +246,7 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, @@ -470,7 +470,7 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.schema.mof index 30d8d0b402dddb1acde032108fc4b20c5af1673c..0fc1da1716dad49a46334932be05dc70299ff169 100644 GIT binary patch delta 24 gcmdmxx+--;5YOZXVp@|ccseEr@u+Op<84v}0DH#5YJ>5UX{sJJYD=j45 + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + AdditionalGuardedFolders = @() + AdobeReaderLaunchChildProcess = 'auditMode' + AdvancedRansomewareProtectionType = 'enable' + Assignments = @() + AttackSurfaceReductionExcludedPaths = @('c:\Novo') + BlockPersistenceThroughWmiType = 'auditMode' + Description = '' + EmailContentExecutionType = 'auditMode' + GuardedFoldersAllowedAppPaths = @() + GuardMyFoldersType = 'enable' + OfficeAppsExecutableContentCreationOrLaunchType = 'block' + OfficeAppsLaunchChildProcessType = 'auditMode' + OfficeAppsOtherProcessInjectionType = 'block' + OfficeCommunicationAppsLaunchChildProcess = 'auditMode' + OfficeMacroCodeAllowWin32ImportsType = 'block' + PreventCredentialStealingType = 'enable' + ProcessCreationType = 'enable' # Updated Property + ScriptDownloadedPayloadExecutionType = 'block' + ScriptObfuscatedMacroCodeType = 'block' + UntrustedExecutableType = 'block' + UntrustedUSBProcessType = 'block' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..79762a0115 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-ConfigureIntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-ConfigureIntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 index 9ecfa62819..f31995576a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-ConfigureIntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "My Account Protection LAPS Policy" { - Identity = "cb0a561b-7677-46fb-a7f8-635cf64660e9"; DisplayName = "Account Protection LAPS Policy"; Description = "My revised description"; Ensure = "Present"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 new file mode 100644 index 0000000000..15e2b607fa --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "My Account Protection LAPS Policy" + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @( + MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackupDirectory = "1"; + PasswordAgeDays_AAD = 15; # Updated Property + AdministratorAccountName = "Administrator"; + PasswordAgeDays = 20; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..b9641cf809 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "My Account Protection LAPS Policy" + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Absent"; + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/1-ConfigureIntuneAccountProtectionLocalUserGroupMembershipPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/1-ConfigureIntuneAccountProtectionLocalUserGroupMembershipPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/1-Create.ps1 index 93dd6cca9a..d605f3441a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/1-ConfigureIntuneAccountProtectionLocalUserGroupMembershipPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneAccountProtectionLocalUserGroupMembershipPolicy "My Account Protection Local User Group Membership Policy" { - Identity = "cb0a561b-7677-46fb-a7f8-635cf64660e9"; DisplayName = "Account Protection LUGM Policy"; Description = "My revised description"; Ensure = "Present"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/2-Update.ps1 new file mode 100644 index 0000000000..e906680eeb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalUserGroupMembershipPolicy "My Account Protection Local User Group Membership Policy" + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @(); # Updated Property + LocalUserGroupCollection = @( + MSFT_IntuneAccountProtectionLocalUserGroupCollection{ + LocalGroups = @('administrators', 'users') + Members = @('S-1-12-1-1167842105-1150511762-402702254-1917434032') + Action = 'add_update' + UserSelectionType = 'users' + } + ); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..6e029e0525 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalUserGroupMembershipPolicy/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalUserGroupMembershipPolicy "My Account Protection Local User Group Membership Policy" + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Absent"; + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-ConfigureIntuneAccountProtectionPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 similarity index 90% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-ConfigureIntuneAccountProtectionPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 index 61d6256ace..2194ba0495 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-ConfigureIntuneAccountProtectionPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' { - Identity = '355e88e2-dd1f-4956-bafe-9000d8267ad5' DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" WindowsHelloForBusinessBlocked = $true diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 new file mode 100644 index 0000000000..a337d210ae --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" + WindowsHelloForBusinessBlocked = $true + PinMinimumLength = 10 # Updated Property + PinSpecialCharactersUsage = 'required' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..0a1cbf862a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/1-ConfigureIntuneAntivirusPolicyWindows10SettingCatalog.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/1-ConfigureIntuneAntivirusPolicyWindows10SettingCatalog.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/1-Create.ps1 index 3e86dab3c5..cd613829c1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/1-ConfigureIntuneAntivirusPolicyWindows10SettingCatalog.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' { - Identity = 'd64d4ab7-d0ac-4157-8823-a9db57b47cf1' DisplayName = 'av exclusions' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/2-Update.ps1 new file mode 100644 index 0000000000..b5ed0d3091 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }) + Description = '' + excludedextensions = @('.exe') + excludedpaths = @('c:\folders\', 'c:\folders2\') + excludedprocesses = @('processes.exe', 'process3.exe') # Updated Property + templateId = '45fea5e9-280d-4da1-9792-fb5736da0ca9_1' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/3-Remove.ps1 new file mode 100644 index 0000000000..7a5f368d52 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAntivirusPolicyWindows10SettingCatalog/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-Create.ps1 new file mode 100644 index 0000000000..7c8fee9252 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-Create.ps1 @@ -0,0 +1,37 @@ +<# +This example creates a new App Configuration Policy. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' + { + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'Test' + value = 'TestValue' + }); + Ensure = 'Present' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/2-Update.ps1 new file mode 100644 index 0000000000..507f2bf9e6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example creates a new App Configuration Policy. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' + { + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { # Updated Property + name = 'Test2' + value = 'TestValue2' + }); + Ensure = 'Present' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-NewAppConfigurationPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/3-Remove.ps1 similarity index 84% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-NewAppConfigurationPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/3-Remove.ps1 index 8f2dc7da1c..8aa3e4a095 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-NewAppConfigurationPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/3-Remove.ps1 @@ -17,8 +17,8 @@ Configuration Example { DisplayName = 'ContosoNew' Description = 'New Contoso Policy' - Ensure = 'Present' - Credential = $Credscredential + Credential = $Credscredential; + Ensure = 'Absent' } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/1-ConfigureAppProtectionPolicyAndroid.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/1-Create.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/1-ConfigureAppProtectionPolicyAndroid.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/1-Create.ps1 index e38fa8a20a..4f7c3a599e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/1-ConfigureAppProtectionPolicyAndroid.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/1-Create.ps1 @@ -23,13 +23,11 @@ Configuration Example AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' AllowedOutboundDataTransferDestinations = 'managedApps' Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') ContactSyncBlocked = $false DataBackupBlocked = $false Description = '' DeviceComplianceRequired = $True DisableAppPinIfDevicePinIsSet = $True - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') FingerprintBlocked = $False ManagedBrowserToOpenLinksRequired = $True MaximumPinRetries = 5 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/2-Update.ps1 new file mode 100644 index 0000000000..5dc2dc577e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/2-Update.ps1 @@ -0,0 +1,45 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $true # Updated Property + DataBackupBlocked = $false + Description = '' + DeviceComplianceRequired = $True + DisableAppPinIfDevicePinIsSet = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $false + PinRequired = $True + PrintBlocked = $True + SaveAsBlocked = $True + SimplePinBlocked = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} + diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/3-Remove.ps1 new file mode 100644 index 0000000000..3fe178f97e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyAndroid/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} + diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-Create.ps1 similarity index 88% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-Create.ps1 index 5379a3017a..15053df200 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-New iOS App Protection Policy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/1-Create.ps1 @@ -15,7 +15,6 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { - Identity = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' @@ -23,12 +22,10 @@ Configuration Example AllowedOutboundDataTransferDestinations = 'managedApps' AppDataEncryptionType = 'whenDeviceLocked' Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') ContactSyncBlocked = $False DataBackupBlocked = $False Description = '' DeviceComplianceRequired = $True - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') FingerprintBlocked = $False ManagedBrowserToOpenLinksRequired = $True MaximumPinRetries = 5 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/2-Update.ps1 new file mode 100644 index 0000000000..0ef59acb4d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/2-Update.ps1 @@ -0,0 +1,46 @@ +<# +This example creates a new App ProtectionPolicy for iOS. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 7 # Updated Property + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodOfflineBeforeAccessCheck = 'PT12H' + PeriodOfflineBeforeWipeIsEnforced = 'P90D' + PeriodOnlineBeforeAccessCheck = 'PT30M' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/3-Remove.ps1 new file mode 100644 index 0000000000..10acdf5fcc --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppProtectionPolicyiOS/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new App ProtectionPolicy for iOS. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/1-ConfigureApplicationControlPolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/1-ConfigureApplicationControlPolicyWindows10.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..ad867e1f8e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + AppLockerApplicationControl = 'enforceComponentsAndStoreApps' + SmartScreenBlockOverrideForFiles = $False # Updated Property + SmartScreenEnableInShell = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..5626780281 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneApplicationControlPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/1-ConfigureIntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/1-Create.ps1 similarity index 87% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/1-ConfigureIntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/1-Create.ps1 index 54eb93386f..a64d1cfb86 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/1-ConfigureIntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/1-Create.ps1 @@ -16,9 +16,8 @@ Configuration Example { IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' { - Identity = 'f6d1d1bc-d78f-4a5a-8f1b-0d95a60b0bc1' DisplayName = 'asr ConfigMgr' - Assignments = @() + blockadobereaderfromcreatingchildprocesses = "block"; Description = 'My revised description' Ensure = 'Present' Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 new file mode 100644 index 0000000000..efaa104596 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + blockadobereaderfromcreatingchildprocesses = "enable"; # Updated Property + Description = 'My revised description' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/3-Remove.ps1 new file mode 100644 index 0000000000..bbe506c085 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/1-New Filter.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/1-New Filter.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/2-Update.ps1 new file mode 100644 index 0000000000..7be28ee342 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example creates a new Device and App Management Assignment Filter. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $intuneAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Description = 'This is a new Filter' + Platform = 'windows10AndLater' + Rule = "(device.manufacturer -ne `"Apple`")" # Updated Property + Ensure = 'Present' + Credential = $intuneAdmin + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/3-Remove.ps1 new file mode 100644 index 0000000000..5612fd7a89 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceAndAppManagementAssignmentFilter/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device and App Management Assignment Filter. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $intuneAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Ensure = 'Absent' + Credential = $intuneAdmin + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/1-NewDeviceCategory.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/1-NewDeviceCategory.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-RemoveDeviceCompliancePolicyAndroidDeviceOwner.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/2-Update.ps1 similarity index 51% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-RemoveDeviceCompliancePolicyAndroidDeviceOwner.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/2-Update.ps1 index b4450b9ca2..aa53f77ea0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-RemoveDeviceCompliancePolicyAndroidDeviceOwner.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/2-Update.ps1 @@ -1,5 +1,5 @@ <# -This example removes an existing Device Compliance Policy for Android Device Owner devices +This example creates a new Device Category. #> Configuration Example @@ -13,10 +13,11 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'RemoveAndroidDeviceCompliancePolicyOwner' + IntuneDeviceCategory 'ConfigureDeviceCategory' { - DisplayName = 'DeviceOwnerPolicy' - Ensure = 'Absent' + DisplayName = 'Contoso' + Description = 'Contoso Category - Updated' # Updated Property + Ensure = 'Present' Credential = $Credscredential } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-RemoveAppConfigurationPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/3-Remove.ps1 similarity index 60% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-RemoveAppConfigurationPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/3-Remove.ps1 index fb86aff379..3e865eee3d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationPolicy/1-RemoveAppConfigurationPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCategory/3-Remove.ps1 @@ -1,5 +1,5 @@ <# -This example removes an existing App Configuration Policy. +This example creates a new Device Category. #> Configuration Example @@ -13,10 +13,9 @@ Configuration Example node localhost { - IntuneAppConfigurationPolicy 'RemoveAppConfigPolicy' + IntuneDeviceCategory 'ConfigureDeviceCategory' { - DisplayName = 'ContosoOld' - Description = 'Old Contoso Policy' + DisplayName = 'Contoso' Ensure = 'Absent' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/1-SetDeviceCleanupRule.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/2-Update.ps1 similarity index 88% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/1-SetDeviceCleanupRule.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/2-Update.ps1 index 15799b6672..7c6d1efcab 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/1-SetDeviceCleanupRule.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCleanupRule/2-Update.ps1 @@ -17,7 +17,7 @@ Configuration Example { Enabled = $true IsSingleInstance = 'Yes' - DeviceInactivityBeforeRetirementInDays = 30 + DeviceInactivityBeforeRetirementInDays = 25 # Updated Property Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/1-NewDeviceCompliancePolicyAndroid.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/1-NewDeviceCompliancePolicyAndroid.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-Update.ps1 new file mode 100644 index 0000000000..f4d3747b63 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-Update.ps1 @@ -0,0 +1,43 @@ +<# +This example creates a new Device Compliance Policy for Android devices +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' + { + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + osMinimumVersion = '7' + PasswordExpirationDays = 90 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 10 + PasswordRequired = $True + PasswordRequiredType = 'deviceDefault' + SecurityBlockJailbrokenDevices = $False + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/3-Remove.ps1 new file mode 100644 index 0000000000..61b4cc1c6c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Compliance Policy for Android devices +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' + { + DisplayName = 'Test Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/1-NewDeviceCompliancePolicyAndroidDeviceOwner.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/1-NewDeviceCompliancePolicyAndroidDeviceOwner.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..2f64930499 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/2-Update.ps1 @@ -0,0 +1,40 @@ +<# +This example creates a new Device Compliance Policy for Android Device Owner devices +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + { + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 8 # Updated Property + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..2f64930499 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidDeviceOwner/3-Remove.ps1 @@ -0,0 +1,40 @@ +<# +This example creates a new Device Compliance Policy for Android Device Owner devices +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + { + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 8 # Updated Property + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/1-NewDeviceCompliancePolicyAndroidWorkProfile.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/1-NewDeviceCompliancePolicyAndroidWorkProfile.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-RemoveDeviceCompliancePolicyAndroidWorkProfile.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-RemoveDeviceCompliancePolicyAndroidWorkProfile.ps1 deleted file mode 100644 index 03b6b071ca..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-RemoveDeviceCompliancePolicyAndroidWorkProfile.ps1 +++ /dev/null @@ -1,23 +0,0 @@ -<# -This example removes an existing Device Compliance Policy for iOs devices -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobbaAdminlAdmin - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceCompliancePolicyAndroidWorkProfile 'RemoveDeviceCompliancePolicyAndroidWorkProfile' - { - DisplayName = 'Test Android Work Profile Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-Update.ps1 new file mode 100644 index 0000000000..8983fda0ae --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/2-Update.ps1 @@ -0,0 +1,41 @@ +<# +This example creates a new Device Compliance Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' + { + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + PasswordExpirationDays = 90 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordRequired = $True + PasswordRequiredType = 'numericComplex' + SecurityBlockJailbrokenDevices = $True + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/3-Remove.ps1 new file mode 100644 index 0000000000..45ef8ccd64 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroidWorkProfile/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Compliance Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' + { + DisplayName = 'Test Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/1-NewIntuneDeviceCompliancePolicyMacOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/1-NewIntuneDeviceCompliancePolicyMacOS.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-Update.ps1 new file mode 100644 index 0000000000..7786b78f0d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-Update.ps1 @@ -0,0 +1,41 @@ +<# +This example creates a new Device Comliance Policy for MacOS. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' + { + DisplayName = 'MacOS DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordExpirationDays = 365 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'DeviceDefault' + OsMinimumVersion = 10 + OsMaximumVersion = 13 + SystemIntegrityProtectionEnabled = $False + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'Unavailable' + StorageRequireEncryption = $False + FirewallEnabled = $False + FirewallBlockAllIncoming = $False + FirewallEnableStealthMode = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/3-Remove.ps1 new file mode 100644 index 0000000000..bbe0504255 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Comliance Policy for MacOS. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' + { + DisplayName = 'MacOS DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/1-NewIntuneDeviceCompliancePolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/1-NewIntuneDeviceCompliancePolicyWindows10.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-RemoveDeviceCompliancePolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-RemoveDeviceCompliancePolicyWindows10.ps1 deleted file mode 100644 index 63ffe13d04..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-RemoveDeviceCompliancePolicyWindows10.ps1 +++ /dev/null @@ -1,23 +0,0 @@ -<# -This example removes an existing Device Compliance Policy for MacOS devices -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceCompliancePolicyWindows10 'RemoveDeviceCompliancePolicyWindows10' - { - DisplayName = 'Demo Windows 10 Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..abce742bfa --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/2-Update.ps1 @@ -0,0 +1,56 @@ +<# +This example creates a new Device Comliance Policy for Windows. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' + { + DisplayName = 'Windows 10 DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordRequiredToUnlockFromIdle = $True + PasswordMinutesOfInactivityBeforeLock = 15 + PasswordExpirationDays = 365 + PasswordMinimumLength = 8 # Updated Property + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'Devicedefault' + RequireHealthyDeviceReport = $True + OsMinimumVersion = 10 + OsMaximumVersion = 10.19 + MobileOsMinimumVersion = 10 + MobileOsMaximumVersion = 10.19 + EarlyLaunchAntiMalwareDriverEnabled = $False + BitLockerEnabled = $False + SecureBootEnabled = $True + CodeIntegrityEnabled = $True + StorageRequireEncryption = $True + ActiveFirewallRequired = $True + DefenderEnabled = $True + DefenderVersion = '' + SignatureOutOfDate = $True + RtpEnabled = $True + AntivirusRequired = $True + AntiSpywareRequired = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'Medium' + ConfigurationManagerComplianceRequired = $False + TPMRequired = $False + deviceCompliancePolicyScript = $null + ValidOperatingSystemBuildRanges = @() + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..c6c84570a1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Comliance Policy for Windows. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' + { + DisplayName = 'Windows 10 DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/1-NewDeviceCompliancePolicyiOs.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/1-NewDeviceCompliancePolicyiOs.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-RemoveDeviceCompliancePolicyiOs.ps1.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-RemoveDeviceCompliancePolicyiOs.ps1.ps1 deleted file mode 100644 index 62e42fdc4c..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-RemoveDeviceCompliancePolicyiOs.ps1.ps1 +++ /dev/null @@ -1,23 +0,0 @@ -<# -This example removes an existing Device Compliance Policy for iOs devices -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceCompliancePolicyiOs 'RemoveDeviceCompliancePolicyiOS' - { - DisplayName = 'Demo iOS Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-Update.ps1 new file mode 100644 index 0000000000..8333ab35fd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/2-Update.ps1 @@ -0,0 +1,39 @@ +<# +This example creates a new Device Compliance Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' + { + DisplayName = 'Test iOS Device Compliance Policy' + Description = 'Test iOS Device Compliance Policy Description' + PasscodeBlockSimple = $True + PasscodeExpirationDays = 365 + PasscodeMinimumLength = 8 # Updated Property + PasscodeMinutesOfInactivityBeforeLock = 5 + PasscodePreviousPasscodeBlockCount = 3 + PasscodeMinimumCharacterSetCount = 2 + PasscodeRequiredType = 'numeric' + PasscodeRequired = $True + OsMinimumVersion = 10 + OsMaximumVersion = 12 + SecurityBlockJailbrokenDevices = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'medium' + ManagedEmailProfileRequired = $True + Ensure = 'Present' + Credential = $Credscredential + + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/3-Remove.ps1 new file mode 100644 index 0000000000..f7be9cf102 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyiOs/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example creates a new Device Compliance Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' + { + DisplayName = 'Test iOS Device Compliance Policy' + Ensure = 'Absent' + Credential = $Credscredential + + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-Create.ps1 similarity index 98% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-Create.ps1 index 158c7db433..787552def1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/1-Create.ps1 @@ -137,7 +137,6 @@ Configuration Example Description = '' DisplayName = 'admin template' Ensure = 'Present' - Id = '2e72acda-30a8-4955-a4ca-c5e28527c81c' PolicyConfigurationIngestionType = 'unknown' } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..ba1f650fdd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 @@ -0,0 +1,143 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + PolicyConfigurationIngestionType = 'block' # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..1ff95ebdc0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + DisplayName = 'admin template' + Ensure = 'Absent' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-Create.ps1 index c5f0533321..2d6f33b948 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-IntuneDeviceConfigurationCustomPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/1-Create.ps1 @@ -25,7 +25,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "custom"; Ensure = "Present"; - Id = "e072d616-12bc-4ea3-9171-ab080e4c120d"; OmaSettings = @( MSFT_MicrosoftGraphomaSetting{ Description = 'custom' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..17cdb1f91a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/2-Update.ps1 @@ -0,0 +1,51 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ # Updated Property + Description = 'custom 3' + OmaUri = '/oma/custom3' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 3' + } + ); + SupportsScopeTags = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..5107baec1a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationCustomPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/1-IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/1-Create.ps1 similarity index 99% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/1-IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/1-Create.ps1 index df86bd1d71..100f2e2314 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/1-IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/1-Create.ps1 @@ -30,7 +30,6 @@ Configuration Example DisplayName = "MDE onboarding Legacy"; EnableExpeditedTelemetryReporting = $True; Ensure = "Present"; - Id = "510e4742-9c7b-414d-84a1-a1128fcf57a8"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..22fbce100e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/2-Update.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + AdvancedThreatProtectionAutoPopulateOnboardingBlob = $True; # Updated Property + AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; + AllowSampleSharing = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + EnableExpeditedTelemetryReporting = $True; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..056a65caad --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/1-IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/1-IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/1-Create.ps1 index e76bbe9e3e..ac9c07730a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/1-IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/1-Create.ps1 @@ -40,7 +40,6 @@ Configuration Example GroupIdSourceOption = 'adSite' odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' }; - Id = "c86efa80-248b-4002-80d4-e70ea151a4c7"; MaximumCacheAgeInDays = 3; MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ MaximumCacheSizeInGigabytes = 4 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..c8c69c7148 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/2-Update.ps1 @@ -0,0 +1,58 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackgroundDownloadFromHttpDelayInSeconds = 4; + BandwidthMode = MSFT_MicrosoftGraphdeliveryOptimizationBandwidth{ + MaximumDownloadBandwidthInKilobytesPerSecond = 22 + MaximumUploadBandwidthInKilobytesPerSecond = 33 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' + }; + CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 5; # Updated Property + CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 3; + CacheServerHostNames = @("domain.com"); + Credential = $Credscredential; + DeliveryOptimizationMode = "httpWithPeeringPrivateGroup"; + DisplayName = "delivery optimisation"; + Ensure = "Present"; + ForegroundDownloadFromHttpDelayInSeconds = 234; + GroupIdSource = MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource{ + GroupIdSourceOption = 'adSite' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' + }; + MaximumCacheAgeInDays = 3; + MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ + MaximumCacheSizeInGigabytes = 4 + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + }; + MinimumBatteryPercentageAllowedToUpload = 4; + MinimumDiskSizeAllowedToPeerInGigabytes = 3; + MinimumFileSizeToCacheInMegabytes = 3; + MinimumRamAllowedToPeerInGigabytes = 3; + ModifyCacheLocation = "%systemdrive%"; + RestrictPeerSelectionBy = "subnetMask"; + SupportsScopeTags = $True; + VpnPeerCaching = "enabled"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..d277c6761d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "delivery optimisation"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-Create.ps1 similarity index 93% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-Create.ps1 index 304e90a0b8..4b49df8514 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-IntuneDeviceConfigurationDomainJoinPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/1-Create.ps1 @@ -28,7 +28,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Domain Join"; Ensure = "Present"; - Id = "1ab2945b-36b5-4b34-bbf5-717885c15654"; OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; SupportsScopeTags = $True; } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..26a5dea8fd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + ActiveDirectoryDomainName = "domain.com"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ComputerNameStaticPrefix = "WK-"; + ComputerNameSuffixRandomCharCount = 12; + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Present"; + OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; + SupportsScopeTags = $False; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..822310ada5 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationDomainJoinPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/1-IntuneDeviceConfigurationEmailProfilePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/1-IntuneDeviceConfigurationEmailProfilePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/1-Create.ps1 index 388054d7ee..efa6cec816 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/1-IntuneDeviceConfigurationEmailProfilePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/1-Create.ps1 @@ -30,7 +30,6 @@ Configuration Example EmailSyncSchedule = "fifteenMinutes"; Ensure = "Present"; HostName = "outlook.office365.com"; - Id = "776bcf45-35f7-4436-93fb-7a74828c6477"; RequireSsl = $True; SyncCalendar = $True; SyncContacts = $True; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..950e073302 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/2-Update.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + AccountName = "Corp email2"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "email"; + DurationOfEmailToSync = "unlimited"; + EmailAddressSource = "primarySmtpAddress"; + EmailSyncSchedule = "fifteenMinutes"; + Ensure = "Present"; + HostName = "outlook.office365.com"; + RequireSsl = $False; # Updated Property + SyncCalendar = $True; + SyncContacts = $True; + SyncTasks = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..139573027a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEmailProfilePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "email"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/1-IntuneDeviceConfigurationEndpointProtectionPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/1-Create.ps1 similarity index 99% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/1-IntuneDeviceConfigurationEndpointProtectionPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/1-Create.ps1 index f53479e4ad..54d23472ea 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/1-IntuneDeviceConfigurationEndpointProtectionPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/1-Create.ps1 @@ -182,7 +182,6 @@ Configuration Example EdgeTraversal = 'notConfigured' } ); - Id = "447262e3-74b8-44c8-ac6f-7f036fd25e67"; LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; LanManagerWorkstationDisableInsecureGuestLogons = $False; LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..c1974f6b26 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/2-Update.ps1 @@ -0,0 +1,246 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + ApplicationGuardAllowFileSaveOnHost = $True; + ApplicationGuardAllowPersistence = $True; + ApplicationGuardAllowPrintToLocalPrinters = $True; + ApplicationGuardAllowPrintToNetworkPrinters = $False; # Updated Property + ApplicationGuardAllowPrintToPDF = $True; + ApplicationGuardAllowPrintToXPS = $True; + ApplicationGuardAllowVirtualGPU = $True; + ApplicationGuardBlockClipboardSharing = "blockContainerToHost"; + ApplicationGuardBlockFileTransfer = "blockImageFile"; + ApplicationGuardBlockNonEnterpriseContent = $True; + ApplicationGuardCertificateThumbprints = @(); + ApplicationGuardEnabled = $True; + ApplicationGuardEnabledOptions = "enabledForEdge"; + ApplicationGuardForceAuditing = $True; + AppLockerApplicationControl = "enforceComponentsStoreAppsAndSmartlocker"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BitLockerAllowStandardUserEncryption = $True; + BitLockerDisableWarningForOtherDiskEncryption = $True; + BitLockerEnableStorageCardEncryptionOnMobile = $True; + BitLockerEncryptDevice = $True; + BitLockerFixedDrivePolicy = MSFT_MicrosoftGraphbitLockerFixedDrivePolicy{ + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $True + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $True + RecoveryPasswordUsage = 'allowed' + } + RequireEncryptionForWriteAccess = $True + EncryptionMethod = 'xtsAes128' + }; + BitLockerRecoveryPasswordRotation = "notConfigured"; + BitLockerRemovableDrivePolicy = MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy{ + RequireEncryptionForWriteAccess = $True + BlockCrossOrganizationWriteAccess = $True + EncryptionMethod = 'aesCbc128' + }; + BitLockerSystemDrivePolicy = MSFT_MicrosoftGraphbitLockerSystemDrivePolicy{ + PrebootRecoveryEnableMessageAndUrl = $True + StartupAuthenticationTpmPinUsage = 'allowed' + EncryptionMethod = 'xtsAes128' + StartupAuthenticationTpmPinAndKeyUsage = 'allowed' + StartupAuthenticationRequired = $True + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $False + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $False + RecoveryPasswordUsage = 'allowed' + } + StartupAuthenticationTpmUsage = 'allowed' + StartupAuthenticationTpmKeyUsage = 'allowed' + StartupAuthenticationBlockWithoutTpmChip = $False + }; + Credential = $Credscredential; + DefenderAdditionalGuardedFolders = @(); + DefenderAdobeReaderLaunchChildProcess = "notConfigured"; + DefenderAdvancedRansomewareProtectionType = "notConfigured"; + DefenderAttackSurfaceReductionExcludedPaths = @(); + DefenderBlockPersistenceThroughWmiType = "userDefined"; + DefenderEmailContentExecution = "userDefined"; + DefenderEmailContentExecutionType = "userDefined"; + DefenderExploitProtectionXml = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxNaXRpZ2F0aW9uUG9saWN5Pg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IkFjcm9SZDMyLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJBY3JvUmQzMkluZm8uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImNsdmlldy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iY25mbm90MzIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImV4Y2VsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJleGNlbGNudi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iRXh0RXhwb3J0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJncmFwaC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iaWU0dWluaXQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllaW5zdGFsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJpZWxvd3V0aWwuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllVW5hdHQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImlleHBsb3JlLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJseW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2FjY2Vzcy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNjb3JzdncuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zZmVlZHNzeW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2h0YS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvYWRmc2IuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb2FzYi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvaHRtZWQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3NyZWMuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3htbGVkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc3B1Yi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNxcnkzMi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iTXNTZW5zZS5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgICA8SW1hZ2VMb2FkIFByZWZlclN5c3RlbTMyPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VuLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VudGFzay5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZW0uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im9yZ2NoYXJ0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJvdXRsb29rLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJwb3dlcnBudC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUHJlc2VudGF0aW9uSG9zdC5leGUiPg0KICAgIDxERVAgRW5hYmxlPSJ0cnVlIiBFbXVsYXRlQXRsVGh1bmtzPSJmYWxzZSIgLz4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIEJvdHRvbVVwPSJ0cnVlIiBIaWdoRW50cm9weT0idHJ1ZSIgLz4NCiAgICA8U0VIT1AgRW5hYmxlPSJ0cnVlIiBUZWxlbWV0cnlPbmx5PSJmYWxzZSIgLz4NCiAgICA8SGVhcCBUZXJtaW5hdGVPbkVycm9yPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJQcmludERpYWxvZy5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUmRyQ0VGLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJSZHJTZXJ2aWNlc1VwZGF0ZXIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InJ1bnRpbWVicm9rZXIuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5vc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5wc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNkeGhlbHBlci5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ic2VsZmNlcnQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNldGxhbmcuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IlN5c3RlbVNldHRpbmdzLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3aW53b3JkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3b3JkY29udi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQo8L01pdGlnYXRpb25Qb2xpY3k+"; + DefenderExploitProtectionXmlFileName = "Settings.xml"; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderGuardedFoldersAllowedAppPaths = @(); + DefenderGuardMyFoldersType = "auditMode"; + DefenderNetworkProtectionType = "enable"; + DefenderOfficeAppsExecutableContentCreationOrLaunch = "userDefined"; + DefenderOfficeAppsExecutableContentCreationOrLaunchType = "userDefined"; + DefenderOfficeAppsLaunchChildProcess = "userDefined"; + DefenderOfficeAppsLaunchChildProcessType = "userDefined"; + DefenderOfficeAppsOtherProcessInjection = "userDefined"; + DefenderOfficeAppsOtherProcessInjectionType = "userDefined"; + DefenderOfficeCommunicationAppsLaunchChildProcess = "notConfigured"; + DefenderOfficeMacroCodeAllowWin32Imports = "userDefined"; + DefenderOfficeMacroCodeAllowWin32ImportsType = "userDefined"; + DefenderPreventCredentialStealingType = "enable"; + DefenderProcessCreation = "userDefined"; + DefenderProcessCreationType = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderScriptDownloadedPayloadExecution = "userDefined"; + DefenderScriptDownloadedPayloadExecutionType = "userDefined"; + DefenderScriptObfuscatedMacroCode = "userDefined"; + DefenderScriptObfuscatedMacroCodeType = "userDefined"; + DefenderSecurityCenterBlockExploitProtectionOverride = $False; + DefenderSecurityCenterDisableAccountUI = $False; + DefenderSecurityCenterDisableClearTpmUI = $True; + DefenderSecurityCenterDisableFamilyUI = $False; + DefenderSecurityCenterDisableHardwareUI = $True; + DefenderSecurityCenterDisableHealthUI = $False; + DefenderSecurityCenterDisableNetworkUI = $False; + DefenderSecurityCenterDisableNotificationAreaUI = $False; + DefenderSecurityCenterDisableRansomwareUI = $False; + DefenderSecurityCenterDisableVirusUI = $False; + DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $True; + DefenderSecurityCenterHelpEmail = "me@domain.com"; + DefenderSecurityCenterHelpPhone = "yes"; + DefenderSecurityCenterITContactDisplay = "displayInAppAndInNotifications"; + DefenderSecurityCenterNotificationsFromApp = "blockNoncriticalNotifications"; + DefenderSecurityCenterOrganizationDisplayName = "processes.exe"; + DefenderUntrustedExecutable = "userDefined"; + DefenderUntrustedExecutableType = "userDefined"; + DefenderUntrustedUSBProcess = "userDefined"; + DefenderUntrustedUSBProcessType = "userDefined"; + DeviceGuardEnableSecureBootWithDMA = $True; + DeviceGuardEnableVirtualizationBasedSecurity = $True; + DeviceGuardLaunchSystemGuard = "notConfigured"; + DeviceGuardLocalSystemAuthorityCredentialGuardSettings = "enableWithoutUEFILock"; + DeviceGuardSecureBootWithDMA = "notConfigured"; + DisplayName = "endpoint protection legacy - dsc v2.0"; + DmaGuardDeviceEnumerationPolicy = "deviceDefault"; + Ensure = "Present"; + FirewallCertificateRevocationListCheckMethod = "deviceDefault"; + FirewallIPSecExemptionsAllowDHCP = $False; + FirewallIPSecExemptionsAllowICMP = $False; + FirewallIPSecExemptionsAllowNeighborDiscovery = $False; + FirewallIPSecExemptionsAllowRouterDiscovery = $False; + FirewallIPSecExemptionsNone = $False; + FirewallPacketQueueingMethod = "deviceDefault"; + FirewallPreSharedKeyEncodingMethod = "deviceDefault"; + FirewallProfileDomain = MSFT_MicrosoftGraphwindowsFirewallNetworkProfile{ + PolicyRulesFromGroupPolicyNotMerged = $False + InboundNotificationsBlocked = $True + OutboundConnectionsRequired = $True + GlobalPortRulesFromGroupPolicyNotMerged = $True + ConnectionSecurityRulesFromGroupPolicyNotMerged = $True + UnicastResponsesToMulticastBroadcastsRequired = $True + PolicyRulesFromGroupPolicyMerged = $False + UnicastResponsesToMulticastBroadcastsBlocked = $False + IncomingTrafficRequired = $False + IncomingTrafficBlocked = $True + ConnectionSecurityRulesFromGroupPolicyMerged = $False + StealthModeRequired = $False + InboundNotificationsRequired = $False + AuthorizedApplicationRulesFromGroupPolicyMerged = $False + InboundConnectionsBlocked = $True + OutboundConnectionsBlocked = $False + StealthModeBlocked = $True + GlobalPortRulesFromGroupPolicyMerged = $False + SecuredPacketExemptionBlocked = $False + SecuredPacketExemptionAllowed = $False + InboundConnectionsRequired = $False + FirewallEnabled = 'allowed' + AuthorizedApplicationRulesFromGroupPolicyNotMerged = $True + }; + FirewallRules = @( + MSFT_MicrosoftGraphwindowsFirewallRule{ + Action = 'allowed' + InterfaceTypes = 'notConfigured' + DisplayName = 'ICMP' + TrafficDirection = 'in' + ProfileTypes = 'domain' + EdgeTraversal = 'notConfigured' + } + ); + LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; + LanManagerWorkstationDisableInsecureGuestLogons = $False; + LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $False; + LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $False; + LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $False; + LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $True; + LocalSecurityOptionsAllowUIAccessApplicationElevation = $False; + LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $False; + LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $True; + LocalSecurityOptionsBlockMicrosoftAccounts = $True; + LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $True; + LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $True; + LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $True; + LocalSecurityOptionsClearVirtualMemoryPageFile = $True; + LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $False; + LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $False; + LocalSecurityOptionsDisableAdministratorAccount = $True; + LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $False; + LocalSecurityOptionsDisableGuestAccount = $True; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $False; + LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $True; + LocalSecurityOptionsDoNotRequireCtrlAltDel = $True; + LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $False; + LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = "administrators"; + LocalSecurityOptionsHideLastSignedInUser = $False; + LocalSecurityOptionsHideUsernameAtSignIn = $False; + LocalSecurityOptionsInformationDisplayedOnLockScreen = "notConfigured"; + LocalSecurityOptionsInformationShownOnLockScreen = "notConfigured"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = "none"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = "none"; + LocalSecurityOptionsOnlyElevateSignedExecutables = $False; + LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $True; + LocalSecurityOptionsSmartCardRemovalBehavior = "lockWorkstation"; + LocalSecurityOptionsStandardUserElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $False; + LocalSecurityOptionsUseAdminApprovalMode = $False; + LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $False; + LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $False; + SmartScreenBlockOverrideForFiles = $True; + SmartScreenEnableInShell = $True; + SupportsScopeTags = $True; + UserRightsAccessCredentialManagerAsTrustedCaller = MSFT_MicrosoftGraphdeviceManagementUserRightsSetting{ + State = 'allowed' + LocalUsersOrGroups = @( + MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup{ + Name = 'NT AUTHORITY\Local service' + SecurityIdentifier = '*S-1-5-19' + } + ) + }; + WindowsDefenderTamperProtection = "enable"; + XboxServicesAccessoryManagementServiceStartupMode = "manual"; + XboxServicesEnableXboxGameSaveTask = $True; + XboxServicesLiveAuthManagerServiceStartupMode = "manual"; + XboxServicesLiveGameSaveServiceStartupMode = "manual"; + XboxServicesLiveNetworkingServiceStartupMode = "manual"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..2bd05a7edd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + DisplayName = "endpoint protection legacy - dsc v2.0"; + Credential = $Credscredential; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-Create.ps1 index 8da4847d58..3752103cac 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/1-Create.ps1 @@ -31,7 +31,6 @@ Configuration Example DisplayName = "firmware"; Ensure = "Present"; FrontCamera = "enabled"; - Id = "16599412-1827-4837-b2c1-da2c8260d16e"; InfraredCamera = "enabled"; Microphone = "notConfigured"; MicrophonesAndSpeakers = "enabled"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..ed2c28bad3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 @@ -0,0 +1,52 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Bluetooth = "notConfigured"; + BootFromBuiltInNetworkAdapters = "notConfigured"; + BootFromExternalMedia = "notConfigured"; + Cameras = "block"; # Updated Property + ChangeUefiSettingsPermission = "notConfiguredOnly"; + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Present"; + FrontCamera = "enabled"; + InfraredCamera = "enabled"; + Microphone = "notConfigured"; + MicrophonesAndSpeakers = "enabled"; + NearFieldCommunication = "notConfigured"; + Radios = "enabled"; + RearCamera = "enabled"; + SdCard = "notConfigured"; + SimultaneousMultiThreading = "enabled"; + SupportsScopeTags = $True; + UsbTypeAPort = "notConfigured"; + VirtualizationOfCpuAndIO = "enabled"; + WakeOnLAN = "notConfigured"; + WakeOnPower = "notConfigured"; + WiFi = "notConfigured"; + WindowsPlatformBinaryTable = "enabled"; + WirelessWideAreaNetwork = "notConfigured"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..add44ac809 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-Create.ps1 similarity index 93% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-Create.ps1 index cb8f5c3015..4c03d36315 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/1-Create.ps1 @@ -27,7 +27,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Health Monitoring Configuration"; Ensure = "Present"; - Id = "ea1bbbf2-1593-4156-9995-62b93a474e01"; SupportsScopeTags = $True; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..bb30703c2c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + AllowDeviceHealthMonitoring = "enabled"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Present"; + SupportsScopeTags = $False; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..16c309c95b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/1-IntuneDeviceConfigurationIdentityProtectionPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/1-IntuneDeviceConfigurationIdentityProtectionPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/1-Create.ps1 index 77e0f9faf3..c46b71ab56 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/1-IntuneDeviceConfigurationIdentityProtectionPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/1-Create.ps1 @@ -26,7 +26,6 @@ Configuration Example DisplayName = "identity protection"; EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; Ensure = "Present"; - Id = "e0f7e513-6b34-4a74-8d90-fe7648c0ce30"; PinExpirationInDays = 5; PinLowercaseCharactersUsage = "allowed"; PinMaximumLength = 4; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..63fc645723 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/2-Update.ps1 @@ -0,0 +1,45 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "identity protection"; + EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; + Ensure = "Present"; + PinExpirationInDays = 5; + PinLowercaseCharactersUsage = "allowed"; + PinMaximumLength = 4; + PinMinimumLength = 4; + PinPreviousBlockCount = 4; # Updated Property + PinRecoveryEnabled = $True; + PinSpecialCharactersUsage = "allowed"; + PinUppercaseCharactersUsage = "allowed"; + SecurityDeviceRequired = $True; + SupportsScopeTags = $True; + UnlockWithBiometricsEnabled = $True; + UseCertificatesForOnPremisesAuthEnabled = $True; + UseSecurityKeyForSignin = $True; + WindowsHelloForBusinessBlocked = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..a888e787f9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "identity protection"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/1-IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/1-IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/1-Create.ps1 index f26bd9aab4..29b160b437 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/1-IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/1-Create.ps1 @@ -27,7 +27,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "PKCS Imported"; Ensure = "Present"; - Id = "01a4f283-7bb6-4b11-99fa-e56826d986d0"; IntendedPurpose = "unassigned"; KeyStorageProvider = "useSoftwareKsp"; RenewalThresholdPercentage = 50; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..6c1ec6759e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Present"; + IntendedPurpose = "unassigned"; + KeyStorageProvider = "useSoftwareKsp"; + RenewalThresholdPercentage = 60; # Updated Property + SubjectAlternativeNameType = "emailAddress"; + SubjectNameFormat = "commonName"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..77bb7e16ae --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/1-IntuneDeviceConfigurationKioskPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/1-IntuneDeviceConfigurationKioskPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/1-Create.ps1 index f9bf167703..0de1951bf4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/1-IntuneDeviceConfigurationKioskPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/1-Create.ps1 @@ -26,7 +26,6 @@ Configuration Example DisplayName = "kiosk"; EdgeKioskEnablePublicBrowsing = $False; Ensure = "Present"; - Id = "7fea73fd-20d3-439a-9fa4-73955e082dc5"; KioskBrowserBlockedUrlExceptions = @(); KioskBrowserBlockedURLs = @(); KioskBrowserDefaultUrl = "http://bing.com"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..6806ed767b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/2-Update.ps1 @@ -0,0 +1,67 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "kiosk"; + EdgeKioskEnablePublicBrowsing = $False; # Updated Property + Ensure = "Present"; + KioskBrowserBlockedUrlExceptions = @(); + KioskBrowserBlockedURLs = @(); + KioskBrowserDefaultUrl = "http://bing.com"; + KioskBrowserEnableEndSessionButton = $False; + KioskBrowserEnableHomeButton = $True; + KioskBrowserEnableNavigationButtons = $False; + KioskProfiles = @( + MSFT_MicrosoftGraphwindowsKioskProfile{ + ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c' + UserAccountsConfiguration = @( + MSFT_MicrosoftGraphWindowsKioskUser{ + odataType = '#microsoft.graph.windowsKioskAutologon' + } + ) + ProfileName = 'profile' + AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{ + Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{ + EdgeNoFirstRun = $True + EdgeKiosk = 'https://domain.com' + ClassicAppPath = 'msedge.exe' + AutoLaunch = $False + StartLayoutTileSize = 'hidden' + AppType = 'unknown' + EdgeKioskType = 'publicBrowsing' + } + odataType = '#microsoft.graph.windowsKioskSingleWin32App' + } + } + ); + WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ + RunImmediatelyIfAfterStartDateTime = $False + StartDateTime = '2023-04-15T23:00:00.0000000+00:00' + DayofMonth = 1 + Recurrence = 'daily' + DayofWeek = 'sunday' + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..80a6d10ec1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationKioskPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "kiosk"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-Create.ps1 index 5c0f78ece1..50f6bc80dc 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/1-Create.ps1 @@ -25,7 +25,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "network boundary"; Ensure = "Present"; - Id = "16c280a3-a04f-4847-b3bb-3cef06cb2be3"; SupportsScopeTags = $True; WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ EnterpriseProxyServers = @() diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..caa6db6a07 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/2-Update.ps1 @@ -0,0 +1,46 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Present"; + SupportsScopeTags = $False; # Updated Property + WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ + EnterpriseProxyServers = @() + EnterpriseInternalProxyServers = @() + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('domain.com') + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphIpRange1{ + UpperAddress = '1.1.1.255' + LowerAddress = '1.1.1.0' + odataType = '#microsoft.graph.iPv4Range' + } + ) + NeutralDomainResources = @() + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..4629ee0d8e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/1-IntuneDeviceConfigurationPkcsCertificatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/1-IntuneDeviceConfigurationPkcsCertificatePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/1-Create.ps1 index fc5ad71fef..122e22534c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/1-IntuneDeviceConfigurationPkcsCertificatePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/1-Create.ps1 @@ -37,7 +37,6 @@ Configuration Example ); DisplayName = "PKCS"; Ensure = "Present"; - Id = "2abd77a6-b656-4231-ab64-89c31e871ca6"; KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; RenewalThresholdPercentage = 20; SubjectAlternativeNameType = "none"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..408d3012ff --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/2-Update.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateTemplateName = "Template DSC"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + CertificationAuthority = "CA=Name"; + CertificationAuthorityName = "Test"; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'certificate.com' + } + ); + DisplayName = "PKCS"; + Ensure = "Present"; + KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; + RenewalThresholdPercentage = 30; # Updated Property + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..2c442218c4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "PKCS"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/1-Create.ps1 similarity index 97% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/1-Create.ps1 index 5a07fcc188..046eae0b0f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' { - Id = '4feff881-d635-4e9d-bd07-d1227d1ab230' DisplayName = 'Android device admin' AppsBlockClipboardSharing = $True AppsBlockCopyPaste = $True diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 new file mode 100644 index 0000000000..6ada58e52e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 @@ -0,0 +1,78 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + AppsBlockClipboardSharing = $True + AppsBlockCopyPaste = $False # Updated Property + AppsBlockYouTube = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + BluetoothBlocked = $True + CameraBlocked = $True + CellularBlockDataRoaming = $False + CellularBlockMessaging = $False + CellularBlockVoiceRoaming = $False + CellularBlockWiFiTethering = $False + CompliantAppListType = 'appsInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphAppListitem { + name = 'customApp' + publisher = 'google2' + appStoreUrl = 'https://appUrl.com' + appId = 'com.custom.google.com' + } + ) + DateAndTimeBlockChanges = $True + DeviceSharingAllowed = $False + DiagnosticDataBlockSubmission = $False + FactoryResetBlocked = $False + GoogleAccountBlockAutoSync = $False + GooglePlayStoreBlocked = $False + KioskModeBlockSleepButton = $False + KioskModeBlockVolumeButtons = $True + LocationServicesBlocked = $False + NfcBlocked = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $False + PasswordRequired = $True + PasswordRequiredType = 'numeric' + PowerOffBlocked = $False + RequiredPasswordComplexity = 'low' + ScreenCaptureBlocked = $False + SecurityRequireVerifyApps = $False + StorageBlockGoogleBackup = $False + StorageBlockRemovableStorage = $False + StorageRequireDeviceEncryption = $False + StorageRequireRemovableStorageEncryption = $True + VoiceAssistantBlocked = $False + VoiceDialingBlocked = $False + WebBrowserBlockAutofill = $False + WebBrowserBlocked = $False + WebBrowserBlockJavaScript = $False + WebBrowserBlockPopups = $False + WebBrowserCookieSettings = 'allowAlways' + WiFiBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 new file mode 100644 index 0000000000..441167a739 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceOwner.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 similarity index 97% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceOwner.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 index ad22ea09e5..b75191c8fb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/1-ConfigureIntuneDeviceConfigurationPolicyAndroidDeviceOwner.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' { - Id = '57853b98-db50-4605-9292-3ade98e25bc3' DisplayName = 'general confi - AndroidDeviceOwner' Assignments = @() AzureAdSharedDeviceDataClearApps = @() diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..854e05e7d9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/2-Update.ps1 @@ -0,0 +1,64 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Assignments = @() + AzureAdSharedDeviceDataClearApps = @() + CameraBlocked = $False # Updated Property + CrossProfilePoliciesAllowDataSharing = 'notConfigured' + EnrollmentProfile = 'notConfigured' + FactoryResetDeviceAdministratorEmails = @() + GlobalProxy = MSFT_MicrosoftGraphandroiddeviceownerglobalproxy { + odataType = '#microsoft.graph.androidDeviceOwnerGlobalProxyDirect' + host = 'myproxy.com' + port = 8083 + } + KioskCustomizationStatusBar = 'notConfigured' + KioskCustomizationSystemNavigation = 'notConfigured' + KioskModeAppPositions = @() + KioskModeApps = @() + KioskModeManagedFolders = @() + KioskModeUseManagedHomeScreenApp = 'notConfigured' + KioskModeWifiAllowedSsids = @() + MicrophoneForceMute = $True + NfcBlockOutgoingBeam = $True + PasswordBlockKeyguardFeatures = @() + PasswordRequiredType = 'deviceDefault' + PasswordRequireUnlock = 'deviceDefault' + PersonalProfilePersonalApplications = @() + PersonalProfilePlayStoreMode = 'notConfigured' + ScreenCaptureBlocked = $True + SecurityRequireVerifyApps = $True + StayOnModes = @() + StorageBlockExternalMedia = $True + SystemUpdateFreezePeriods = @( + MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod { + startMonth = 12 + startDay = 23 + endMonth = 12 + endDay = 30 + }) + VpnAlwaysOnLockdownMode = $False + VpnAlwaysOnPackageIdentifier = '' + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfilePasswordRequireUnlock = 'deviceDefault' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..3c1e951844 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidDeviceOwner/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/1-ConfigureIntuneDeviceConfigurationPolicyAndroidOpenSourceProject.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/1-Create.ps1 similarity index 93% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/1-ConfigureIntuneDeviceConfigurationPolicyAndroidOpenSourceProject.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/1-Create.ps1 index cfde0201d9..e18d649060 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/1-ConfigureIntuneDeviceConfigurationPolicyAndroidOpenSourceProject.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' { - Id = '9191730e-6e01-4b77-b23c-9648b5c7bb1e' DisplayName = 'aosp' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 new file mode 100644 index 0000000000..184ed1705e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + CameraBlocked = $True # Updated Property + FactoryResetBlocked = $True + PasswordRequiredType = 'deviceDefault' + ScreenCaptureBlocked = $True + StorageBlockExternalMedia = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 new file mode 100644 index 0000000000..5c16fc6b49 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/1-NewIntuneDeviceConfigurationPolicyAndroidWorkProfile.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/1-NewIntuneDeviceConfigurationPolicyAndroidWorkProfile.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/2-Update.ps1 new file mode 100644 index 0000000000..cf2bbd792e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/2-Update.ps1 @@ -0,0 +1,43 @@ +<# +This example creates a new General Device Configuration Policy for Android WorkProfile . +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidWorkProfile 97ed22e9-1429-40dc-ab3c-0055e538383b + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $True # Updated Property + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeScreenTimeout = 15 + PasswordRequiredType = 'atLeastNumeric' + SecurityRequireVerifyApps = $True + WorkProfileBlockAddingAccounts = $True + WorkProfileBlockCamera = $False + WorkProfileBlockCrossProfileCallerId = $False + WorkProfileBlockCrossProfileContactsSearch = $False + WorkProfileBlockCrossProfileCopyPaste = $True + WorkProfileBlockNotificationsWhileDeviceLocked = $True + WorkProfileBlockScreenCapture = $True + WorkProfileBluetoothEnableContactSharing = $False + WorkProfileDataSharingType = 'allowPersonalToWork' + WorkProfileDefaultAppPermissionPolicy = 'deviceDefault' + WorkProfilePasswordBlockFingerprintUnlock = $False + WorkProfilePasswordBlockTrustAgents = $False + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfileRequirePassword = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/3-Remove.ps1 new file mode 100644 index 0000000000..b019a1a657 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyAndroidWorkProfile/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new General Device Configuration Policy for Android WorkProfile . +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidWorkProfile 97ed22e9-1429-40dc-ab3c-0055e538383b + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/1-ConfigureIntuneDeviceConfigurationPolicyMacOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/1-Create.ps1 similarity index 98% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/1-ConfigureIntuneDeviceConfigurationPolicyMacOS.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/1-Create.ps1 index d0ac0201c0..b6234b3b22 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/1-ConfigureIntuneDeviceConfigurationPolicyMacOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' { - Id = '01fc772e-a2ef-4c33-8b57-29b7aa5243cb' DisplayName = 'MacOS device restriction' AddingGameCenterFriendsBlocked = $True AirDropBlocked = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/2-Update.ps1 new file mode 100644 index 0000000000..d52aa87392 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/2-Update.ps1 @@ -0,0 +1,115 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + AddingGameCenterFriendsBlocked = $True + AirDropBlocked = $True # Updated Property + AppleWatchBlockAutoUnlock = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + } + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20' + }) + CameraBlocked = $False + ClassroomAppBlockRemoteScreenObservation = $False + ClassroomAppForceUnpromptedScreenObservation = $False + ClassroomForceAutomaticallyJoinClasses = $False + ClassroomForceRequestPermissionToLeaveClasses = $False + ClassroomForceUnpromptedAppAndDeviceLock = $False + CompliantAppListType = 'appsNotInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphapplistitemMacOS { + name = 'appname2' + publisher = 'publisher' + appId = 'bundle' + } + ) + ContentCachingBlocked = $False + DefinitionLookupBlocked = $True + EmailInDomainSuffixes = @() + EraseContentAndSettingsBlocked = $False + GameCenterBlocked = $False + ICloudBlockActivityContinuation = $False + ICloudBlockAddressBook = $False + ICloudBlockBookmarks = $False + ICloudBlockCalendar = $False + ICloudBlockDocumentSync = $False + ICloudBlockMail = $False + ICloudBlockNotes = $False + ICloudBlockPhotoLibrary = $False + ICloudBlockReminders = $False + ICloudDesktopAndDocumentsBlocked = $False + ICloudPrivateRelayBlocked = $False + ITunesBlockFileSharing = $False + ITunesBlockMusicService = $False + KeyboardBlockDictation = $False + KeychainBlockCloudSync = $False + MultiplayerGamingBlocked = $False + PasswordBlockAirDropSharing = $False + PasswordBlockAutoFill = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockModification = $False + PasswordBlockProximityRequests = $False + PasswordBlockSimple = $False + PasswordRequired = $False + PasswordRequiredType = 'deviceDefault' + PrivacyAccessControls = @( + MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { + displayName = 'test' + identifier = 'test45' + identifierType = 'path' + codeRequirement = 'test' + blockCamera = $True + speechRecognition = 'notConfigured' + accessibility = 'notConfigured' + addressBook = 'enabled' + calendar = 'notConfigured' + reminders = 'notConfigured' + photos = 'notConfigured' + mediaLibrary = 'notConfigured' + fileProviderPresence = 'notConfigured' + systemPolicyAllFiles = 'notConfigured' + systemPolicySystemAdminFiles = 'notConfigured' + systemPolicyDesktopFolder = 'notConfigured' + systemPolicyDocumentsFolder = 'notConfigured' + systemPolicyDownloadsFolder = 'notConfigured' + systemPolicyNetworkVolumes = 'notConfigured' + systemPolicyRemovableVolumes = 'notConfigured' + postEvent = 'notConfigured' + } + ) + SafariBlockAutofill = $False + ScreenCaptureBlocked = $False + SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateNonOSDeferredInstallDelayInDays = 30 + SoftwareUpdatesEnforcedDelayInDays = 30 + SpotlightBlockInternetResults = $False + UpdateDelayPolicy = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility') + WallpaperModificationBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/3-Remove.ps1 new file mode 100644 index 0000000000..b2e3b21362 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyMacOS/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-Create.ps1 similarity index 99% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-Create.ps1 index ec0bee60aa..940cc63a3f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-Create.ps1 @@ -129,7 +129,6 @@ Configuration Example ExperienceDoNotSyncBrowserSettings = "notConfigured"; FindMyFiles = "notConfigured"; GameDvrBlocked = $True; - Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; InkWorkspaceAccess = "notConfigured"; InkWorkspaceAccessState = "notConfigured"; InkWorkspaceBlockSuggestedApps = $False; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..e9f0b4b8b2 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/2-Update.ps1 @@ -0,0 +1,272 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $True; # Updated Property + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..1d793d1f51 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "device config"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-Create.ps1 similarity index 98% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-Create.ps1 index 415076cd7e..0ae05c68c6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-NewIntuneDeviceConfigurationPolicyiOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/1-Create.ps1 @@ -15,7 +15,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' { - Id = '901c99e3-6429-4f02-851f-54b49a53f103' DisplayName = 'iOS DSC Policy' AccountBlockModification = $False ActivationLockAllowWhenSupervised = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/2-Update.ps1 new file mode 100644 index 0000000000..4b06a5591f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/2-Update.ps1 @@ -0,0 +1,130 @@ +<# +This example creates a new Device Configuration Policy for iOS. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + AccountBlockModification = $False + ActivationLockAllowWhenSupervised = $False + AirDropBlocked = $True # Updated Property + AirDropForceUnmanagedDropTarget = $False + AirPlayForcePairingPasswordForOutgoingRequests = $False + AppleNewsBlocked = $False + AppleWatchBlockPairing = $False + AppleWatchForceWristDetection = $False + AppStoreBlockAutomaticDownloads = $False + AppStoreBlocked = $False + AppStoreBlockInAppPurchases = $False + AppStoreBlockUIAppInstallation = $False + AppStoreRequirePassword = $False + AppsVisibilityList = @() + AppsVisibilityListType = 'none' + BluetoothBlockModification = $True + CameraBlocked = $False + CellularBlockDataRoaming = $False + CellularBlockGlobalBackgroundFetchWhileRoaming = $False + CellularBlockPerAppDataModification = $False + CellularBlockVoiceRoaming = $False + CertificatesBlockUntrustedTlsCertificates = $False + ClassroomAppBlockRemoteScreenObservation = $False + CompliantAppListType = 'none' + CompliantAppsList = @() + ConfigurationProfileBlockChanges = $False + DefinitionLookupBlocked = $False + Description = 'iOS Device Restriction Policy' + DeviceBlockEnableRestrictions = $True + DeviceBlockEraseContentAndSettings = $False + DeviceBlockNameModification = $False + DiagnosticDataBlockSubmission = $False + DiagnosticDataBlockSubmissionModification = $False + DocumentsBlockManagedDocumentsInUnmanagedApps = $False + DocumentsBlockUnmanagedDocumentsInManagedApps = $False + EmailInDomainSuffixes = @() + EnterpriseAppBlockTrust = $False + EnterpriseAppBlockTrustModification = $False + FaceTimeBlocked = $False + FindMyFriendsBlocked = $False + GameCenterBlocked = $False + GamingBlockGameCenterFriends = $True + GamingBlockMultiplayer = $False + HostPairingBlocked = $False + iBooksStoreBlocked = $False + iBooksStoreBlockErotica = $False + iCloudBlockActivityContinuation = $False + iCloudBlockBackup = $True + iCloudBlockDocumentSync = $True + iCloudBlockManagedAppsSync = $False + iCloudBlockPhotoLibrary = $False + iCloudBlockPhotoStreamSync = $True + iCloudBlockSharedPhotoStream = $False + iCloudRequireEncryptedBackup = $False + iTunesBlockExplicitContent = $False + iTunesBlockMusicService = $False + iTunesBlockRadio = $False + KeyboardBlockAutoCorrect = $False + KeyboardBlockPredictive = $False + KeyboardBlockShortcuts = $False + KeyboardBlockSpellCheck = $False + KioskModeAllowAssistiveSpeak = $False + KioskModeAllowAssistiveTouchSettings = $False + KioskModeAllowAutoLock = $False + KioskModeAllowColorInversionSettings = $False + KioskModeAllowRingerSwitch = $False + KioskModeAllowScreenRotation = $False + KioskModeAllowSleepButton = $False + KioskModeAllowTouchscreen = $False + KioskModeAllowVoiceOverSettings = $False + KioskModeAllowVolumeButtons = $False + KioskModeAllowZoomSettings = $False + KioskModeRequireAssistiveTouch = $False + KioskModeRequireColorInversion = $False + KioskModeRequireMonoAudio = $False + KioskModeRequireVoiceOver = $False + KioskModeRequireZoom = $False + LockScreenBlockControlCenter = $False + LockScreenBlockNotificationView = $False + LockScreenBlockPassbook = $False + LockScreenBlockTodayView = $False + MediaContentRatingApps = 'allAllowed' + messagesBlocked = $False + NotificationsBlockSettingsModification = $False + PasscodeBlockFingerprintUnlock = $False + PasscodeBlockModification = $False + PasscodeBlockSimple = $True + PasscodeMinimumLength = 4 + PasscodeRequired = $True + PasscodeRequiredType = 'deviceDefault' + PodcastsBlocked = $False + SafariBlockAutofill = $False + SafariBlocked = $False + SafariBlockJavaScript = $False + SafariBlockPopups = $False + SafariCookieSettings = 'browserDefault' + SafariManagedDomains = @() + SafariPasswordAutoFillDomains = @() + SafariRequireFraudWarning = $False + ScreenCaptureBlocked = $False + SiriBlocked = $False + SiriBlockedWhenLocked = $False + SiriBlockUserGeneratedContent = $False + SiriRequireProfanityFilter = $False + SpotlightBlockInternetResults = $False + VoiceDialingBlocked = $False + WallpaperBlockModification = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/3-Remove.ps1 new file mode 100644 index 0000000000..99663148fb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyiOS/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Configuration Policy for iOS. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-IntuneDeviceConfigurationScepCertificatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-IntuneDeviceConfigurationScepCertificatePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-Create.ps1 index e9248f4e2a..ad945407c9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-IntuneDeviceConfigurationScepCertificatePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/1-Create.ps1 @@ -41,7 +41,6 @@ Configuration Example } ); HashAlgorithm = "sha2"; - Id = "0b9aef2f-1671-4260-8eb9-3ab3138e176a"; KeySize = "size2048"; KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; KeyUsage = "digitalSignature"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..ee0f026049 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/2-Update.ps1 @@ -0,0 +1,55 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 5; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'dns' + } + ); + DisplayName = "SCEP"; + Ensure = "Present"; + ExtendedKeyUsages = @( + MSFT_MicrosoftGraphextendedKeyUsage{ + ObjectIdentifier = '1.3.6.1.5.5.7.3.2' + Name = 'Client Authentication' + } + ); + HashAlgorithm = "sha2"; + KeySize = "size2048"; + KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; + KeyUsage = "digitalSignature"; + RenewalThresholdPercentage = 30; # Updated Property + ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..721d61cff3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "SCEP"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/1-IntuneDeviceConfigurationSecureAssessmentPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/1-IntuneDeviceConfigurationSecureAssessmentPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/1-Create.ps1 index 116821ece0..8f0c070dfb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/1-IntuneDeviceConfigurationSecureAssessmentPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/1-Create.ps1 @@ -31,7 +31,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Secure Assessment"; Ensure = "Present"; - Id = "b46822c4-48af-422a-960b-92473bee56e0"; LaunchUri = "https://assessment.domain.com"; LocalGuestAccountName = ""; } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..59132497d7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + AllowPrinting = $True; + AllowScreenCapture = $False; # Updated Property + AllowTextSuggestion = $True; + AssessmentAppUserModelId = ""; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigurationAccount = "user@domain.com"; + ConfigurationAccountType = "azureADAccount"; + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Present"; + LaunchUri = "https://assessment.domain.com"; + LocalGuestAccountName = ""; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..3c86881b4c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/1-IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/1-IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/1-Create.ps1 index a7c2b9e2bc..61caf9f43e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/1-IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/1-Create.ps1 @@ -38,7 +38,6 @@ Configuration Example Enabled = $True; Ensure = "Present"; FastFirstSignIn = "notConfigured"; - Id = "e77026f6-707e-417c-ad1a-8e1182d36832"; IdleTimeBeforeSleepInSeconds = 60; LocalStorage = "enabled"; MaintenanceStartTime = "00:03:00"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..c92efad921 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/2-Update.ps1 @@ -0,0 +1,50 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ + CacheAccountsAboveDiskFreePercentage = 60 # Updated Property + AccountDeletionPolicy = 'diskSpaceThreshold' + RemoveAccountsBelowDiskFreePercentage = 20 + }; + AllowedAccounts = @("guest","domain"); + AllowLocalStorage = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisableAccountManager = $False; + DisableEduPolicies = $False; + DisablePowerPolicies = $False; + DisableSignInOnResume = $False; + DisplayName = "Shared Multi device"; + Enabled = $True; + Ensure = "Present"; + FastFirstSignIn = "notConfigured"; + IdleTimeBeforeSleepInSeconds = 60; + LocalStorage = "enabled"; + MaintenanceStartTime = "00:03:00"; + SetAccountManager = "enabled"; + SetEduPolicies = "enabled"; + SetPowerPolicies = "enabled"; + SignInOnResume = "enabled"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..bf6778fad4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Shared Multi device"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/1-IntuneDeviceConfigurationTrustedCertificatePolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/1-IntuneDeviceConfigurationTrustedCertificatePolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/1-Create.ps1 index 061c9cbe5e..f074cf9c75 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/1-IntuneDeviceConfigurationTrustedCertificatePolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/1-Create.ps1 @@ -27,7 +27,6 @@ Configuration Example DestinationStore = "computerCertStoreRoot"; DisplayName = "Trusted Cert"; Ensure = "Present"; - Id = "169bf4fc-5914-40f4-ad33-48c225396183"; TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..9572a0909d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertFileName = "RootNew.cer"; # Updated Property + Credential = $Credscredential; + DestinationStore = "computerCertStoreRoot"; + DisplayName = "Trusted Cert"; + Ensure = "Present"; + TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..f1c6596534 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Trusted Cert"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/1-IntuneDeviceConfigurationVpnPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/1-Create.ps1 similarity index 97% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/1-IntuneDeviceConfigurationVpnPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/1-Create.ps1 index 94c06b7100..1fa1b7d51c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/1-IntuneDeviceConfigurationVpnPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/1-Create.ps1 @@ -43,7 +43,6 @@ Configuration Example EnableSingleSignOnWithAlternateCertificate = $False; EnableSplitTunneling = $False; Ensure = "Present"; - Id = "9f3734d4-eb1e-46dc-b668-2f13bfa572ee"; ProfileTarget = "user"; ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ Port = 8081 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..69242ff63c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/2-Update.ps1 @@ -0,0 +1,78 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AuthenticationMethod = "usernameAndPassword"; + ConnectionName = "Cisco VPN"; + ConnectionType = "ciscoAnyConnect"; + Credential = $Credscredential; + CustomXml = ""; + DisplayName = "VPN"; + DnsRules = @( + MSFT_MicrosoftGraphvpnDnsRule{ + Servers = @('10.0.1.10') + Name = 'NRPT rule' + Persistent = $True + AutoTrigger = $True + } + ); + DnsSuffixes = @("mydomain.com"); + EnableAlwaysOn = $True; + EnableConditionalAccess = $True; + EnableDnsRegistration = $True; + EnableSingleSignOnWithAlternateCertificate = $True; # Updated Property + EnableSplitTunneling = $False; + Ensure = "Present"; + ProfileTarget = "user"; + ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ + Port = 8081 + BypassProxyServerForLocalAddress = $True + AutomaticConfigurationScriptUrl = '' + Address = '10.0.10.100' + }; + RememberUserCredentials = $True; + ServerCollection = @( + MSFT_MicrosoftGraphvpnServer{ + IsDefaultServer = $True + Description = 'gateway1' + Address = '10.0.1.10' + } + ); + TrafficRules = @( + MSFT_MicrosoftGraphvpnTrafficRule{ + Name = 'VPN rule' + AppType = 'none' + LocalAddressRanges = @( + MSFT_MicrosoftGraphIPv4Range{ + UpperAddress = '10.0.2.240' + LowerAddress = '10.0.2.0' + } + ) + RoutingPolicyType = 'forceTunnel' + VpnTrafficDirection = 'outbound' + } + ); + TrustedNetworkDomains = @(); + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..1274c03e79 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationVpnPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "VPN"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-Create.ps1 index eb204fd2d1..e525045cf5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-IntuneDeviceConfigurationWindowsTeamPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/1-Create.ps1 @@ -27,7 +27,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Device restrictions (Windows 10 Team)"; Ensure = "Present"; - Id = "55308358-a4b9-4e26-bc75-7a6871836436"; MaintenanceWindowBlocked = $False; MaintenanceWindowDurationInHours = 1; MaintenanceWindowStartTime = "00:00:00"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..f2c95f9c48 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/2-Update.ps1 @@ -0,0 +1,44 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AzureOperationalInsightsBlockTelemetry = $False; # Updated Property + ConnectAppBlockAutoLaunch = $True; + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Present"; + MaintenanceWindowBlocked = $False; + MaintenanceWindowDurationInHours = 1; + MaintenanceWindowStartTime = "00:00:00"; + MiracastBlocked = $True; + MiracastChannel = "oneHundredFortyNine"; + MiracastRequirePin = $True; + SettingsBlockMyMeetingsAndFiles = $True; + SettingsBlockSessionResume = $True; + SettingsBlockSigninSuggestions = $True; + SupportsScopeTags = $True; + WelcomeScreenBlockAutomaticWakeUp = $True; + WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..99c307e64d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWindowsTeamPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/1-IntuneDeviceConfigurationWiredNetworkPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/1-IntuneDeviceConfigurationWiredNetworkPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/1-Create.ps1 index 3f4f444c93..fbbcf032f7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/1-IntuneDeviceConfigurationWiredNetworkPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/1-Create.ps1 @@ -35,7 +35,6 @@ Configuration Example EapType = 'teap' Enforce8021X = $True Ensure = 'Present' - Id = 'ff8049cd-a1f8-4417-b937-d455a02cce2a' MaximumAuthenticationFailures = 5 MaximumEAPOLStartMessages = 5 SecondaryAuthenticationMethod = 'certificate' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..c7aa68885a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/2-Update.ps1 @@ -0,0 +1,46 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + AuthenticationBlockPeriodInMinutes = 5 + AuthenticationMethod = 'usernameAndPassword' + AuthenticationPeriodInSeconds = 55 # Updated Property + AuthenticationRetryDelayPeriodInSeconds = 5 + AuthenticationType = 'machine' + CacheCredentials = $True + Credential = $Credscredential + DisplayName = 'Wired Network' + EapolStartPeriodInSeconds = 5 + EapType = 'teap' + Enforce8021X = $True + Ensure = 'Present' + MaximumAuthenticationFailures = 5 + MaximumEAPOLStartMessages = 5 + SecondaryAuthenticationMethod = 'certificate' + TrustedServerCertificateNames = @('srv.domain.com') + RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') + SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..bbf5bf4d73 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationWiredNetworkPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Credential = $Credscredential + DisplayName = 'Wired Network' + Ensure = 'Present' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/1-New Device Enrollment Limit Restriction.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/1-New Device Enrollment Limit Restriction.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/2-Update.ps1 new file mode 100644 index 0000000000..a36fb9f5bc --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/2-Update.ps1 @@ -0,0 +1,25 @@ +<# +This example creates a new Device Enrollment Limit Restriction. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' + { + DisplayName = 'My DSC Limit' + Description = 'My Restriction' + Limit = 11 # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-RemoveDeviceCompliancePolicyAndroid.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/3-Remove.ps1 similarity index 58% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-RemoveDeviceCompliancePolicyAndroid.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/3-Remove.ps1 index 5665b172cc..fb00aa8e9b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyAndroid/2-RemoveDeviceCompliancePolicyAndroid.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentLimitRestriction/3-Remove.ps1 @@ -1,5 +1,5 @@ <# -This example removes an existing Device Compliance Policy for iOs devices +This example creates a new Device Enrollment Limit Restriction. #> Configuration Example @@ -13,9 +13,9 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyAndroid 'RemoveDeviceCompliancePolicyAndroid' + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' { - DisplayName = 'Test Android Device Compliance Policy' + DisplayName = 'My DSC Limit' Ensure = 'Absent' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-Create.ps1 index 8d5b536727..d4f86f83bd 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-NewPlatformRestriction.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/1-Create.ps1 @@ -33,7 +33,6 @@ Configuration Example DeviceEnrollmentConfigurationType = "platformRestrictions"; DisplayName = "All users and all devices"; Ensure = "Present"; - Identity = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultPlatformRestrictions"; IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ platformBlocked = $False personalDeviceEnrollmentBlocked = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/2-Update.ps1 new file mode 100644 index 0000000000..199e66794f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/2-Update.ps1 @@ -0,0 +1,62 @@ +<# +This example creates a new Device Enrollment Platform Restriction. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }); + Credential = $Credscredential + Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; + DeviceEnrollmentConfigurationType = "platformRestrictions"; + DisplayName = "All users and all devices"; + Ensure = "Present"; + IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True # Updated Property + personalDeviceEnrollmentBlocked = $False + }; + MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True + personalDeviceEnrollmentBlocked = $False + }; + WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/3-Remove.ps1 new file mode 100644 index 0000000000..bf083ccd97 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentPlatformRestriction/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Enrollment Platform Restriction. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + Credential = $Credscredential + DisplayName = "All users and all devices"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-Create.ps1 similarity index 93% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-Create.ps1 index 92e70ff769..23ecb3cb28 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-New Device Enrollment Status Page Windows 10.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/1-Create.ps1 @@ -31,7 +31,6 @@ Configuration Example DisableUserStatusTrackingAfterFirstUser = $True; DisplayName = "All users and all devices"; Ensure = "Present"; - Id = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultWindows10EnrollmentCompletionPageConfiguration"; InstallProgressTimeoutInMinutes = 60; InstallQualityUpdates = $False; Priority = 0; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/2-Update.ps1 new file mode 100644 index 0000000000..524d3a5343 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/2-Update.ps1 @@ -0,0 +1,43 @@ +<# +This example creates a new Device Enrollment Status Page. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AllowDeviceResetOnInstallFailure = $True; + AllowDeviceUseOnInstallFailure = $False; # Updated Property + AllowLogCollectionOnInstallFailure = $True; + AllowNonBlockingAppInstallation = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + BlockDeviceSetupRetryByUser = $False; + CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; + Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; + DisableUserStatusTrackingAfterFirstUser = $True; + DisplayName = "All users and all devices"; + Ensure = "Present"; + InstallProgressTimeoutInMinutes = 60; + InstallQualityUpdates = $False; + Priority = 0; + SelectedMobileAppIds = @(); + ShowInstallationProgress = $True; + TrackInstallProgressForAutopilotOnly = $True; + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..b9a40e93bd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceEnrollmentStatusPageWindows10/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Device Enrollment Status Page. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + DisplayName = "All users and all devices"; + Ensure = "Absent"; + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-ConfigureIntuneEndpointDetectionAndResponsePolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-Create.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-ConfigureIntuneEndpointDetectionAndResponsePolicyWindows10.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-Create.ps1 index 2165f432fb..b26ac43199 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-ConfigureIntuneEndpointDetectionAndResponsePolicyWindows10.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' { - Identity = 'f6d1d1bc-d78f-4a5a-8f1b-0d95a60b0bc1' DisplayName = 'Edr Policy' Assignments = @() Description = 'My revised description' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..2a8a3a5984 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Assignments = @() + Description = 'My updated description' # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..2d2315e244 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneEndpointDetectionAndResponsePolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/1-ConfigureIntuneExploitProtectionPolicyWindows10SettingCatalog.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/1-Create.ps1 similarity index 98% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/1-ConfigureIntuneExploitProtectionPolicyWindows10SettingCatalog.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/1-Create.ps1 index b5363933a5..8ffa5395d4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/1-ConfigureIntuneExploitProtectionPolicyWindows10SettingCatalog.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' { - Identity = '130539f6-2be7-4dbc-a58e-ed638cadb186' DisplayName = 'exploit Protection policy with assignments' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/2-Update.ps1 new file mode 100644 index 0000000000..c9752c06b4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/2-Update.ps1 @@ -0,0 +1,177 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + }) + Description = '' + disallowexploitprotectionoverride = '1' + exploitprotectionsettings = " + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +" # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/3-Remove.ps1 new file mode 100644 index 0000000000..c9a0cb3563 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneExploitProtectionPolicyWindows10SettingCatalog/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/1-IntunePolicySets-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/1-IntunePolicySets-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/1-Create.ps1 index 714f73da47..2877b370fd 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/1-IntunePolicySets-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/1-Create.ps1 @@ -32,7 +32,6 @@ Configuration Example DisplayName = "Example"; Ensure = "Present"; GuidedDeploymentTags = @(); - Id = "12345678-5678-5678-5678-1234567890ab"; Items = @( MSFT_DeviceManagementConfigurationPolicyItems{ guidedDeploymentTags = @() diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/2-Update.ps1 new file mode 100644 index 0000000000..e7c62ea87b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/2-Update.ps1 @@ -0,0 +1,49 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + Node localhost + { + IntunePolicySets "Example" + { + Credential = $Credscredential; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '12345678-1234-1234-1234-1234567890ab' + } + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '12345678-4321-4321-4321-1234567890ab' + } + ); + Description = "Example"; + DisplayName = "Example"; + Ensure = "Present"; + GuidedDeploymentTags = @(); + Items = @( + MSFT_DeviceManagementConfigurationPolicyItems{ + guidedDeploymentTags = @() + payloadId = 'T_12345678-90ab-90ab-90ab-1234567890ab' + displayName = 'Example-Policy' + dataType = '#microsoft.graph.managedAppProtectionPolicySetItem' + itemType = '#microsoft.graph.androidManagedAppProtection' + } + ); + RoleScopeTags = @("0","1","2"); # Updated Property + } + + } + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/3-Remove.ps1 new file mode 100644 index 0000000000..9203613c8b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntunePolicySets/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + Node localhost + { + IntunePolicySets "Example" + { + Credential = $Credscredential; + DisplayName = "Example"; + Ensure = "Absent"; + } + + } + +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/1-IntuneRoleAssignment.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/1-Create.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/1-IntuneRoleAssignment.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/1-Create.ps1 index cb43ce1f52..90aa706053 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/1-IntuneRoleAssignment.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/1-Create.ps1 @@ -15,7 +15,6 @@ Configuration Example { IntuneRoleAssignment 'IntuneRoleAssignment' { - Id = '20556aad-3d16-465a-890c-cf915ae1cd60' DisplayName = 'test2' Description = 'test2' Members = @('') diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/2-Update.ps1 new file mode 100644 index 0000000000..b0868deef1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/2-Update.ps1 @@ -0,0 +1,31 @@ +<# +This example creates a new Intune Role Assigment. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Description = 'test Updated' # Updated Property + Members = @('') + MembersDisplayNames = @('SecGroup2') + ResourceScopes = @('6eb76881-f56f-470f-be0d-672145d3dcb1') + ResourceScopesDisplayNames = @('') + ScopeType = 'resourceScope' + RoleDefinition = '2d00d0fd-45e9-4166-904f-b76ac5eed2c7' + RoleDefinitionDisplayName = 'This is my role' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/3-Remove.ps1 new file mode 100644 index 0000000000..b59e29c20b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleAssignment/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Intune Role Assigment. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/IntuneRoleDefinition.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/1-Create.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/IntuneRoleDefinition.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/1-Create.ps1 index 2549965229..3085cacc62 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/IntuneRoleDefinition.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/1-Create.ps1 @@ -15,7 +15,6 @@ Configuration Example { IntuneRoleDefinition 'IntuneRoleDefinition' { - Id = 'f84bc63b-a377-4d90-8f4a-1de84d36a429' DisplayName = 'This is my role' allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') Description = 'My role defined by me.' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/2-Update.ps1 new file mode 100644 index 0000000000..c36d49b3c2 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/2-Update.ps1 @@ -0,0 +1,28 @@ +<# +This example creates a new Intune Role Definition. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') + Description = 'My role defined by me.' + IsBuiltIn = $True # Updated Property + notallowedResourceActions = @() + roleScopeTagIds = @('0', '1') + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/3-Remove.ps1 new file mode 100644 index 0000000000..aab7c83949 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneRoleDefinition/3-Remove.ps1 @@ -0,0 +1,23 @@ +<# +This example creates a new Intune Role Definition. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/1-ConfigureIntuneSettingCatalogASRRulesPolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/1-Create.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/1-ConfigureIntuneSettingCatalogASRRulesPolicyWindows10.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/1-Create.ps1 index afb9c98a6c..6661304509 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/1-ConfigureIntuneSettingCatalogASRRulesPolicyWindows10.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' { - Identity = '80d22119-b8cf-466d-bfc5-c2dca1d90f43' DisplayName = 'asr 2' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..0f9a8538f0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + }) + attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') + blockabuseofexploitedvulnerablesigneddrivers = 'enable' # Updated Property + blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' + Description = 'Post' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..94991c08ba --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/1-IntuneSettingCatalogCustomPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/1-Create.ps1 similarity index 98% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/1-IntuneSettingCatalogCustomPolicyWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/1-Create.ps1 index cc69fe9d77..bca184106a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/1-IntuneSettingCatalogCustomPolicyWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/1-Create.ps1 @@ -25,7 +25,6 @@ Configuration Example ); Description = ""; Ensure = "Present"; - Id = "4e300eed-1d37-493e-a680-12988874587g"; Name = "Setting Catalog Raw - DSC"; Platforms = "windows10"; Settings = @( diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..09e976a362 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/2-Update.ps1 @@ -0,0 +1,90 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Description = "Updated Description"; # Updated Property + Ensure = "Present"; + Name = "Setting Catalog Raw - DSC"; + Platforms = "windows10"; + Settings = @( + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration' + simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{ + odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + StringValue = '' + } + odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + ); + Technologies = "mdm"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..c4289f4356 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogCustomPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Ensure = "Absent"; + Name = "Setting Catalog Raw - DSC"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/1-ConfigureIntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/1-ConfigureIntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/1-Create.ps1 index 7734034f39..0877dfa3f7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/1-ConfigureIntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' { - Id = '41869a42-3217-4bfa-9929-92668fc674c5' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { deviceAndAppManagementAssignmentFilterType = 'none' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 new file mode 100644 index 0000000000..60d20b13ba --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $True + DisplayName = 'Wifi Configuration Androind Device' + NetworkName = 'b71f8c63-8140-4c7e-b818-f9b4aa98b79b' + Ssid = 'sf' + WiFiSecurityType = 'wpaEnterprise' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 new file mode 100644 index 0000000000..c1d2c7bf8b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + DisplayName = 'Wifi Configuration Androind Device' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-Create.ps1 index e2b2ffa4db..7d4f7c06dc 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/1-Create.ps1 @@ -17,7 +17,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' { - Id = '7d9c4870-e07f-488a-be17-9e1beec45ac3' DisplayName = 'Wifi - androidForWork' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/2-Update.ps1 new file mode 100644 index 0000000000..1c73cfae8b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'myNetwork' + PreSharedKeyIsSet = $True + ProxySettings = 'none' + Ssid = 'MySSID - 3' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/3-Remove.ps1 new file mode 100644 index 0000000000..b398d434af --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-Create.ps1 index 37b0920a2e..b5277ccc35 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-ConfigureIntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/1-Create.ps1 @@ -17,7 +17,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' { - Id = 'b6c59816-7f9b-4f7a-a2a2-13a29c8bc315' DisplayName = 'wifi - android BYOD' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/2-Update.ps1 new file mode 100644 index 0000000000..d4a11464b2 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'f8b79489-84fc-4434-b964-2a18dfe08f88' + Ssid = 'MySSID' + WiFiSecurityType = 'open' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/3-Remove.ps1 new file mode 100644 index 0000000000..a4fae55f0f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/1-ConfigureIntuneWifiConfigurationPolicyAndroidForWork.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/1-ConfigureIntuneWifiConfigurationPolicyAndroidForWork.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/1-Create.ps1 index c16b163b2f..6dc5eb92cf 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/1-ConfigureIntuneWifiConfigurationPolicyAndroidForWork.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidForWork 'Example' { - Id = '41b6b491-9938-42d1-861a-c41762040ddb' DisplayName = 'AndroindForWork' Description = 'DSC' Assignments = @( diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/2-Update.ps1 new file mode 100644 index 0000000000..cf010c716e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/2-Update.ps1 @@ -0,0 +1,39 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Description = 'DSC' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + deviceAndAppManagementAssignmentFilterType = 'include' + deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' + groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' + collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' + } + ) + ConnectAutomatically = $true # Updated Property + ConnectWhenNetworkNameIsHidden = $true + NetworkName = 'CorpNet' + Ssid = 'WiFi' + WiFiSecurityType = 'wpa2Enterprise' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/3-Remove.ps1 new file mode 100644 index 0000000000..72e2d84c20 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidForWork/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/1-ConfigureIntuneWifiConfigurationPolicyAndroidOpenSourceProject.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/1-Create.ps1 similarity index 93% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/1-ConfigureIntuneWifiConfigurationPolicyAndroidOpenSourceProject.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/1-Create.ps1 index 8d469d9741..603d28a065 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/1-ConfigureIntuneWifiConfigurationPolicyAndroidOpenSourceProject.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' { - Id = 'fe0a93dc-e9cc-4d4b-8dd6-361c51c70f77' DisplayName = 'wifi aosp' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 new file mode 100644 index 0000000000..9422aa2b40 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/2-Update.ps1 @@ -0,0 +1,36 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' + { + DisplayName = 'wifi aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $True + NetworkName = 'Updated Network' # Updated Property + PreSharedKeyIsSet = $True + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 new file mode 100644 index 0000000000..2ed5a3d069 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyAndroidOpenSourceProject/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' + { + DisplayName = 'wifi aosp' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/1-ConfigureIntuneWifiConfigurationPolicyIOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/1-ConfigureIntuneWifiConfigurationPolicyIOS.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/1-Create.ps1 index 411faea6ca..6fec3854e9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/1-ConfigureIntuneWifiConfigurationPolicyIOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' { - Id = '8e809b9e-0032-40b7-b263-e6029daf8e9c' DisplayName = 'ios wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/2-Update.ps1 new file mode 100644 index 0000000000..ab3b58d347 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $True + DisableMacAddressRandomization = $True + NetworkName = 'Updated Network' # Updated Property + ProxyAutomaticConfigurationUrl = 'THSCP.local' + ProxySettings = 'automatic' + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/3-Remove.ps1 new file mode 100644 index 0000000000..e6056c55c1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyIOS/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/1-ConfigureIntuneWifiConfigurationPolicyMacOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/1-ConfigureIntuneWifiConfigurationPolicyMacOS.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/1-Create.ps1 index 625775e213..037bf0fae7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/1-ConfigureIntuneWifiConfigurationPolicyMacOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' { - Id = 'cad22363-785b-4820-9909-28d5f35048c2' DisplayName = 'macos wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/2-Update.ps1 new file mode 100644 index 0000000000..05a5c2e3cf --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $False # Updated Property + NetworkName = 'ea1cf5d7-8d3e-40ca-9cb8-b8c8a4c6170b' + ProxyAutomaticConfigurationUrl = 'AZ500PrivateEndpoint22' + ProxySettings = 'automatic' + Ssid = 'aaaaaaaaaaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/3-Remove.ps1 new file mode 100644 index 0000000000..4034a8c8cb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyMacOS/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/1-ConfigureIntuneWifiConfigurationPolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/1-ConfigureIntuneWifiConfigurationPolicyWindows10.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/1-Create.ps1 index 1ed68e70c9..4d23fef70a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/1-ConfigureIntuneWifiConfigurationPolicyWindows10.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' { - Id = '2273c683-7590-4c56-81d3-14adb6b3d19c' DisplayName = 'win10 wifi - revised' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/2-Update.ps1 new file mode 100644 index 0000000000..5c6fca22a6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/2-Update.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectToPreferredNetwork = $False # Updated Property + ConnectWhenNetworkNameIsHidden = $True + ForceFIPSCompliance = $True + MeteredConnectionLimit = 'fixed' + NetworkName = 'MyWifi' + ProxyAutomaticConfigurationUrl = 'https://proxy.contoso.com' + ProxySetting = 'automatic' + Ssid = 'ssid' + WifiSecurityType = 'wpa2Personal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..e5b8d15dce --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWifiConfigurationPolicyWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-Create.ps1 index 06438e0b37..27d64d06bc 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/1-Create.ps1 @@ -26,7 +26,6 @@ Configuration Example Ensure = "Present"; ExtractHardwareHash = $False; HybridAzureADJoinSkipConnectivityCheck = $True; - Id = "36b4d209-c9af-487f-8cf2-8397cefbc29a"; Language = "os-default"; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ HideEULA = $True diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/2-Update.ps1 new file mode 100644 index 0000000000..4671894531 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/2-Update.ps1 @@ -0,0 +1,40 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Assignments = @(); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = ""; + DeviceType = "windowsPc"; + DisplayName = "hybrid"; + EnableWhiteGlove = $False; # Updated Property + Ensure = "Present"; + ExtractHardwareHash = $False; + HybridAzureADJoinSkipConnectivityCheck = $True; + Language = "os-default"; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $False + UserType = 'standard' + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/3-Remove.ps1 new file mode 100644 index 0000000000..46253c4281 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Credential = $Credscredential; + DisplayName = "hybrid"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-Create.ps1 similarity index 95% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-Create.ps1 index e4dc75584f..a3c50bf3d7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-IntuneWindowsAutopilotDeploymentProfileAzureADJoined-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/1-Create.ps1 @@ -30,7 +30,6 @@ Configuration Example EnableWhiteGlove = $True; Ensure = "Present"; ExtractHardwareHash = $True; - Id = "30914319-d49b-46da-b054-625d933c5769"; Language = ""; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ HideEULA = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/2-Update.ps1 new file mode 100644 index 0000000000..a57c990e65 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/2-Update.ps1 @@ -0,0 +1,44 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = "test"; + DeviceType = "windowsPc"; + DisplayName = "AAD"; + EnableWhiteGlove = $False; # Updated Property + Ensure = "Present"; + ExtractHardwareHash = $True; + Language = ""; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ + HideEULA = $False + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/3-Remove.ps1 new file mode 100644 index 0000000000..436ac5c650 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsAutopilotDeploymentProfileAzureADJoined/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Credential = $Credscredential; + DisplayName = "AAD"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/1-IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/1-IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/1-Create.ps1 index c5d730ef36..dd3eb15de7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/1-IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' { - Id = 'M_5c927889-a683-4588-afdb-4c90aa5e7e93' DisplayName = 'WIP' AzureRightsManagementServicesAllowed = $False Description = 'DSC' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/2-Update.ps1 new file mode 100644 index 0000000000..4c921dd3d9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/2-Update.ps1 @@ -0,0 +1,56 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + AzureRightsManagementServicesAllowed = $False + Description = 'DSC' + EnforcementLevel = 'encryptAndAuditOnly' + EnterpriseDomain = 'domain.com' # Updated Property + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection { + DisplayName = 'ipv4 range' + Ranges = @( + MSFT_MicrosoftGraphIpRange { + UpperAddress = '1.1.1.3' + LowerAddress = '1.1.1.1' + odataType = '#microsoft.graph.iPv4Range' + } + ) + } + ) + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + IconsVisible = $False + IndexingEncryptedStoresOrItemsBlocked = $False + ProtectedApps = @( + MSFT_MicrosoftGraphwindowsInformationProtectionApp { + Description = 'Microsoft.MicrosoftEdge' + odataType = '#microsoft.graph.windowsInformationProtectionStoreApp' + Denied = $False + PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' + ProductName = 'Microsoft.MicrosoftEdge' + DisplayName = 'Microsoft Edge' + } + ) + ProtectionUnderLockConfigRequired = $False + RevokeOnUnenrollDisabled = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/3-Remove.ps1 new file mode 100644 index 0000000000..3739185cd6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/1-Create.ps1 similarity index 92% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/1-Create.ps1 index d58ad26d5e..bda5ac792b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' { - Id = 'b5d1020d-f641-42a0-a882-82f3358bf4c5' DisplayName = 'WUfB Feature -dsc' Assignments = @() Description = 'test 2' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/2-Update.ps1 new file mode 100644 index 0000000000..80dd2d592d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/2-Update.ps1 @@ -0,0 +1,30 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Feature -dsc' + Assignments = @() + Description = 'test 2' + FeatureUpdateVersion = 'Windows 10, version 22H2' + RolloutSettings = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings { + OfferStartDateTimeInUTC = '2023-02-05T16:00:00.0000000+00:00' # Updated Property + } + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-RemoveDeviceCompliancePolicyMacOS.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/3-Remove.ps1 similarity index 54% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-RemoveDeviceCompliancePolicyMacOS.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/3-Remove.ps1 index ed248e2991..3eeeb73752 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceCompliancePolicyMacOS/2-RemoveDeviceCompliancePolicyMacOS.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10/3-Remove.ps1 @@ -1,5 +1,6 @@ <# -This example removes an existing Device Compliance Policy for MacOS devices +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. #> Configuration Example @@ -13,9 +14,9 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyMacOS 'RemoveDeviceCompliancePolicyMacOS' + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' { - DisplayName = 'Demo MacOS Device Compliance Policy' + DisplayName = 'WUfB Feature -dsc' Ensure = 'Absent' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-Create.ps1 similarity index 97% rename from Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-Create.ps1 index 40c02962c2..e93eba2279 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' { - Id = 'f2a9a546-6087-45b9-81da-59994e79dfd2' DisplayName = 'WUfB Ring' AllowWindows11Upgrade = $False Assignments = @( diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/2-Update.ps1 new file mode 100644 index 0000000000..3cb0ebeb9d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/2-Update.ps1 @@ -0,0 +1,62 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + AllowWindows11Upgrade = $True # Updated Property + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + AutomaticUpdateMode = 'autoInstallAtMaintenanceTime' + AutoRestartNotificationDismissal = 'notConfigured' + BusinessReadyUpdatesOnly = 'userDefined' + DeadlineForFeatureUpdatesInDays = 1 + DeadlineForQualityUpdatesInDays = 2 + DeadlineGracePeriodInDays = 3 + DeliveryOptimizationMode = 'userDefined' + Description = '' + DriversExcluded = $False + FeatureUpdatesDeferralPeriodInDays = 0 + FeatureUpdatesPaused = $False + FeatureUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackWindowInDays = 10 + InstallationSchedule = MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType { + ActiveHoursStart = '08:00:00' + ActiveHoursEnd = '17:00:00' + odataType = '#microsoft.graph.windowsUpdateActiveHoursInstall' + } + MicrosoftUpdateServiceAllowed = $True + PostponeRebootUntilAfterDeadline = $False + PrereleaseFeatures = 'userDefined' + QualityUpdatesDeferralPeriodInDays = 0 + QualityUpdatesPaused = $False + QualityUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + QualityUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + SkipChecksBeforeRestart = $False + UpdateNotificationLevel = 'defaultNotifications' + UserPauseAccess = 'enabled' + UserWindowsUpdateScanAccess = 'enabled' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..4ebc935536 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} From 7fd518c9cd596a27c123c508ee14323f0a514a88 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 14 Dec 2023 17:31:05 -0500 Subject: [PATCH 07/58] Fixes --- .../Resources/IntuneASRRulesPolicyWindows10/2-Update.ps1 | 2 +- .../2-Update.ps1 | 2 +- .../2-Update.ps1 | 2 +- .../2-Update.ps1 | 2 +- .../IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/2-Update.ps1 index b2af14a165..67a96b5a2d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneASRRulesPolicyWindows10/2-Update.ps1 @@ -33,7 +33,7 @@ Configuration Example OfficeCommunicationAppsLaunchChildProcess = 'auditMode' OfficeMacroCodeAllowWin32ImportsType = 'block' PreventCredentialStealingType = 'enable' - ProcessCreationType = 'enable' # Updated Property + ProcessCreationType = 'userDefined' # Updated Property ScriptDownloadedPayloadExecutionType = 'block' ScriptObfuscatedMacroCodeType = 'block' UntrustedExecutableType = 'block' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 index efaa104596..f11d5e17b6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/2-Update.ps1 @@ -17,7 +17,7 @@ Configuration Example IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' { DisplayName = 'asr ConfigMgr' - blockadobereaderfromcreatingchildprocesses = "enable"; # Updated Property + blockadobereaderfromcreatingchildprocesses = "audit"; # Updated Property Description = 'My revised description' Ensure = 'Present' Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 index ba1f650fdd..cc9e0d0351 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/2-Update.ps1 @@ -137,7 +137,7 @@ Configuration Example Description = '' DisplayName = 'admin template' Ensure = 'Present' - PolicyConfigurationIngestionType = 'block' # Updated Property + PolicyConfigurationIngestionType = 'builtIn' # Updated Property } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 index ed2c28bad3..8cd74170a9 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10/2-Update.ps1 @@ -25,7 +25,7 @@ Configuration Example Bluetooth = "notConfigured"; BootFromBuiltInNetworkAdapters = "notConfigured"; BootFromExternalMedia = "notConfigured"; - Cameras = "block"; # Updated Property + Cameras = "enabled"; # Updated Property ChangeUefiSettingsPermission = "notConfiguredOnly"; Credential = $Credscredential; DisplayName = "firmware"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 index 0f9a8538f0..84f42fcb01 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' }) attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') - blockabuseofexploitedvulnerablesigneddrivers = 'enable' # Updated Property + blockabuseofexploitedvulnerablesigneddrivers = 'userDefined' # Updated Property blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' Description = 'Post' Ensure = 'Present' From 0d0bb1edfb551d2eb2eb7a0ceec78eb6f10d2333 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 14 Dec 2023 19:24:15 -0500 Subject: [PATCH 08/58] Update 2-Update.ps1 --- .../IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 index 84f42fcb01..e01b744a61 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSettingCatalogASRRulesPolicyWindows10/2-Update.ps1 @@ -23,7 +23,7 @@ Configuration Example dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' }) attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') - blockabuseofexploitedvulnerablesigneddrivers = 'userDefined' # Updated Property + blockabuseofexploitedvulnerablesigneddrivers = 'audit' # Updated Property blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' Description = 'Post' Ensure = 'Present' From 90646b66d50035b34449664e27693349a32804d0 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 15 Dec 2023 00:43:19 +0000 Subject: [PATCH 09/58] Updated Resources and Cmdlet documentation pages --- .../intune/IntuneASRRulesPolicyWindows10.md | 76 ++++- ...ocalAdministratorPasswordSolutionPolicy.md | 71 +++- ...rotectionLocalUserGroupMembershipPolicy.md | 70 +++- .../intune/IntuneAccountProtectionPolicy.md | 63 +++- ...eAntivirusPolicyWindows10SettingCatalog.md | 65 +++- .../intune/IntuneAppConfigurationPolicy.md | 69 +++- .../IntuneAppProtectionPolicyAndroid.md | 79 ++++- .../intune/IntuneAppProtectionPolicyiOS.md | 78 ++++- ...IntuneApplicationControlPolicyWindows10.md | 61 ++++ ...uctionRulesPolicyWindows10ConfigManager.md | 59 +++- ...eDeviceAndAppManagementAssignmentFilter.md | 55 ++++ .../resources/intune/IntuneDeviceCategory.md | 53 +++ .../intune/IntuneDeviceCleanupRule.md | 2 +- .../IntuneDeviceCompliancePolicyAndroid.md | 56 +++- ...eviceCompliancePolicyAndroidDeviceOwner.md | 72 ++++- ...eviceCompliancePolicyAndroidWorkProfile.md | 56 +++- .../IntuneDeviceCompliancePolicyMacOS.md | 54 +++- .../IntuneDeviceCompliancePolicyWindows10.md | 69 +++- .../intune/IntuneDeviceCompliancePolicyiOs.md | 53 ++- ...onAdministrativeTemplatePolicyWindows10.md | 174 +++++++++- ...eviceConfigurationCustomPolicyWindows10.md | 82 ++++- ...derForEndpointOnboardingPolicyWindows10.md | 65 +++- ...tionDeliveryOptimizationPolicyWindows10.md | 89 ++++- ...eConfigurationDomainJoinPolicyWindows10.md | 66 +++- ...onfigurationEmailProfilePolicyWindows10.md | 70 +++- ...rationEndpointProtectionPolicyWindows10.md | 277 +++++++++++++++- ...urationFirmwareInterfacePolicyWindows10.md | 83 ++++- ...hMonitoringConfigurationPolicyWindows10.md | 64 +++- ...rationIdentityProtectionPolicyWindows10.md | 76 ++++- ...onImportedPfxCertificatePolicyWindows10.md | 68 +++- ...DeviceConfigurationKioskPolicyWindows10.md | 98 +++++- ...igurationNetworkBoundaryPolicyWindows10.md | 77 ++++- ...igurationPkcsCertificatePolicyWindows10.md | 78 ++++- ...urationPolicyAndroidDeviceAdministrator.md | 109 ++++++- ...ceConfigurationPolicyAndroidDeviceOwner.md | 95 +++++- ...igurationPolicyAndroidOpenSourceProject.md | 66 +++- ...ceConfigurationPolicyAndroidWorkProfile.md | 72 +++++ .../IntuneDeviceConfigurationPolicyMacOS.md | 146 ++++++++- ...ntuneDeviceConfigurationPolicyWindows10.md | 303 +++++++++++++++++- .../IntuneDeviceConfigurationPolicyiOS.md | 160 ++++++++- ...igurationScepCertificatePolicyWindows10.md | 86 ++++- ...gurationSecureAssessmentPolicyWindows10.md | 69 +++- ...urationSharedMultiDevicePolicyWindows10.md | 81 ++++- ...rationTrustedCertificatePolicyWindows10.md | 64 +++- ...neDeviceConfigurationVpnPolicyWindows10.md | 109 ++++++- ...ConfigurationWindowsTeamPolicyWindows10.md | 75 ++++- ...onfigurationWiredNetworkPolicyWindows10.md | 77 ++++- .../IntuneDeviceEnrollmentLimitRestriction.md | 54 ++++ ...tuneDeviceEnrollmentPlatformRestriction.md | 92 +++++- ...tuneDeviceEnrollmentStatusPageWindows10.md | 73 ++++- ...ointDetectionAndResponsePolicyWindows10.md | 57 +++- ...ProtectionPolicyWindows10SettingCatalog.md | 208 +++++++++++- .../docs/resources/intune/IntunePolicySets.md | 85 ++++- .../resources/intune/IntuneRoleAssignment.md | 61 +++- .../resources/intune/IntuneRoleDefinition.md | 58 +++- ...neSettingCatalogASRRulesPolicyWindows10.md | 68 +++- ...tuneSettingCatalogCustomPolicyWindows10.md | 121 ++++++- ...urationPolicyAndroidDeviceAdministrator.md | 66 +++- ...ationPolicyAndroidEnterpriseDeviceOwner.md | 70 +++- ...ationPolicyAndroidEnterpriseWorkProfile.md | 69 +++- ...neWifiConfigurationPolicyAndroidForWork.md | 70 +++- ...igurationPolicyAndroidOpenSourceProject.md | 67 +++- .../IntuneWifiConfigurationPolicyIOS.md | 69 +++- .../IntuneWifiConfigurationPolicyMacOS.md | 68 +++- .../IntuneWifiConfigurationPolicyWindows10.md | 71 +++- ...lotDeploymentProfileAzureADHybridJoined.md | 71 +++- ...AutopilotDeploymentProfileAzureADJoined.md | 75 ++++- ...ionProtectionPolicyWindows10MdmEnrolled.md | 87 ++++- ...orBusinessFeatureUpdateProfileWindows10.md | 61 +++- ...teForBusinessRingUpdateProfileWindows10.md | 93 +++++- 70 files changed, 5742 insertions(+), 112 deletions(-) diff --git a/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md b/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md index 4ef85eabbc..110a8d8a55 100644 --- a/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneASRRulesPolicyWindows10.md @@ -102,7 +102,6 @@ Configuration Example { IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' { - Identity = '1902b7f6-ac2c-4c00-bc17-8ada967cc6a8' DisplayName = 'test' AdditionalGuardedFolders = @() AdobeReaderLaunchChildProcess = 'auditMode' @@ -132,3 +131,78 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + AdditionalGuardedFolders = @() + AdobeReaderLaunchChildProcess = 'auditMode' + AdvancedRansomewareProtectionType = 'enable' + Assignments = @() + AttackSurfaceReductionExcludedPaths = @('c:\Novo') + BlockPersistenceThroughWmiType = 'auditMode' + Description = '' + EmailContentExecutionType = 'auditMode' + GuardedFoldersAllowedAppPaths = @() + GuardMyFoldersType = 'enable' + OfficeAppsExecutableContentCreationOrLaunchType = 'block' + OfficeAppsLaunchChildProcessType = 'auditMode' + OfficeAppsOtherProcessInjectionType = 'block' + OfficeCommunicationAppsLaunchChildProcess = 'auditMode' + OfficeMacroCodeAllowWin32ImportsType = 'block' + PreventCredentialStealingType = 'enable' + ProcessCreationType = 'userDefined' # Updated Property + ScriptDownloadedPayloadExecutionType = 'block' + ScriptObfuscatedMacroCodeType = 'block' + UntrustedExecutableType = 'block' + UntrustedUSBProcessType = 'block' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.md b/docs/docs/resources/intune/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.md index 3a996ae17b..c95b46240f 100644 --- a/docs/docs/resources/intune/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.md +++ b/docs/docs/resources/intune/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | Identity of the account protection local administrator password solution policy. | | -| **DisplayName** | Required | String | Display name of the account protection local administrator password solution policy. | | +| **Identity** | Write | String | Identity of the account protection local administrator password solution policy. | | +| **DisplayName** | Key | String | Display name of the account protection local administrator password solution policy. | | | **Description** | Write | String | Description of the account protection local administrator password solution policy. | | | **Assignments** | Write | MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments[] | Assignments of the account protection local administrator password solution policy. | | | **BackupDirectory** | Write | UInt32 | Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD | `0`, `1`, `2` | @@ -93,7 +93,6 @@ Configuration Example { IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "My Account Protection LAPS Policy" { - Identity = "cb0a561b-7677-46fb-a7f8-635cf64660e9"; DisplayName = "Account Protection LAPS Policy"; Description = "My revised description"; Ensure = "Present"; @@ -113,3 +112,69 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "My Account Protection LAPS Policy" + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @( + MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackupDirectory = "1"; + PasswordAgeDays_AAD = 15; # Updated Property + AdministratorAccountName = "Administrator"; + PasswordAgeDays = 20; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy "My Account Protection LAPS Policy" + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Absent"; + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAccountProtectionLocalUserGroupMembershipPolicy.md b/docs/docs/resources/intune/IntuneAccountProtectionLocalUserGroupMembershipPolicy.md index 0d2b5d029d..0cc155a6f4 100644 --- a/docs/docs/resources/intune/IntuneAccountProtectionLocalUserGroupMembershipPolicy.md +++ b/docs/docs/resources/intune/IntuneAccountProtectionLocalUserGroupMembershipPolicy.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | Identity of the account protection policy. | | -| **DisplayName** | Required | String | Display name of the account protection rules policy. | | +| **Identity** | Write | String | Identity of the account protection policy. | | +| **DisplayName** | Key | String | Display name of the account protection rules policy. | | | **Description** | Write | String | Description of the account protection rules policy. | | | **Assignments** | Write | MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments[] | Assignments of the Intune Policy. | | | **LocalUserGroupCollection** | Write | MSFT_IntuneAccountProtectionLocalUserGroupCollection[] | Local User Group Collections of the Intune Policy. | | @@ -94,7 +94,6 @@ Configuration Example { IntuneAccountProtectionLocalUserGroupMembershipPolicy "My Account Protection Local User Group Membership Policy" { - Identity = "cb0a561b-7677-46fb-a7f8-635cf64660e9"; DisplayName = "Account Protection LUGM Policy"; Description = "My revised description"; Ensure = "Present"; @@ -118,3 +117,68 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalUserGroupMembershipPolicy "My Account Protection Local User Group Membership Policy" + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @(); # Updated Property + LocalUserGroupCollection = @( + MSFT_IntuneAccountProtectionLocalUserGroupCollection{ + LocalGroups = @('administrators', 'users') + Members = @('S-1-12-1-1167842105-1150511762-402702254-1917434032') + Action = 'add_update' + UserSelectionType = 'users' + } + ); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionLocalUserGroupMembershipPolicy "My Account Protection Local User Group Membership Policy" + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Absent"; + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md b/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md index 830672c46a..c9358fc50d 100644 --- a/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md +++ b/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | Identity of the account protection policy. | | -| **DisplayName** | Required | String | Display name of the account protection rules policy. | | +| **Identity** | Write | String | Identity of the account protection policy. | | +| **DisplayName** | Key | String | Display name of the account protection rules policy. | | | **Description** | Write | String | Description of the account protection rules policy. | | | **Assignments** | Write | MSFT_IntuneAccountProtectionPolicyAssignments[] | Assignments of the Intune Policy. | | | **WindowsHelloForBusinessBlocked** | Write | String | Block Windows Hello for Business. | `notConfigured`, `true`, `false` | @@ -97,7 +97,6 @@ Configuration Example { IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' { - Identity = '355e88e2-dd1f-4956-bafe-9000d8267ad5' DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" WindowsHelloForBusinessBlocked = $true @@ -110,3 +109,61 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" + WindowsHelloForBusinessBlocked = $true + PinMinimumLength = 10 # Updated Property + PinSpecialCharactersUsage = 'required' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md index 9ac12462fa..58611cefa6 100644 --- a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md @@ -145,7 +145,6 @@ Configuration Example { IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' { - Identity = 'd64d4ab7-d0ac-4157-8823-a9db57b47cf1' DisplayName = 'av exclusions' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -164,3 +163,67 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }) + Description = '' + excludedextensions = @('.exe') + excludedpaths = @('c:\folders\', 'c:\folders2\') + excludedprocesses = @('processes.exe', 'process3.exe') # Updated Property + templateId = '45fea5e9-280d-4da1-9792-fb5736da0ca9_1' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md b/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md index 4a1428918e..4e60a0ee8f 100644 --- a/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md +++ b/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md @@ -89,10 +89,23 @@ Configuration Example { IntuneAppConfigurationPolicy 'AddAppConfigPolicy' { - DisplayName = 'ContosoNew' - Description = 'New Contoso Policy' + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'Test' + value = 'TestValue' + }); Ensure = 'Present' - Credential = $Credscredential } } } @@ -100,7 +113,7 @@ Configuration Example ### Example 2 -This example removes an existing App Configuration Policy. +This example creates a new App Configuration Policy. ```powershell Configuration Example @@ -114,12 +127,52 @@ Configuration Example node localhost { - IntuneAppConfigurationPolicy 'RemoveAppConfigPolicy' + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' { - DisplayName = 'ContosoOld' - Description = 'Old Contoso Policy' + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { # Updated Property + name = 'Test2' + value = 'TestValue2' + }); + Ensure = 'Present' + } + } +} +``` + +### Example 3 + +This example creates a new App Configuration Policy. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' + { + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; Ensure = 'Absent' - Credential = $Credscredential } } } diff --git a/docs/docs/resources/intune/IntuneAppProtectionPolicyAndroid.md b/docs/docs/resources/intune/IntuneAppProtectionPolicyAndroid.md index 42722cb98d..1bd6403d24 100644 --- a/docs/docs/resources/intune/IntuneAppProtectionPolicyAndroid.md +++ b/docs/docs/resources/intune/IntuneAppProtectionPolicyAndroid.md @@ -115,13 +115,11 @@ Configuration Example AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' AllowedOutboundDataTransferDestinations = 'managedApps' Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') ContactSyncBlocked = $false DataBackupBlocked = $false Description = '' DeviceComplianceRequired = $True DisableAppPinIfDevicePinIsSet = $True - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') FingerprintBlocked = $False ManagedBrowserToOpenLinksRequired = $True MaximumPinRetries = 5 @@ -139,3 +137,80 @@ Configuration Example ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $true # Updated Property + DataBackupBlocked = $false + Description = '' + DeviceComplianceRequired = $True + DisableAppPinIfDevicePinIsSet = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $false + PinRequired = $True + PrintBlocked = $True + SaveAsBlocked = $True + SimplePinBlocked = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} + +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} + +``` + diff --git a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md index 93b7f7c7c4..91cffef9fd 100644 --- a/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md +++ b/docs/docs/resources/intune/IntuneAppProtectionPolicyiOS.md @@ -115,7 +115,6 @@ Configuration Example { IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { - Identity = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' @@ -123,12 +122,10 @@ Configuration Example AllowedOutboundDataTransferDestinations = 'managedApps' AppDataEncryptionType = 'whenDeviceLocked' Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') ContactSyncBlocked = $False DataBackupBlocked = $False Description = '' DeviceComplianceRequired = $True - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') FingerprintBlocked = $False ManagedBrowserToOpenLinksRequired = $True MaximumPinRetries = 5 @@ -149,3 +146,78 @@ Configuration Example } ``` +### Example 2 + +This example creates a new App ProtectionPolicy for iOS. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 7 # Updated Property + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodOfflineBeforeAccessCheck = 'PT12H' + PeriodOfflineBeforeWipeIsEnforced = 'P90D' + PeriodOnlineBeforeAccessCheck = 'PT30M' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new App ProtectionPolicy for iOS. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneApplicationControlPolicyWindows10.md b/docs/docs/resources/intune/IntuneApplicationControlPolicyWindows10.md index 6376ac0eb2..e9b8c3333c 100644 --- a/docs/docs/resources/intune/IntuneApplicationControlPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneApplicationControlPolicyWindows10.md @@ -96,3 +96,64 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + AppLockerApplicationControl = 'enforceComponentsAndStoreApps' + SmartScreenBlockOverrideForFiles = $False # Updated Property + SmartScreenEnableInShell = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md b/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md index 1b31fc6ced..20cd13038f 100644 --- a/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md +++ b/docs/docs/resources/intune/IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.md @@ -104,9 +104,8 @@ Configuration Example { IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' { - Identity = 'f6d1d1bc-d78f-4a5a-8f1b-0d95a60b0bc1' DisplayName = 'asr ConfigMgr' - Assignments = @() + blockadobereaderfromcreatingchildprocesses = "block"; Description = 'My revised description' Ensure = 'Present' Credential = $Credscredential @@ -115,3 +114,59 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + blockadobereaderfromcreatingchildprocesses = "audit"; # Updated Property + Description = 'My revised description' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md b/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md index bc83232661..3103693be7 100644 --- a/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md +++ b/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md @@ -81,3 +81,58 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Device and App Management Assignment Filter. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $intuneAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Description = 'This is a new Filter' + Platform = 'windows10AndLater' + Rule = "(device.manufacturer -ne `"Apple`")" # Updated Property + Ensure = 'Present' + Credential = $intuneAdmin + } + } +} +``` + +### Example 3 + +This example creates a new Device and App Management Assignment Filter. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $intuneAdmin + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Ensure = 'Absent' + Credential = $intuneAdmin + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceCategory.md b/docs/docs/resources/intune/IntuneDeviceCategory.md index 4b617798e4..271cc62419 100644 --- a/docs/docs/resources/intune/IntuneDeviceCategory.md +++ b/docs/docs/resources/intune/IntuneDeviceCategory.md @@ -74,3 +74,56 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Device Category. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCategory 'ConfigureDeviceCategory' + { + DisplayName = 'Contoso' + Description = 'Contoso Category - Updated' # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Category. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCategory 'ConfigureDeviceCategory' + { + DisplayName = 'Contoso' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceCleanupRule.md b/docs/docs/resources/intune/IntuneDeviceCleanupRule.md index 3a9d963656..c0d17226b6 100644 --- a/docs/docs/resources/intune/IntuneDeviceCleanupRule.md +++ b/docs/docs/resources/intune/IntuneDeviceCleanupRule.md @@ -68,7 +68,7 @@ Configuration Example { Enabled = $true IsSingleInstance = 'Yes' - DeviceInactivityBeforeRetirementInDays = 30 + DeviceInactivityBeforeRetirementInDays = 25 # Updated Property Ensure = 'Present' Credential = $Credscredential } diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroid.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroid.md index a33c1fb241..5ad64b0623 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroid.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroid.md @@ -301,7 +301,53 @@ Configuration Example ### Example 2 -This example removes an existing Device Compliance Policy for iOs devices +This example creates a new Device Compliance Policy for Android devices + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' + { + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + osMinimumVersion = '7' + PasswordExpirationDays = 90 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 10 + PasswordRequired = $True + PasswordRequiredType = 'deviceDefault' + SecurityBlockJailbrokenDevices = $False + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Compliance Policy for Android devices ```powershell Configuration Example @@ -315,11 +361,11 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyAndroid 'RemoveDeviceCompliancePolicyAndroid' + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' { - DisplayName = 'Test Android Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Test Policy' + Ensure = 'Absent' + Credential = $Credscredential } } } diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidDeviceOwner.md index 308fa18d51..6639f5147b 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidDeviceOwner.md @@ -241,25 +241,85 @@ Configuration Example ### Example 2 -This example removes an existing Device Compliance Policy for Android Device Owner devices +This example creates a new Device Compliance Policy for Android Device Owner devices ```powershell Configuration Example { - param( + param + ( [Parameter(Mandatory = $true)] [PSCredential] $Credscredential ) + Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'RemoveAndroidDeviceCompliancePolicyOwner' + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' { - DisplayName = 'DeviceOwnerPolicy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 8 # Updated Property + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Compliance Policy for Android Device Owner devices + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + { + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 8 # Updated Property + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential } } } diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidWorkProfile.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidWorkProfile.md index 9df58bf12b..db1bebb3d3 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidWorkProfile.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyAndroidWorkProfile.md @@ -251,7 +251,7 @@ Configuration Example ### Example 2 -This example removes an existing Device Compliance Policy for iOs devices +This example creates a new Device Compliance Policy for iOs devices ```powershell Configuration Example @@ -259,17 +259,61 @@ Configuration Example param( [Parameter(Mandatory = $true)] [PSCredential] - $credsGlobbaAdminlAdmin + $Credscredential ) Import-DscResource -ModuleName Microsoft365DSC node localhost { - IntuneDeviceCompliancePolicyAndroidWorkProfile 'RemoveDeviceCompliancePolicyAndroidWorkProfile' + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' { - DisplayName = 'Test Android Work Profile Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + PasswordExpirationDays = 90 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordRequired = $True + PasswordRequiredType = 'numericComplex' + SecurityBlockJailbrokenDevices = $True + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Compliance Policy for iOs devices + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' + { + DisplayName = 'Test Policy' + Ensure = 'Absent' + Credential = $Credscredential } } } diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyMacOS.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyMacOS.md index 4209ed459f..e54ef4d18d 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyMacOS.md @@ -208,7 +208,51 @@ Configuration Example ### Example 2 -This example removes an existing Device Compliance Policy for MacOS devices +This example creates a new Device Comliance Policy for MacOS. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' + { + DisplayName = 'MacOS DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordExpirationDays = 365 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'DeviceDefault' + OsMinimumVersion = 10 + OsMaximumVersion = 13 + SystemIntegrityProtectionEnabled = $False + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'Unavailable' + StorageRequireEncryption = $False + FirewallEnabled = $False + FirewallBlockAllIncoming = $False + FirewallEnableStealthMode = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Comliance Policy for MacOS. ```powershell Configuration Example @@ -222,11 +266,11 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyMacOS 'RemoveDeviceCompliancePolicyMacOS' + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' { - DisplayName = 'Demo MacOS Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'MacOS DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential } } } diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md index 8d59130cbd..a0ff478721 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyWindows10.md @@ -339,7 +339,7 @@ Configuration Example ### Example 2 -This example removes an existing Device Compliance Policy for MacOS devices +This example creates a new Device Comliance Policy for Windows. ```powershell Configuration Example @@ -353,11 +353,70 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyWindows10 'RemoveDeviceCompliancePolicyWindows10' + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' { - DisplayName = 'Demo Windows 10 Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Windows 10 DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordRequiredToUnlockFromIdle = $True + PasswordMinutesOfInactivityBeforeLock = 15 + PasswordExpirationDays = 365 + PasswordMinimumLength = 8 # Updated Property + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'Devicedefault' + RequireHealthyDeviceReport = $True + OsMinimumVersion = 10 + OsMaximumVersion = 10.19 + MobileOsMinimumVersion = 10 + MobileOsMaximumVersion = 10.19 + EarlyLaunchAntiMalwareDriverEnabled = $False + BitLockerEnabled = $False + SecureBootEnabled = $True + CodeIntegrityEnabled = $True + StorageRequireEncryption = $True + ActiveFirewallRequired = $True + DefenderEnabled = $True + DefenderVersion = '' + SignatureOutOfDate = $True + RtpEnabled = $True + AntivirusRequired = $True + AntiSpywareRequired = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'Medium' + ConfigurationManagerComplianceRequired = $False + TPMRequired = $False + deviceCompliancePolicyScript = $null + ValidOperatingSystemBuildRanges = @() + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Comliance Policy for Windows. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' + { + DisplayName = 'Windows 10 DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential } } } diff --git a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyiOs.md b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyiOs.md index b9a6f53451..1a3989f003 100644 --- a/docs/docs/resources/intune/IntuneDeviceCompliancePolicyiOs.md +++ b/docs/docs/resources/intune/IntuneDeviceCompliancePolicyiOs.md @@ -135,7 +135,7 @@ Configuration Example ### Example 2 -This example removes an existing Device Compliance Policy for iOs devices +This example creates a new Device Compliance Policy for iOs devices ```powershell Configuration Example @@ -149,11 +149,54 @@ Configuration Example node localhost { - IntuneDeviceCompliancePolicyiOs 'RemoveDeviceCompliancePolicyiOS' + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' { - DisplayName = 'Demo iOS Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Test iOS Device Compliance Policy' + Description = 'Test iOS Device Compliance Policy Description' + PasscodeBlockSimple = $True + PasscodeExpirationDays = 365 + PasscodeMinimumLength = 8 # Updated Property + PasscodeMinutesOfInactivityBeforeLock = 5 + PasscodePreviousPasscodeBlockCount = 3 + PasscodeMinimumCharacterSetCount = 2 + PasscodeRequiredType = 'numeric' + PasscodeRequired = $True + OsMinimumVersion = 10 + OsMaximumVersion = 12 + SecurityBlockJailbrokenDevices = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'medium' + ManagedEmailProfileRequired = $True + Ensure = 'Present' + Credential = $Credscredential + + } + } +} +``` + +### Example 3 + +This example creates a new Device Compliance Policy for iOs devices + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' + { + DisplayName = 'Test iOS Device Compliance Policy' + Ensure = 'Absent' + Credential = $Credscredential + } } } diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md index 82526038e9..3e0599dccb 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.md @@ -259,10 +259,182 @@ Configuration Example Description = '' DisplayName = 'admin template' Ensure = 'Present' - Id = '2e72acda-30a8-4955-a4ca-c5e28527c81c' PolicyConfigurationIngestionType = 'unknown' } } } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + PolicyConfigurationIngestionType = 'builtIn' # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + DisplayName = 'admin template' + Ensure = 'Absent' + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md index 36f2ea1fa7..957bb3d5ec 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationCustomPolicyWindows10.md @@ -108,7 +108,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "custom"; Ensure = "Present"; - Id = "e072d616-12bc-4ea3-9171-ab080e4c120d"; OmaSettings = @( MSFT_MicrosoftGraphomaSetting{ Description = 'custom' @@ -135,3 +134,84 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ # Updated Property + Description = 'custom 3' + OmaUri = '/oma/custom3' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 3' + } + ); + SupportsScopeTags = $True; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.md index 47a0c8823f..8880217e62 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10.md @@ -102,7 +102,70 @@ Configuration Example DisplayName = "MDE onboarding Legacy"; EnableExpeditedTelemetryReporting = $True; Ensure = "Present"; - Id = "510e4742-9c7b-414d-84a1-a1128fcf57a8"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + AdvancedThreatProtectionAutoPopulateOnboardingBlob = $True; # Updated Property + AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; + AllowSampleSharing = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + EnableExpeditedTelemetryReporting = $True; + Ensure = "Present"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + Ensure = "Absent"; } } } diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.md index 7c64c84802..fea31193a5 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10.md @@ -168,7 +168,6 @@ Configuration Example GroupIdSourceOption = 'adSite' odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' }; - Id = "c86efa80-248b-4002-80d4-e70ea151a4c7"; MaximumCacheAgeInDays = 3; MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ MaximumCacheSizeInGigabytes = 4 @@ -187,3 +186,91 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackgroundDownloadFromHttpDelayInSeconds = 4; + BandwidthMode = MSFT_MicrosoftGraphdeliveryOptimizationBandwidth{ + MaximumDownloadBandwidthInKilobytesPerSecond = 22 + MaximumUploadBandwidthInKilobytesPerSecond = 33 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' + }; + CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 5; # Updated Property + CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 3; + CacheServerHostNames = @("domain.com"); + Credential = $Credscredential; + DeliveryOptimizationMode = "httpWithPeeringPrivateGroup"; + DisplayName = "delivery optimisation"; + Ensure = "Present"; + ForegroundDownloadFromHttpDelayInSeconds = 234; + GroupIdSource = MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource{ + GroupIdSourceOption = 'adSite' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' + }; + MaximumCacheAgeInDays = 3; + MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ + MaximumCacheSizeInGigabytes = 4 + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + }; + MinimumBatteryPercentageAllowedToUpload = 4; + MinimumDiskSizeAllowedToPeerInGigabytes = 3; + MinimumFileSizeToCacheInMegabytes = 3; + MinimumRamAllowedToPeerInGigabytes = 3; + ModifyCacheLocation = "%systemdrive%"; + RestrictPeerSelectionBy = "subnetMask"; + SupportsScopeTags = $True; + VpnPeerCaching = "enabled"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "delivery optimisation"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md index 204d55256e..e1cd64f7bc 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationDomainJoinPolicyWindows10.md @@ -98,7 +98,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Domain Join"; Ensure = "Present"; - Id = "1ab2945b-36b5-4b34-bbf5-717885c15654"; OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; SupportsScopeTags = $True; } @@ -106,3 +105,68 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + ActiveDirectoryDomainName = "domain.com"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ComputerNameStaticPrefix = "WK-"; + ComputerNameSuffixRandomCharCount = 12; + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Present"; + OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; + SupportsScopeTags = $False; # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationEmailProfilePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationEmailProfilePolicyWindows10.md index b7730352c7..542b349a78 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationEmailProfilePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationEmailProfilePolicyWindows10.md @@ -108,7 +108,6 @@ Configuration Example EmailSyncSchedule = "fifteenMinutes"; Ensure = "Present"; HostName = "outlook.office365.com"; - Id = "776bcf45-35f7-4436-93fb-7a74828c6477"; RequireSsl = $True; SyncCalendar = $True; SyncContacts = $True; @@ -118,3 +117,72 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + AccountName = "Corp email2"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "email"; + DurationOfEmailToSync = "unlimited"; + EmailAddressSource = "primarySmtpAddress"; + EmailSyncSchedule = "fifteenMinutes"; + Ensure = "Present"; + HostName = "outlook.office365.com"; + RequireSsl = $False; # Updated Property + SyncCalendar = $True; + SyncContacts = $True; + SyncTasks = $True; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "email"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.md index 604ddf98e5..5d205336f4 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.md @@ -610,7 +610,6 @@ Configuration Example EdgeTraversal = 'notConfigured' } ); - Id = "447262e3-74b8-44c8-ac6f-7f036fd25e67"; LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; LanManagerWorkstationDisableInsecureGuestLogons = $False; LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; @@ -675,3 +674,279 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + ApplicationGuardAllowFileSaveOnHost = $True; + ApplicationGuardAllowPersistence = $True; + ApplicationGuardAllowPrintToLocalPrinters = $True; + ApplicationGuardAllowPrintToNetworkPrinters = $False; # Updated Property + ApplicationGuardAllowPrintToPDF = $True; + ApplicationGuardAllowPrintToXPS = $True; + ApplicationGuardAllowVirtualGPU = $True; + ApplicationGuardBlockClipboardSharing = "blockContainerToHost"; + ApplicationGuardBlockFileTransfer = "blockImageFile"; + ApplicationGuardBlockNonEnterpriseContent = $True; + ApplicationGuardCertificateThumbprints = @(); + ApplicationGuardEnabled = $True; + ApplicationGuardEnabledOptions = "enabledForEdge"; + ApplicationGuardForceAuditing = $True; + AppLockerApplicationControl = "enforceComponentsStoreAppsAndSmartlocker"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BitLockerAllowStandardUserEncryption = $True; + BitLockerDisableWarningForOtherDiskEncryption = $True; + BitLockerEnableStorageCardEncryptionOnMobile = $True; + BitLockerEncryptDevice = $True; + BitLockerFixedDrivePolicy = MSFT_MicrosoftGraphbitLockerFixedDrivePolicy{ + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $True + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $True + RecoveryPasswordUsage = 'allowed' + } + RequireEncryptionForWriteAccess = $True + EncryptionMethod = 'xtsAes128' + }; + BitLockerRecoveryPasswordRotation = "notConfigured"; + BitLockerRemovableDrivePolicy = MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy{ + RequireEncryptionForWriteAccess = $True + BlockCrossOrganizationWriteAccess = $True + EncryptionMethod = 'aesCbc128' + }; + BitLockerSystemDrivePolicy = MSFT_MicrosoftGraphbitLockerSystemDrivePolicy{ + PrebootRecoveryEnableMessageAndUrl = $True + StartupAuthenticationTpmPinUsage = 'allowed' + EncryptionMethod = 'xtsAes128' + StartupAuthenticationTpmPinAndKeyUsage = 'allowed' + StartupAuthenticationRequired = $True + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $False + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $False + RecoveryPasswordUsage = 'allowed' + } + StartupAuthenticationTpmUsage = 'allowed' + StartupAuthenticationTpmKeyUsage = 'allowed' + StartupAuthenticationBlockWithoutTpmChip = $False + }; + Credential = $Credscredential; + DefenderAdditionalGuardedFolders = @(); + DefenderAdobeReaderLaunchChildProcess = "notConfigured"; + DefenderAdvancedRansomewareProtectionType = "notConfigured"; + DefenderAttackSurfaceReductionExcludedPaths = @(); + DefenderBlockPersistenceThroughWmiType = "userDefined"; + DefenderEmailContentExecution = "userDefined"; + DefenderEmailContentExecutionType = "userDefined"; + DefenderExploitProtectionXml = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxNaXRpZ2F0aW9uUG9saWN5Pg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IkFjcm9SZDMyLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJBY3JvUmQzMkluZm8uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImNsdmlldy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iY25mbm90MzIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImV4Y2VsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJleGNlbGNudi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iRXh0RXhwb3J0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJncmFwaC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iaWU0dWluaXQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllaW5zdGFsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJpZWxvd3V0aWwuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllVW5hdHQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImlleHBsb3JlLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJseW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2FjY2Vzcy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNjb3JzdncuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zZmVlZHNzeW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2h0YS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvYWRmc2IuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb2FzYi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvaHRtZWQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3NyZWMuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3htbGVkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc3B1Yi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNxcnkzMi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iTXNTZW5zZS5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgICA8SW1hZ2VMb2FkIFByZWZlclN5c3RlbTMyPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VuLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VudGFzay5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZW0uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im9yZ2NoYXJ0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJvdXRsb29rLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJwb3dlcnBudC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUHJlc2VudGF0aW9uSG9zdC5leGUiPg0KICAgIDxERVAgRW5hYmxlPSJ0cnVlIiBFbXVsYXRlQXRsVGh1bmtzPSJmYWxzZSIgLz4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIEJvdHRvbVVwPSJ0cnVlIiBIaWdoRW50cm9weT0idHJ1ZSIgLz4NCiAgICA8U0VIT1AgRW5hYmxlPSJ0cnVlIiBUZWxlbWV0cnlPbmx5PSJmYWxzZSIgLz4NCiAgICA8SGVhcCBUZXJtaW5hdGVPbkVycm9yPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJQcmludERpYWxvZy5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUmRyQ0VGLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJSZHJTZXJ2aWNlc1VwZGF0ZXIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InJ1bnRpbWVicm9rZXIuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5vc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5wc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNkeGhlbHBlci5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ic2VsZmNlcnQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNldGxhbmcuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IlN5c3RlbVNldHRpbmdzLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3aW53b3JkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3b3JkY29udi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQo8L01pdGlnYXRpb25Qb2xpY3k+"; + DefenderExploitProtectionXmlFileName = "Settings.xml"; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderGuardedFoldersAllowedAppPaths = @(); + DefenderGuardMyFoldersType = "auditMode"; + DefenderNetworkProtectionType = "enable"; + DefenderOfficeAppsExecutableContentCreationOrLaunch = "userDefined"; + DefenderOfficeAppsExecutableContentCreationOrLaunchType = "userDefined"; + DefenderOfficeAppsLaunchChildProcess = "userDefined"; + DefenderOfficeAppsLaunchChildProcessType = "userDefined"; + DefenderOfficeAppsOtherProcessInjection = "userDefined"; + DefenderOfficeAppsOtherProcessInjectionType = "userDefined"; + DefenderOfficeCommunicationAppsLaunchChildProcess = "notConfigured"; + DefenderOfficeMacroCodeAllowWin32Imports = "userDefined"; + DefenderOfficeMacroCodeAllowWin32ImportsType = "userDefined"; + DefenderPreventCredentialStealingType = "enable"; + DefenderProcessCreation = "userDefined"; + DefenderProcessCreationType = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderScriptDownloadedPayloadExecution = "userDefined"; + DefenderScriptDownloadedPayloadExecutionType = "userDefined"; + DefenderScriptObfuscatedMacroCode = "userDefined"; + DefenderScriptObfuscatedMacroCodeType = "userDefined"; + DefenderSecurityCenterBlockExploitProtectionOverride = $False; + DefenderSecurityCenterDisableAccountUI = $False; + DefenderSecurityCenterDisableClearTpmUI = $True; + DefenderSecurityCenterDisableFamilyUI = $False; + DefenderSecurityCenterDisableHardwareUI = $True; + DefenderSecurityCenterDisableHealthUI = $False; + DefenderSecurityCenterDisableNetworkUI = $False; + DefenderSecurityCenterDisableNotificationAreaUI = $False; + DefenderSecurityCenterDisableRansomwareUI = $False; + DefenderSecurityCenterDisableVirusUI = $False; + DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $True; + DefenderSecurityCenterHelpEmail = "me@domain.com"; + DefenderSecurityCenterHelpPhone = "yes"; + DefenderSecurityCenterITContactDisplay = "displayInAppAndInNotifications"; + DefenderSecurityCenterNotificationsFromApp = "blockNoncriticalNotifications"; + DefenderSecurityCenterOrganizationDisplayName = "processes.exe"; + DefenderUntrustedExecutable = "userDefined"; + DefenderUntrustedExecutableType = "userDefined"; + DefenderUntrustedUSBProcess = "userDefined"; + DefenderUntrustedUSBProcessType = "userDefined"; + DeviceGuardEnableSecureBootWithDMA = $True; + DeviceGuardEnableVirtualizationBasedSecurity = $True; + DeviceGuardLaunchSystemGuard = "notConfigured"; + DeviceGuardLocalSystemAuthorityCredentialGuardSettings = "enableWithoutUEFILock"; + DeviceGuardSecureBootWithDMA = "notConfigured"; + DisplayName = "endpoint protection legacy - dsc v2.0"; + DmaGuardDeviceEnumerationPolicy = "deviceDefault"; + Ensure = "Present"; + FirewallCertificateRevocationListCheckMethod = "deviceDefault"; + FirewallIPSecExemptionsAllowDHCP = $False; + FirewallIPSecExemptionsAllowICMP = $False; + FirewallIPSecExemptionsAllowNeighborDiscovery = $False; + FirewallIPSecExemptionsAllowRouterDiscovery = $False; + FirewallIPSecExemptionsNone = $False; + FirewallPacketQueueingMethod = "deviceDefault"; + FirewallPreSharedKeyEncodingMethod = "deviceDefault"; + FirewallProfileDomain = MSFT_MicrosoftGraphwindowsFirewallNetworkProfile{ + PolicyRulesFromGroupPolicyNotMerged = $False + InboundNotificationsBlocked = $True + OutboundConnectionsRequired = $True + GlobalPortRulesFromGroupPolicyNotMerged = $True + ConnectionSecurityRulesFromGroupPolicyNotMerged = $True + UnicastResponsesToMulticastBroadcastsRequired = $True + PolicyRulesFromGroupPolicyMerged = $False + UnicastResponsesToMulticastBroadcastsBlocked = $False + IncomingTrafficRequired = $False + IncomingTrafficBlocked = $True + ConnectionSecurityRulesFromGroupPolicyMerged = $False + StealthModeRequired = $False + InboundNotificationsRequired = $False + AuthorizedApplicationRulesFromGroupPolicyMerged = $False + InboundConnectionsBlocked = $True + OutboundConnectionsBlocked = $False + StealthModeBlocked = $True + GlobalPortRulesFromGroupPolicyMerged = $False + SecuredPacketExemptionBlocked = $False + SecuredPacketExemptionAllowed = $False + InboundConnectionsRequired = $False + FirewallEnabled = 'allowed' + AuthorizedApplicationRulesFromGroupPolicyNotMerged = $True + }; + FirewallRules = @( + MSFT_MicrosoftGraphwindowsFirewallRule{ + Action = 'allowed' + InterfaceTypes = 'notConfigured' + DisplayName = 'ICMP' + TrafficDirection = 'in' + ProfileTypes = 'domain' + EdgeTraversal = 'notConfigured' + } + ); + LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; + LanManagerWorkstationDisableInsecureGuestLogons = $False; + LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $False; + LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $False; + LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $False; + LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $True; + LocalSecurityOptionsAllowUIAccessApplicationElevation = $False; + LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $False; + LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $True; + LocalSecurityOptionsBlockMicrosoftAccounts = $True; + LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $True; + LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $True; + LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $True; + LocalSecurityOptionsClearVirtualMemoryPageFile = $True; + LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $False; + LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $False; + LocalSecurityOptionsDisableAdministratorAccount = $True; + LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $False; + LocalSecurityOptionsDisableGuestAccount = $True; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $False; + LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $True; + LocalSecurityOptionsDoNotRequireCtrlAltDel = $True; + LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $False; + LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = "administrators"; + LocalSecurityOptionsHideLastSignedInUser = $False; + LocalSecurityOptionsHideUsernameAtSignIn = $False; + LocalSecurityOptionsInformationDisplayedOnLockScreen = "notConfigured"; + LocalSecurityOptionsInformationShownOnLockScreen = "notConfigured"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = "none"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = "none"; + LocalSecurityOptionsOnlyElevateSignedExecutables = $False; + LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $True; + LocalSecurityOptionsSmartCardRemovalBehavior = "lockWorkstation"; + LocalSecurityOptionsStandardUserElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $False; + LocalSecurityOptionsUseAdminApprovalMode = $False; + LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $False; + LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $False; + SmartScreenBlockOverrideForFiles = $True; + SmartScreenEnableInShell = $True; + SupportsScopeTags = $True; + UserRightsAccessCredentialManagerAsTrustedCaller = MSFT_MicrosoftGraphdeviceManagementUserRightsSetting{ + State = 'allowed' + LocalUsersOrGroups = @( + MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup{ + Name = 'NT AUTHORITY\Local service' + SecurityIdentifier = '*S-1-5-19' + } + ) + }; + WindowsDefenderTamperProtection = "enable"; + XboxServicesAccessoryManagementServiceStartupMode = "manual"; + XboxServicesEnableXboxGameSaveTask = $True; + XboxServicesLiveAuthManagerServiceStartupMode = "manual"; + XboxServicesLiveGameSaveServiceStartupMode = "manual"; + XboxServicesLiveNetworkingServiceStartupMode = "manual"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + DisplayName = "endpoint protection legacy - dsc v2.0"; + Credential = $Credscredential; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md index a3b33d8908..af292087ee 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10.md @@ -118,7 +118,6 @@ Configuration Example DisplayName = "firmware"; Ensure = "Present"; FrontCamera = "enabled"; - Id = "16599412-1827-4837-b2c1-da2c8260d16e"; InfraredCamera = "enabled"; Microphone = "notConfigured"; MicrophonesAndSpeakers = "enabled"; @@ -140,3 +139,85 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Bluetooth = "notConfigured"; + BootFromBuiltInNetworkAdapters = "notConfigured"; + BootFromExternalMedia = "notConfigured"; + Cameras = "enabled"; # Updated Property + ChangeUefiSettingsPermission = "notConfiguredOnly"; + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Present"; + FrontCamera = "enabled"; + InfraredCamera = "enabled"; + Microphone = "notConfigured"; + MicrophonesAndSpeakers = "enabled"; + NearFieldCommunication = "notConfigured"; + Radios = "enabled"; + RearCamera = "enabled"; + SdCard = "notConfigured"; + SimultaneousMultiThreading = "enabled"; + SupportsScopeTags = $True; + UsbTypeAPort = "notConfigured"; + VirtualizationOfCpuAndIO = "enabled"; + WakeOnLAN = "notConfigured"; + WakeOnPower = "notConfigured"; + WiFi = "notConfigured"; + WindowsPlatformBinaryTable = "enabled"; + WirelessWideAreaNetwork = "notConfigured"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md index f786a0df77..4e07538c53 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10.md @@ -96,10 +96,72 @@ Configuration Example Credential = $Credscredential; DisplayName = "Health Monitoring Configuration"; Ensure = "Present"; - Id = "ea1bbbf2-1593-4156-9995-62b93a474e01"; SupportsScopeTags = $True; } } } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + AllowDeviceHealthMonitoring = "enabled"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Present"; + SupportsScopeTags = $False; # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.md index 25602a340e..6ef46c1b90 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.md @@ -106,7 +106,6 @@ Configuration Example DisplayName = "identity protection"; EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; Ensure = "Present"; - Id = "e0f7e513-6b34-4a74-8d90-fe7648c0ce30"; PinExpirationInDays = 5; PinLowercaseCharactersUsage = "allowed"; PinMaximumLength = 4; @@ -126,3 +125,78 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "identity protection"; + EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; + Ensure = "Present"; + PinExpirationInDays = 5; + PinLowercaseCharactersUsage = "allowed"; + PinMaximumLength = 4; + PinMinimumLength = 4; + PinPreviousBlockCount = 4; # Updated Property + PinRecoveryEnabled = $True; + PinSpecialCharactersUsage = "allowed"; + PinUppercaseCharactersUsage = "allowed"; + SecurityDeviceRequired = $True; + SupportsScopeTags = $True; + UnlockWithBiometricsEnabled = $True; + UseCertificatesForOnPremisesAuthEnabled = $True; + UseSecurityKeyForSignin = $True; + WindowsHelloForBusinessBlocked = $False; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "identity protection"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.md index 4adb4ee7cd..7a05de1af1 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10.md @@ -99,7 +99,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "PKCS Imported"; Ensure = "Present"; - Id = "01a4f283-7bb6-4b11-99fa-e56826d986d0"; IntendedPurpose = "unassigned"; KeyStorageProvider = "useSoftwareKsp"; RenewalThresholdPercentage = 50; @@ -110,3 +109,70 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Present"; + IntendedPurpose = "unassigned"; + KeyStorageProvider = "useSoftwareKsp"; + RenewalThresholdPercentage = 60; # Updated Property + SubjectAlternativeNameType = "emailAddress"; + SubjectNameFormat = "commonName"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationKioskPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationKioskPolicyWindows10.md index 0e2b00a1d5..31297f269b 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationKioskPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationKioskPolicyWindows10.md @@ -222,7 +222,6 @@ Configuration Example DisplayName = "kiosk"; EdgeKioskEnablePublicBrowsing = $False; Ensure = "Present"; - Id = "7fea73fd-20d3-439a-9fa4-73955e082dc5"; KioskBrowserBlockedUrlExceptions = @(); KioskBrowserBlockedURLs = @(); KioskBrowserDefaultUrl = "http://bing.com"; @@ -264,3 +263,100 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "kiosk"; + EdgeKioskEnablePublicBrowsing = $False; # Updated Property + Ensure = "Present"; + KioskBrowserBlockedUrlExceptions = @(); + KioskBrowserBlockedURLs = @(); + KioskBrowserDefaultUrl = "http://bing.com"; + KioskBrowserEnableEndSessionButton = $False; + KioskBrowserEnableHomeButton = $True; + KioskBrowserEnableNavigationButtons = $False; + KioskProfiles = @( + MSFT_MicrosoftGraphwindowsKioskProfile{ + ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c' + UserAccountsConfiguration = @( + MSFT_MicrosoftGraphWindowsKioskUser{ + odataType = '#microsoft.graph.windowsKioskAutologon' + } + ) + ProfileName = 'profile' + AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{ + Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{ + EdgeNoFirstRun = $True + EdgeKiosk = 'https://domain.com' + ClassicAppPath = 'msedge.exe' + AutoLaunch = $False + StartLayoutTileSize = 'hidden' + AppType = 'unknown' + EdgeKioskType = 'publicBrowsing' + } + odataType = '#microsoft.graph.windowsKioskSingleWin32App' + } + } + ); + WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ + RunImmediatelyIfAfterStartDateTime = $False + StartDateTime = '2023-04-15T23:00:00.0000000+00:00' + DayofMonth = 1 + Recurrence = 'daily' + DayofWeek = 'sunday' + }; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "kiosk"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md index 7d7af68dc4..3c37cc20d7 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.md @@ -127,7 +127,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "network boundary"; Ensure = "Present"; - Id = "16c280a3-a04f-4847-b3bb-3cef06cb2be3"; SupportsScopeTags = $True; WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ EnterpriseProxyServers = @() @@ -149,3 +148,79 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Present"; + SupportsScopeTags = $False; # Updated Property + WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ + EnterpriseProxyServers = @() + EnterpriseInternalProxyServers = @() + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('domain.com') + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphIpRange1{ + UpperAddress = '1.1.1.255' + LowerAddress = '1.1.1.0' + odataType = '#microsoft.graph.iPv4Range' + } + ) + NeutralDomainResources = @() + }; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.md index 65ae809a9d..6ed47e743e 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPkcsCertificatePolicyWindows10.md @@ -134,7 +134,6 @@ Configuration Example ); DisplayName = "PKCS"; Ensure = "Present"; - Id = "2abd77a6-b656-4231-ab64-89c31e871ca6"; KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; RenewalThresholdPercentage = 20; SubjectAlternativeNameType = "none"; @@ -145,3 +144,80 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateTemplateName = "Template DSC"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + CertificationAuthority = "CA=Name"; + CertificationAuthorityName = "Test"; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'certificate.com' + } + ); + DisplayName = "PKCS"; + Ensure = "Present"; + KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; + RenewalThresholdPercentage = 30; # Updated Property + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "PKCS"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md index dc31b63289..2340a3afc8 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator.md @@ -143,7 +143,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' { - Id = '4feff881-d635-4e9d-bd07-d1227d1ab230' DisplayName = 'Android device admin' AppsBlockClipboardSharing = $True AppsBlockCopyPaste = $True @@ -206,3 +205,111 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + AppsBlockClipboardSharing = $True + AppsBlockCopyPaste = $False # Updated Property + AppsBlockYouTube = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + BluetoothBlocked = $True + CameraBlocked = $True + CellularBlockDataRoaming = $False + CellularBlockMessaging = $False + CellularBlockVoiceRoaming = $False + CellularBlockWiFiTethering = $False + CompliantAppListType = 'appsInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphAppListitem { + name = 'customApp' + publisher = 'google2' + appStoreUrl = 'https://appUrl.com' + appId = 'com.custom.google.com' + } + ) + DateAndTimeBlockChanges = $True + DeviceSharingAllowed = $False + DiagnosticDataBlockSubmission = $False + FactoryResetBlocked = $False + GoogleAccountBlockAutoSync = $False + GooglePlayStoreBlocked = $False + KioskModeBlockSleepButton = $False + KioskModeBlockVolumeButtons = $True + LocationServicesBlocked = $False + NfcBlocked = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $False + PasswordRequired = $True + PasswordRequiredType = 'numeric' + PowerOffBlocked = $False + RequiredPasswordComplexity = 'low' + ScreenCaptureBlocked = $False + SecurityRequireVerifyApps = $False + StorageBlockGoogleBackup = $False + StorageBlockRemovableStorage = $False + StorageRequireDeviceEncryption = $False + StorageRequireRemovableStorageEncryption = $True + VoiceAssistantBlocked = $False + VoiceDialingBlocked = $False + WebBrowserBlockAutofill = $False + WebBrowserBlocked = $False + WebBrowserBlockJavaScript = $False + WebBrowserBlockPopups = $False + WebBrowserCookieSettings = 'allowAlways' + WiFiBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md index f615837c91..46f95caa88 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidDeviceOwner.md @@ -314,7 +314,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' { - Id = '57853b98-db50-4605-9292-3ade98e25bc3' DisplayName = 'general confi - AndroidDeviceOwner' Assignments = @() AzureAdSharedDeviceDataClearApps = @() @@ -363,3 +362,97 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Assignments = @() + AzureAdSharedDeviceDataClearApps = @() + CameraBlocked = $False # Updated Property + CrossProfilePoliciesAllowDataSharing = 'notConfigured' + EnrollmentProfile = 'notConfigured' + FactoryResetDeviceAdministratorEmails = @() + GlobalProxy = MSFT_MicrosoftGraphandroiddeviceownerglobalproxy { + odataType = '#microsoft.graph.androidDeviceOwnerGlobalProxyDirect' + host = 'myproxy.com' + port = 8083 + } + KioskCustomizationStatusBar = 'notConfigured' + KioskCustomizationSystemNavigation = 'notConfigured' + KioskModeAppPositions = @() + KioskModeApps = @() + KioskModeManagedFolders = @() + KioskModeUseManagedHomeScreenApp = 'notConfigured' + KioskModeWifiAllowedSsids = @() + MicrophoneForceMute = $True + NfcBlockOutgoingBeam = $True + PasswordBlockKeyguardFeatures = @() + PasswordRequiredType = 'deviceDefault' + PasswordRequireUnlock = 'deviceDefault' + PersonalProfilePersonalApplications = @() + PersonalProfilePlayStoreMode = 'notConfigured' + ScreenCaptureBlocked = $True + SecurityRequireVerifyApps = $True + StayOnModes = @() + StorageBlockExternalMedia = $True + SystemUpdateFreezePeriods = @( + MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod { + startMonth = 12 + startDay = 23 + endMonth = 12 + endDay = 30 + }) + VpnAlwaysOnLockdownMode = $False + VpnAlwaysOnPackageIdentifier = '' + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfilePasswordRequireUnlock = 'deviceDefault' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md index 3ffe20eeb6..b11a90d85e 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.md @@ -94,7 +94,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' { - Id = '9191730e-6e01-4b77-b23c-9648b5c7bb1e' DisplayName = 'aosp' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -114,3 +113,68 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + CameraBlocked = $True # Updated Property + FactoryResetBlocked = $True + PasswordRequiredType = 'deviceDefault' + ScreenCaptureBlocked = $True + StorageBlockExternalMedia = $True + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidWorkProfile.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidWorkProfile.md index c177b82e37..585ae4a4ef 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidWorkProfile.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyAndroidWorkProfile.md @@ -151,3 +151,75 @@ Configuration Example } ``` +### Example 2 + +This example creates a new General Device Configuration Policy for Android WorkProfile . + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidWorkProfile 97ed22e9-1429-40dc-ab3c-0055e538383b + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $True # Updated Property + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeScreenTimeout = 15 + PasswordRequiredType = 'atLeastNumeric' + SecurityRequireVerifyApps = $True + WorkProfileBlockAddingAccounts = $True + WorkProfileBlockCamera = $False + WorkProfileBlockCrossProfileCallerId = $False + WorkProfileBlockCrossProfileContactsSearch = $False + WorkProfileBlockCrossProfileCopyPaste = $True + WorkProfileBlockNotificationsWhileDeviceLocked = $True + WorkProfileBlockScreenCapture = $True + WorkProfileBluetoothEnableContactSharing = $False + WorkProfileDataSharingType = 'allowPersonalToWork' + WorkProfileDefaultAppPermissionPolicy = 'deviceDefault' + WorkProfilePasswordBlockFingerprintUnlock = $False + WorkProfilePasswordBlockTrustAgents = $False + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfileRequirePassword = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new General Device Configuration Policy for Android WorkProfile . + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyAndroidWorkProfile 97ed22e9-1429-40dc-ab3c-0055e538383b + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md index 669fc4a713..bd1438f974 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyMacOS.md @@ -196,7 +196,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' { - Id = '01fc772e-a2ef-4c33-8b57-29b7aa5243cb' DisplayName = 'MacOS device restriction' AddingGameCenterFriendsBlocked = $True AirDropBlocked = $False @@ -296,3 +295,148 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + AddingGameCenterFriendsBlocked = $True + AirDropBlocked = $True # Updated Property + AppleWatchBlockAutoUnlock = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + } + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20' + }) + CameraBlocked = $False + ClassroomAppBlockRemoteScreenObservation = $False + ClassroomAppForceUnpromptedScreenObservation = $False + ClassroomForceAutomaticallyJoinClasses = $False + ClassroomForceRequestPermissionToLeaveClasses = $False + ClassroomForceUnpromptedAppAndDeviceLock = $False + CompliantAppListType = 'appsNotInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphapplistitemMacOS { + name = 'appname2' + publisher = 'publisher' + appId = 'bundle' + } + ) + ContentCachingBlocked = $False + DefinitionLookupBlocked = $True + EmailInDomainSuffixes = @() + EraseContentAndSettingsBlocked = $False + GameCenterBlocked = $False + ICloudBlockActivityContinuation = $False + ICloudBlockAddressBook = $False + ICloudBlockBookmarks = $False + ICloudBlockCalendar = $False + ICloudBlockDocumentSync = $False + ICloudBlockMail = $False + ICloudBlockNotes = $False + ICloudBlockPhotoLibrary = $False + ICloudBlockReminders = $False + ICloudDesktopAndDocumentsBlocked = $False + ICloudPrivateRelayBlocked = $False + ITunesBlockFileSharing = $False + ITunesBlockMusicService = $False + KeyboardBlockDictation = $False + KeychainBlockCloudSync = $False + MultiplayerGamingBlocked = $False + PasswordBlockAirDropSharing = $False + PasswordBlockAutoFill = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockModification = $False + PasswordBlockProximityRequests = $False + PasswordBlockSimple = $False + PasswordRequired = $False + PasswordRequiredType = 'deviceDefault' + PrivacyAccessControls = @( + MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { + displayName = 'test' + identifier = 'test45' + identifierType = 'path' + codeRequirement = 'test' + blockCamera = $True + speechRecognition = 'notConfigured' + accessibility = 'notConfigured' + addressBook = 'enabled' + calendar = 'notConfigured' + reminders = 'notConfigured' + photos = 'notConfigured' + mediaLibrary = 'notConfigured' + fileProviderPresence = 'notConfigured' + systemPolicyAllFiles = 'notConfigured' + systemPolicySystemAdminFiles = 'notConfigured' + systemPolicyDesktopFolder = 'notConfigured' + systemPolicyDocumentsFolder = 'notConfigured' + systemPolicyDownloadsFolder = 'notConfigured' + systemPolicyNetworkVolumes = 'notConfigured' + systemPolicyRemovableVolumes = 'notConfigured' + postEvent = 'notConfigured' + } + ) + SafariBlockAutofill = $False + ScreenCaptureBlocked = $False + SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateNonOSDeferredInstallDelayInDays = 30 + SoftwareUpdatesEnforcedDelayInDays = 30 + SpotlightBlockInternetResults = $False + UpdateDelayPolicy = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility') + WallpaperModificationBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md index 43da9d7601..d61a5e9d76 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyWindows10.md @@ -527,7 +527,6 @@ Configuration Example ExperienceDoNotSyncBrowserSettings = "notConfigured"; FindMyFiles = "notConfigured"; GameDvrBlocked = $True; - Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; InkWorkspaceAccess = "notConfigured"; InkWorkspaceAccessState = "notConfigured"; InkWorkspaceBlockSuggestedApps = $False; @@ -671,3 +670,305 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $True; # Updated Property + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "device config"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md index ad1be6a9ed..aec7109b74 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationPolicyiOS.md @@ -370,7 +370,6 @@ Configuration Example { IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' { - Id = '901c99e3-6429-4f02-851f-54b49a53f103' DisplayName = 'iOS DSC Policy' AccountBlockModification = $False ActivationLockAllowWhenSupervised = $False @@ -486,3 +485,162 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Device Configuration Policy for iOS. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + AccountBlockModification = $False + ActivationLockAllowWhenSupervised = $False + AirDropBlocked = $True # Updated Property + AirDropForceUnmanagedDropTarget = $False + AirPlayForcePairingPasswordForOutgoingRequests = $False + AppleNewsBlocked = $False + AppleWatchBlockPairing = $False + AppleWatchForceWristDetection = $False + AppStoreBlockAutomaticDownloads = $False + AppStoreBlocked = $False + AppStoreBlockInAppPurchases = $False + AppStoreBlockUIAppInstallation = $False + AppStoreRequirePassword = $False + AppsVisibilityList = @() + AppsVisibilityListType = 'none' + BluetoothBlockModification = $True + CameraBlocked = $False + CellularBlockDataRoaming = $False + CellularBlockGlobalBackgroundFetchWhileRoaming = $False + CellularBlockPerAppDataModification = $False + CellularBlockVoiceRoaming = $False + CertificatesBlockUntrustedTlsCertificates = $False + ClassroomAppBlockRemoteScreenObservation = $False + CompliantAppListType = 'none' + CompliantAppsList = @() + ConfigurationProfileBlockChanges = $False + DefinitionLookupBlocked = $False + Description = 'iOS Device Restriction Policy' + DeviceBlockEnableRestrictions = $True + DeviceBlockEraseContentAndSettings = $False + DeviceBlockNameModification = $False + DiagnosticDataBlockSubmission = $False + DiagnosticDataBlockSubmissionModification = $False + DocumentsBlockManagedDocumentsInUnmanagedApps = $False + DocumentsBlockUnmanagedDocumentsInManagedApps = $False + EmailInDomainSuffixes = @() + EnterpriseAppBlockTrust = $False + EnterpriseAppBlockTrustModification = $False + FaceTimeBlocked = $False + FindMyFriendsBlocked = $False + GameCenterBlocked = $False + GamingBlockGameCenterFriends = $True + GamingBlockMultiplayer = $False + HostPairingBlocked = $False + iBooksStoreBlocked = $False + iBooksStoreBlockErotica = $False + iCloudBlockActivityContinuation = $False + iCloudBlockBackup = $True + iCloudBlockDocumentSync = $True + iCloudBlockManagedAppsSync = $False + iCloudBlockPhotoLibrary = $False + iCloudBlockPhotoStreamSync = $True + iCloudBlockSharedPhotoStream = $False + iCloudRequireEncryptedBackup = $False + iTunesBlockExplicitContent = $False + iTunesBlockMusicService = $False + iTunesBlockRadio = $False + KeyboardBlockAutoCorrect = $False + KeyboardBlockPredictive = $False + KeyboardBlockShortcuts = $False + KeyboardBlockSpellCheck = $False + KioskModeAllowAssistiveSpeak = $False + KioskModeAllowAssistiveTouchSettings = $False + KioskModeAllowAutoLock = $False + KioskModeAllowColorInversionSettings = $False + KioskModeAllowRingerSwitch = $False + KioskModeAllowScreenRotation = $False + KioskModeAllowSleepButton = $False + KioskModeAllowTouchscreen = $False + KioskModeAllowVoiceOverSettings = $False + KioskModeAllowVolumeButtons = $False + KioskModeAllowZoomSettings = $False + KioskModeRequireAssistiveTouch = $False + KioskModeRequireColorInversion = $False + KioskModeRequireMonoAudio = $False + KioskModeRequireVoiceOver = $False + KioskModeRequireZoom = $False + LockScreenBlockControlCenter = $False + LockScreenBlockNotificationView = $False + LockScreenBlockPassbook = $False + LockScreenBlockTodayView = $False + MediaContentRatingApps = 'allAllowed' + messagesBlocked = $False + NotificationsBlockSettingsModification = $False + PasscodeBlockFingerprintUnlock = $False + PasscodeBlockModification = $False + PasscodeBlockSimple = $True + PasscodeMinimumLength = 4 + PasscodeRequired = $True + PasscodeRequiredType = 'deviceDefault' + PodcastsBlocked = $False + SafariBlockAutofill = $False + SafariBlocked = $False + SafariBlockJavaScript = $False + SafariBlockPopups = $False + SafariCookieSettings = 'browserDefault' + SafariManagedDomains = @() + SafariPasswordAutoFillDomains = @() + SafariRequireFraudWarning = $False + ScreenCaptureBlocked = $False + SiriBlocked = $False + SiriBlockedWhenLocked = $False + SiriBlockUserGeneratedContent = $False + SiriRequireProfanityFilter = $False + SpotlightBlockInternetResults = $False + VoiceDialingBlocked = $False + WallpaperBlockModification = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Configuration Policy for iOS. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationScepCertificatePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationScepCertificatePolicyWindows10.md index ff631d043a..79cc1a4460 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationScepCertificatePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationScepCertificatePolicyWindows10.md @@ -140,7 +140,6 @@ Configuration Example } ); HashAlgorithm = "sha2"; - Id = "0b9aef2f-1671-4260-8eb9-3ab3138e176a"; KeySize = "size2048"; KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; KeyUsage = "digitalSignature"; @@ -155,3 +154,88 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 5; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'dns' + } + ); + DisplayName = "SCEP"; + Ensure = "Present"; + ExtendedKeyUsages = @( + MSFT_MicrosoftGraphextendedKeyUsage{ + ObjectIdentifier = '1.3.6.1.5.5.7.3.2' + Name = 'Client Authentication' + } + ); + HashAlgorithm = "sha2"; + KeySize = "size2048"; + KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; + KeyUsage = "digitalSignature"; + RenewalThresholdPercentage = 30; # Updated Property + ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "SCEP"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.md index c35d880acd..96f0b42a2a 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationSecureAssessmentPolicyWindows10.md @@ -104,7 +104,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Secure Assessment"; Ensure = "Present"; - Id = "b46822c4-48af-422a-960b-92473bee56e0"; LaunchUri = "https://assessment.domain.com"; LocalGuestAccountName = ""; } @@ -112,3 +111,71 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + AllowPrinting = $True; + AllowScreenCapture = $False; # Updated Property + AllowTextSuggestion = $True; + AssessmentAppUserModelId = ""; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigurationAccount = "user@domain.com"; + ConfigurationAccountType = "azureADAccount"; + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Present"; + LaunchUri = "https://assessment.domain.com"; + LocalGuestAccountName = ""; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.md index c93df19a42..78c8739c32 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10.md @@ -132,7 +132,6 @@ Configuration Example Enabled = $True; Ensure = "Present"; FastFirstSignIn = "notConfigured"; - Id = "e77026f6-707e-417c-ad1a-8e1182d36832"; IdleTimeBeforeSleepInSeconds = 60; LocalStorage = "enabled"; MaintenanceStartTime = "00:03:00"; @@ -145,3 +144,83 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ + CacheAccountsAboveDiskFreePercentage = 60 # Updated Property + AccountDeletionPolicy = 'diskSpaceThreshold' + RemoveAccountsBelowDiskFreePercentage = 20 + }; + AllowedAccounts = @("guest","domain"); + AllowLocalStorage = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisableAccountManager = $False; + DisableEduPolicies = $False; + DisablePowerPolicies = $False; + DisableSignInOnResume = $False; + DisplayName = "Shared Multi device"; + Enabled = $True; + Ensure = "Present"; + FastFirstSignIn = "notConfigured"; + IdleTimeBeforeSleepInSeconds = 60; + LocalStorage = "enabled"; + MaintenanceStartTime = "00:03:00"; + SetAccountManager = "enabled"; + SetEduPolicies = "enabled"; + SetPowerPolicies = "enabled"; + SignInOnResume = "enabled"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Shared Multi device"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.md index 6ef9d21ea1..048b583ef8 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationTrustedCertificatePolicyWindows10.md @@ -95,10 +95,72 @@ Configuration Example DestinationStore = "computerCertStoreRoot"; DisplayName = "Trusted Cert"; Ensure = "Present"; - Id = "169bf4fc-5914-40f4-ad33-48c225396183"; TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; } } } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertFileName = "RootNew.cer"; # Updated Property + Credential = $Credscredential; + DestinationStore = "computerCertStoreRoot"; + DisplayName = "Trusted Cert"; + Ensure = "Present"; + TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Trusted Cert"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationVpnPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationVpnPolicyWindows10.md index fbc29d7db9..67408c25ca 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationVpnPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationVpnPolicyWindows10.md @@ -248,7 +248,6 @@ Configuration Example EnableSingleSignOnWithAlternateCertificate = $False; EnableSplitTunneling = $False; Ensure = "Present"; - Id = "9f3734d4-eb1e-46dc-b668-2f13bfa572ee"; ProfileTarget = "user"; ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ Port = 8081 @@ -284,3 +283,111 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AuthenticationMethod = "usernameAndPassword"; + ConnectionName = "Cisco VPN"; + ConnectionType = "ciscoAnyConnect"; + Credential = $Credscredential; + CustomXml = ""; + DisplayName = "VPN"; + DnsRules = @( + MSFT_MicrosoftGraphvpnDnsRule{ + Servers = @('10.0.1.10') + Name = 'NRPT rule' + Persistent = $True + AutoTrigger = $True + } + ); + DnsSuffixes = @("mydomain.com"); + EnableAlwaysOn = $True; + EnableConditionalAccess = $True; + EnableDnsRegistration = $True; + EnableSingleSignOnWithAlternateCertificate = $True; # Updated Property + EnableSplitTunneling = $False; + Ensure = "Present"; + ProfileTarget = "user"; + ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ + Port = 8081 + BypassProxyServerForLocalAddress = $True + AutomaticConfigurationScriptUrl = '' + Address = '10.0.10.100' + }; + RememberUserCredentials = $True; + ServerCollection = @( + MSFT_MicrosoftGraphvpnServer{ + IsDefaultServer = $True + Description = 'gateway1' + Address = '10.0.1.10' + } + ); + TrafficRules = @( + MSFT_MicrosoftGraphvpnTrafficRule{ + Name = 'VPN rule' + AppType = 'none' + LocalAddressRanges = @( + MSFT_MicrosoftGraphIPv4Range{ + UpperAddress = '10.0.2.240' + LowerAddress = '10.0.2.0' + } + ) + RoutingPolicyType = 'forceTunnel' + VpnTrafficDirection = 'outbound' + } + ); + TrustedNetworkDomains = @(); + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "VPN"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md index 102334f57a..3433462fad 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationWindowsTeamPolicyWindows10.md @@ -113,7 +113,6 @@ Configuration Example Credential = $Credscredential; DisplayName = "Device restrictions (Windows 10 Team)"; Ensure = "Present"; - Id = "55308358-a4b9-4e26-bc75-7a6871836436"; MaintenanceWindowBlocked = $False; MaintenanceWindowDurationInHours = 1; MaintenanceWindowStartTime = "00:00:00"; @@ -131,3 +130,77 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AzureOperationalInsightsBlockTelemetry = $False; # Updated Property + ConnectAppBlockAutoLaunch = $True; + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Present"; + MaintenanceWindowBlocked = $False; + MaintenanceWindowDurationInHours = 1; + MaintenanceWindowStartTime = "00:00:00"; + MiracastBlocked = $True; + MiracastChannel = "oneHundredFortyNine"; + MiracastRequirePin = $True; + SettingsBlockMyMeetingsAndFiles = $True; + SettingsBlockSessionResume = $True; + SettingsBlockSigninSuggestions = $True; + SupportsScopeTags = $True; + WelcomeScreenBlockAutomaticWakeUp = $True; + WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceConfigurationWiredNetworkPolicyWindows10.md b/docs/docs/resources/intune/IntuneDeviceConfigurationWiredNetworkPolicyWindows10.md index 7d9d35fdd3..e3e5eb56f1 100644 --- a/docs/docs/resources/intune/IntuneDeviceConfigurationWiredNetworkPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceConfigurationWiredNetworkPolicyWindows10.md @@ -124,7 +124,6 @@ Configuration Example EapType = 'teap' Enforce8021X = $True Ensure = 'Present' - Id = 'ff8049cd-a1f8-4417-b937-d455a02cce2a' MaximumAuthenticationFailures = 5 MaximumEAPOLStartMessages = 5 SecondaryAuthenticationMethod = 'certificate' @@ -136,3 +135,79 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + AuthenticationBlockPeriodInMinutes = 5 + AuthenticationMethod = 'usernameAndPassword' + AuthenticationPeriodInSeconds = 55 # Updated Property + AuthenticationRetryDelayPeriodInSeconds = 5 + AuthenticationType = 'machine' + CacheCredentials = $True + Credential = $Credscredential + DisplayName = 'Wired Network' + EapolStartPeriodInSeconds = 5 + EapType = 'teap' + Enforce8021X = $True + Ensure = 'Present' + MaximumAuthenticationFailures = 5 + MaximumEAPOLStartMessages = 5 + SecondaryAuthenticationMethod = 'certificate' + TrustedServerCertificateNames = @('srv.domain.com') + RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') + SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Credential = $Credscredential + DisplayName = 'Wired Network' + Ensure = 'Present' + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceEnrollmentLimitRestriction.md b/docs/docs/resources/intune/IntuneDeviceEnrollmentLimitRestriction.md index b64ca34f14..e774c655c6 100644 --- a/docs/docs/resources/intune/IntuneDeviceEnrollmentLimitRestriction.md +++ b/docs/docs/resources/intune/IntuneDeviceEnrollmentLimitRestriction.md @@ -76,3 +76,57 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Device Enrollment Limit Restriction. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' + { + DisplayName = 'My DSC Limit' + Description = 'My Restriction' + Limit = 11 # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Enrollment Limit Restriction. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' + { + DisplayName = 'My DSC Limit' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md b/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md index 9c2ffae75d..603b856830 100644 --- a/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md +++ b/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md @@ -120,7 +120,6 @@ Configuration Example DeviceEnrollmentConfigurationType = "platformRestrictions"; DisplayName = "All users and all devices"; Ensure = "Present"; - Identity = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultPlatformRestrictions"; IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ platformBlocked = $False personalDeviceEnrollmentBlocked = $False @@ -150,3 +149,94 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Device Enrollment Platform Restriction. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }); + Credential = $Credscredential + Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; + DeviceEnrollmentConfigurationType = "platformRestrictions"; + DisplayName = "All users and all devices"; + Ensure = "Present"; + IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True # Updated Property + personalDeviceEnrollmentBlocked = $False + }; + MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True + personalDeviceEnrollmentBlocked = $False + }; + WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + } + } +} +``` + +### Example 3 + +This example creates a new Device Enrollment Platform Restriction. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + Credential = $Credscredential + DisplayName = "All users and all devices"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md b/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md index 40ab3957e5..bd27183f40 100644 --- a/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md +++ b/docs/docs/resources/intune/IntuneDeviceEnrollmentStatusPageWindows10.md @@ -109,7 +109,6 @@ Configuration Example DisableUserStatusTrackingAfterFirstUser = $True; DisplayName = "All users and all devices"; Ensure = "Present"; - Id = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultWindows10EnrollmentCompletionPageConfiguration"; InstallProgressTimeoutInMinutes = 60; InstallQualityUpdates = $False; Priority = 0; @@ -122,3 +121,75 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Device Enrollment Status Page. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AllowDeviceResetOnInstallFailure = $True; + AllowDeviceUseOnInstallFailure = $False; # Updated Property + AllowLogCollectionOnInstallFailure = $True; + AllowNonBlockingAppInstallation = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + BlockDeviceSetupRetryByUser = $False; + CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; + Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; + DisableUserStatusTrackingAfterFirstUser = $True; + DisplayName = "All users and all devices"; + Ensure = "Present"; + InstallProgressTimeoutInMinutes = 60; + InstallQualityUpdates = $False; + Priority = 0; + SelectedMobileAppIds = @(); + ShowInstallationProgress = $True; + TrackInstallProgressForAutopilotOnly = $True; + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Device Enrollment Status Page. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + DisplayName = "All users and all devices"; + Ensure = "Absent"; + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneEndpointDetectionAndResponsePolicyWindows10.md b/docs/docs/resources/intune/IntuneEndpointDetectionAndResponsePolicyWindows10.md index 8464c14696..d97c2b7887 100644 --- a/docs/docs/resources/intune/IntuneEndpointDetectionAndResponsePolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneEndpointDetectionAndResponsePolicyWindows10.md @@ -84,7 +84,6 @@ Configuration Example { IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' { - Identity = 'f6d1d1bc-d78f-4a5a-8f1b-0d95a60b0bc1' DisplayName = 'Edr Policy' Assignments = @() Description = 'My revised description' @@ -95,3 +94,59 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Assignments = @() + Description = 'My updated description' # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md index 54b59e32ea..4db7e04efb 100644 --- a/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneExploitProtectionPolicyWindows10SettingCatalog.md @@ -88,7 +88,6 @@ Configuration Example { IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' { - Identity = '130539f6-2be7-4dbc-a58e-ed638cadb186' DisplayName = 'exploit Protection policy with assignments' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -250,3 +249,210 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + }) + Description = '' + disallowexploitprotectionoverride = '1' + exploitprotectionsettings = " + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +" # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntunePolicySets.md b/docs/docs/resources/intune/IntunePolicySets.md index 7dffe62908..1bb95e99c6 100644 --- a/docs/docs/resources/intune/IntunePolicySets.md +++ b/docs/docs/resources/intune/IntunePolicySets.md @@ -5,10 +5,10 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Description** | Write | String | Description of the PolicySet. | | -| **DisplayName** | Required | String | DisplayName of the PolicySet. | | +| **DisplayName** | Key | String | DisplayName of the PolicySet. | | | **GuidedDeploymentTags** | Write | StringArray[] | Tags of the guided deployment | | | **RoleScopeTags** | Write | StringArray[] | RoleScopeTags of the PolicySet | | -| **Id** | Key | String | The unique identifier for an entity. Read-only. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Items** | Write | MSFT_DeviceManagementConfigurationPolicyItems[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | @@ -112,7 +112,6 @@ Configuration Example DisplayName = "Example"; Ensure = "Present"; GuidedDeploymentTags = @(); - Id = "12345678-5678-5678-5678-1234567890ab"; Items = @( MSFT_DeviceManagementConfigurationPolicyItems{ guidedDeploymentTags = @() @@ -130,3 +129,83 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + Node localhost + { + IntunePolicySets "Example" + { + Credential = $Credscredential; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '12345678-1234-1234-1234-1234567890ab' + } + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '12345678-4321-4321-4321-1234567890ab' + } + ); + Description = "Example"; + DisplayName = "Example"; + Ensure = "Present"; + GuidedDeploymentTags = @(); + Items = @( + MSFT_DeviceManagementConfigurationPolicyItems{ + guidedDeploymentTags = @() + payloadId = 'T_12345678-90ab-90ab-90ab-1234567890ab' + displayName = 'Example-Policy' + dataType = '#microsoft.graph.managedAppProtectionPolicySetItem' + itemType = '#microsoft.graph.androidManagedAppProtection' + } + ); + RoleScopeTags = @("0","1","2"); # Updated Property + } + + } + +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + Node localhost + { + IntunePolicySets "Example" + { + Credential = $Credscredential; + DisplayName = "Example"; + Ensure = "Absent"; + } + + } + +} +``` + diff --git a/docs/docs/resources/intune/IntuneRoleAssignment.md b/docs/docs/resources/intune/IntuneRoleAssignment.md index f4d29b680b..be28b24934 100644 --- a/docs/docs/resources/intune/IntuneRoleAssignment.md +++ b/docs/docs/resources/intune/IntuneRoleAssignment.md @@ -73,7 +73,6 @@ Configuration Example { IntuneRoleAssignment 'IntuneRoleAssignment' { - Id = '20556aad-3d16-465a-890c-cf915ae1cd60' DisplayName = 'test2' Description = 'test2' Members = @('') @@ -90,3 +89,63 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Intune Role Assigment. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Description = 'test Updated' # Updated Property + Members = @('') + MembersDisplayNames = @('SecGroup2') + ResourceScopes = @('6eb76881-f56f-470f-be0d-672145d3dcb1') + ResourceScopesDisplayNames = @('') + ScopeType = 'resourceScope' + RoleDefinition = '2d00d0fd-45e9-4166-904f-b76ac5eed2c7' + RoleDefinitionDisplayName = 'This is my role' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Intune Role Assigment. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneRoleDefinition.md b/docs/docs/resources/intune/IntuneRoleDefinition.md index 4075158af5..287f52d960 100644 --- a/docs/docs/resources/intune/IntuneRoleDefinition.md +++ b/docs/docs/resources/intune/IntuneRoleDefinition.md @@ -70,7 +70,6 @@ Configuration Example { IntuneRoleDefinition 'IntuneRoleDefinition' { - Id = 'f84bc63b-a377-4d90-8f4a-1de84d36a429' DisplayName = 'This is my role' allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') Description = 'My role defined by me.' @@ -84,3 +83,60 @@ Configuration Example } ``` +### Example 2 + +This example creates a new Intune Role Definition. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') + Description = 'My role defined by me.' + IsBuiltIn = $True # Updated Property + notallowedResourceActions = @() + roleScopeTagIds = @('0', '1') + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example creates a new Intune Role Definition. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md b/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md index e837b06272..9ad4b6acd0 100644 --- a/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneSettingCatalogASRRulesPolicyWindows10.md @@ -4,8 +4,8 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **Identity** | Key | String | Identity of the endpoint protection attack surface protection rules policy for Windows 10. | | -| **DisplayName** | Required | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | +| **Identity** | Write | String | Identity of the endpoint protection attack surface protection rules policy for Windows 10. | | +| **DisplayName** | Key | String | Display name of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Description** | Write | String | Description of the endpoint protection attack surface protection rules policy for Windows 10. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the endpoint protection. | | | **AttackSurfaceReductionOnlyExclusions** | Write | StringArray[] | Exclude files and paths from attack surface reduction rules | | @@ -104,7 +104,6 @@ Configuration Example { IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' { - Identity = '80d22119-b8cf-466d-bfc5-c2dca1d90f43' DisplayName = 'asr 2' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -122,3 +121,66 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + }) + attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') + blockabuseofexploitedvulnerablesigneddrivers = 'audit' # Updated Property + blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' + Description = 'Post' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneSettingCatalogCustomPolicyWindows10.md b/docs/docs/resources/intune/IntuneSettingCatalogCustomPolicyWindows10.md index 522d15cfda..55bf75ddc0 100644 --- a/docs/docs/resources/intune/IntuneSettingCatalogCustomPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneSettingCatalogCustomPolicyWindows10.md @@ -182,7 +182,6 @@ Configuration Example ); Description = ""; Ensure = "Present"; - Id = "4e300eed-1d37-493e-a680-12988874587g"; Name = "Setting Catalog Raw - DSC"; Platforms = "windows10"; Settings = @( @@ -248,3 +247,123 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Description = "Updated Description"; # Updated Property + Ensure = "Present"; + Name = "Setting Catalog Raw - DSC"; + Platforms = "windows10"; + Settings = @( + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration' + simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{ + odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + StringValue = '' + } + odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + ); + Technologies = "mdm"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Ensure = "Absent"; + Name = "Setting Catalog Raw - DSC"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md index c9c92ee597..0ae7fdbcb5 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidDeviceAdministrator.md @@ -86,7 +86,6 @@ Configuration Example { IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' { - Id = '41869a42-3217-4bfa-9929-92668fc674c5' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { deviceAndAppManagementAssignmentFilterType = 'none' @@ -106,3 +105,68 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $True + DisplayName = 'Wifi Configuration Androind Device' + NetworkName = 'b71f8c63-8140-4c7e-b818-f9b4aa98b79b' + Ssid = 'sf' + WiFiSecurityType = 'wpaEnterprise' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + DisplayName = 'Wifi Configuration Androind Device' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md index 43aa9ad5ef..c0fcb82741 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.md @@ -94,7 +94,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' { - Id = '7d9c4870-e07f-488a-be17-9e1beec45ac3' DisplayName = 'Wifi - androidForWork' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments @@ -116,3 +115,72 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'myNetwork' + PreSharedKeyIsSet = $True + ProxySettings = 'none' + Ssid = 'MySSID - 3' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md index 3cd0165671..9f4cd186a8 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.md @@ -87,7 +87,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' { - Id = 'b6c59816-7f9b-4f7a-a2a2-13a29c8bc315' DisplayName = 'wifi - android BYOD' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments @@ -108,3 +107,71 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'f8b79489-84fc-4434-b964-2a18dfe08f88' + Ssid = 'MySSID' + WiFiSecurityType = 'open' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md index 184820d1c0..1de3d5aacc 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidForWork.md @@ -86,7 +86,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidForWork 'Example' { - Id = '41b6b491-9938-42d1-861a-c41762040ddb' DisplayName = 'AndroindForWork' Description = 'DSC' Assignments = @( @@ -110,3 +109,72 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Description = 'DSC' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + deviceAndAppManagementAssignmentFilterType = 'include' + deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' + groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' + collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' + } + ) + ConnectAutomatically = $true # Updated Property + ConnectWhenNetworkNameIsHidden = $true + NetworkName = 'CorpNet' + Ssid = 'WiFi' + WiFiSecurityType = 'wpa2Enterprise' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md index f4b935f437..fdf3912287 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyAndroidOpenSourceProject.md @@ -88,7 +88,6 @@ Configuration Example { IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' { - Id = 'fe0a93dc-e9cc-4d4b-8dd6-361c51c70f77' DisplayName = 'wifi aosp' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -109,3 +108,69 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' + { + DisplayName = 'wifi aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $True + NetworkName = 'Updated Network' # Updated Property + PreSharedKeyIsSet = $True + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' + { + DisplayName = 'wifi aosp' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md index 47f09235f3..b31a8c9219 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyIOS.md @@ -92,7 +92,6 @@ Configuration Example { IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' { - Id = '8e809b9e-0032-40b7-b263-e6029daf8e9c' DisplayName = 'ios wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -115,3 +114,71 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $True + DisableMacAddressRandomization = $True + NetworkName = 'Updated Network' # Updated Property + ProxyAutomaticConfigurationUrl = 'THSCP.local' + ProxySettings = 'automatic' + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md index 63d5bba30b..e69a292746 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyMacOS.md @@ -91,7 +91,6 @@ Configuration Example { IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' { - Id = 'cad22363-785b-4820-9909-28d5f35048c2' DisplayName = 'macos wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -113,3 +112,70 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $False # Updated Property + NetworkName = 'ea1cf5d7-8d3e-40ca-9cb8-b8c8a4c6170b' + ProxyAutomaticConfigurationUrl = 'AZ500PrivateEndpoint22' + ProxySettings = 'automatic' + Ssid = 'aaaaaaaaaaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md index 5a0c7a0fc6..43ce598c1b 100644 --- a/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneWifiConfigurationPolicyWindows10.md @@ -94,7 +94,6 @@ Configuration Example { IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' { - Id = '2273c683-7590-4c56-81d3-14adb6b3d19c' DisplayName = 'win10 wifi - revised' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -119,3 +118,73 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectToPreferredNetwork = $False # Updated Property + ConnectWhenNetworkNameIsHidden = $True + ForceFIPSCompliance = $True + MeteredConnectionLimit = 'fixed' + NetworkName = 'MyWifi' + ProxyAutomaticConfigurationUrl = 'https://proxy.contoso.com' + ProxySetting = 'automatic' + Ssid = 'ssid' + WifiSecurityType = 'wpa2Personal' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md index bd2e323c60..2a841e897a 100644 --- a/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md +++ b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined.md @@ -127,7 +127,6 @@ Configuration Example Ensure = "Present"; ExtractHardwareHash = $False; HybridAzureADJoinSkipConnectivityCheck = $True; - Id = "36b4d209-c9af-487f-8cf2-8397cefbc29a"; Language = "os-default"; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ HideEULA = $True @@ -142,3 +141,73 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Assignments = @(); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = ""; + DeviceType = "windowsPc"; + DisplayName = "hybrid"; + EnableWhiteGlove = $False; # Updated Property + Ensure = "Present"; + ExtractHardwareHash = $False; + HybridAzureADJoinSkipConnectivityCheck = $True; + Language = "os-default"; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $False + UserType = 'standard' + }; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Credential = $Credscredential; + DisplayName = "hybrid"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md index 24d9d96408..f2002cebf2 100644 --- a/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md +++ b/docs/docs/resources/intune/IntuneWindowsAutopilotDeploymentProfileAzureADJoined.md @@ -130,7 +130,6 @@ Configuration Example EnableWhiteGlove = $True; Ensure = "Present"; ExtractHardwareHash = $True; - Id = "30914319-d49b-46da-b054-625d933c5769"; Language = ""; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ HideEULA = $False @@ -145,3 +144,77 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = "test"; + DeviceType = "windowsPc"; + DisplayName = "AAD"; + EnableWhiteGlove = $False; # Updated Property + Ensure = "Present"; + ExtractHardwareHash = $True; + Language = ""; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ + HideEULA = $False + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + }; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Credential = $Credscredential; + DisplayName = "AAD"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md index ed8757425b..0468a9ec8f 100644 --- a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md +++ b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md @@ -162,7 +162,6 @@ Configuration Example { IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' { - Id = 'M_5c927889-a683-4588-afdb-4c90aa5e7e93' DisplayName = 'WIP' AzureRightsManagementServicesAllowed = $False Description = 'DSC' @@ -203,3 +202,89 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + AzureRightsManagementServicesAllowed = $False + Description = 'DSC' + EnforcementLevel = 'encryptAndAuditOnly' + EnterpriseDomain = 'domain.com' # Updated Property + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection { + DisplayName = 'ipv4 range' + Ranges = @( + MSFT_MicrosoftGraphIpRange { + UpperAddress = '1.1.1.3' + LowerAddress = '1.1.1.1' + odataType = '#microsoft.graph.iPv4Range' + } + ) + } + ) + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + IconsVisible = $False + IndexingEncryptedStoresOrItemsBlocked = $False + ProtectedApps = @( + MSFT_MicrosoftGraphwindowsInformationProtectionApp { + Description = 'Microsoft.MicrosoftEdge' + odataType = '#microsoft.graph.windowsInformationProtectionStoreApp' + Denied = $False + PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' + ProductName = 'Microsoft.MicrosoftEdge' + DisplayName = 'Microsoft Edge' + } + ) + ProtectionUnderLockConfigRequired = $False + RevokeOnUnenrollDisabled = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md index a97dcea484..30635f0874 100644 --- a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10.md @@ -93,7 +93,6 @@ Configuration Example { IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' { - Id = 'b5d1020d-f641-42a0-a882-82f3358bf4c5' DisplayName = 'WUfB Feature -dsc' Assignments = @() Description = 'test 2' @@ -108,3 +107,63 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Feature -dsc' + Assignments = @() + Description = 'test 2' + FeatureUpdateVersion = 'Windows 10, version 22H2' + RolloutSettings = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings { + OfferStartDateTimeInUTC = '2023-02-05T16:00:00.0000000+00:00' # Updated Property + } + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Feature -dsc' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md index dc676220e2..ee9a314d4e 100644 --- a/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md +++ b/docs/docs/resources/intune/IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10.md @@ -127,7 +127,6 @@ Configuration Example { IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' { - Id = 'f2a9a546-6087-45b9-81da-59994e79dfd2' DisplayName = 'WUfB Ring' AllowWindows11Upgrade = $False Assignments = @( @@ -174,3 +173,95 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + AllowWindows11Upgrade = $True # Updated Property + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + AutomaticUpdateMode = 'autoInstallAtMaintenanceTime' + AutoRestartNotificationDismissal = 'notConfigured' + BusinessReadyUpdatesOnly = 'userDefined' + DeadlineForFeatureUpdatesInDays = 1 + DeadlineForQualityUpdatesInDays = 2 + DeadlineGracePeriodInDays = 3 + DeliveryOptimizationMode = 'userDefined' + Description = '' + DriversExcluded = $False + FeatureUpdatesDeferralPeriodInDays = 0 + FeatureUpdatesPaused = $False + FeatureUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackWindowInDays = 10 + InstallationSchedule = MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType { + ActiveHoursStart = '08:00:00' + ActiveHoursEnd = '17:00:00' + odataType = '#microsoft.graph.windowsUpdateActiveHoursInstall' + } + MicrosoftUpdateServiceAllowed = $True + PostponeRebootUntilAfterDeadline = $False + PrereleaseFeatures = 'userDefined' + QualityUpdatesDeferralPeriodInDays = 0 + QualityUpdatesPaused = $False + QualityUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + QualityUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + SkipChecksBeforeRestart = $False + UpdateNotificationLevel = 'defaultNotifications' + UserPauseAccess = 'enabled' + UserWindowsUpdateScanAccess = 'enabled' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + From e1ade15fc1ada6ac0dd9645951bed90cc1703dc2 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 15 Dec 2023 00:45:31 +0000 Subject: [PATCH 10/58] Updated Intune Integration Tests --- .../M365DSCIntegration.INTUNE.Tests.ps1 | 3260 ++++++++++++++++- 1 file changed, 3075 insertions(+), 185 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 index d2629a8b75..865d4a59be 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 @@ -20,7 +20,6 @@ { IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' { - Identity = "cb0a561b-7677-46fb-a7f8-635cf64660e9"; DisplayName = "Account Protection LAPS Policy"; Description = "My revised description"; Ensure = "Present"; @@ -36,9 +35,32 @@ AdministratorAccountName = "Administrator"; PasswordAgeDays = 20; } + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @( + MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackupDirectory = "1"; + PasswordAgeDays_AAD = 15; # Updated Property + AdministratorAccountName = "Administrator"; + PasswordAgeDays = 20; + } + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Absent"; + Credential = $Credscredential + } IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' { - Identity = "cb0a561b-7677-46fb-a7f8-635cf64660e9"; DisplayName = "Account Protection LUGM Policy"; Description = "My revised description"; Ensure = "Present"; @@ -58,9 +80,31 @@ } ); } + IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @(); # Updated Property + LocalUserGroupCollection = @( + MSFT_IntuneAccountProtectionLocalUserGroupCollection{ + LocalGroups = @('administrators', 'users') + Members = @('S-1-12-1-1167842105-1150511762-402702254-1917434032') + Action = 'add_update' + UserSelectionType = 'users' + } + ); + } + IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Absent"; + Credential = $Credscredential + } IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' { - Identity = '355e88e2-dd1f-4956-bafe-9000d8267ad5' DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" WindowsHelloForBusinessBlocked = $true @@ -69,9 +113,24 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" + WindowsHelloForBusinessBlocked = $true + PinMinimumLength = 10 # Updated Property + PinSpecialCharactersUsage = 'required' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' { - Identity = 'd64d4ab7-d0ac-4157-8823-a9db57b47cf1' DisplayName = 'av exclusions' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -86,19 +145,74 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }) + Description = '' + excludedextensions = @('.exe') + excludedpaths = @('c:\folders\', 'c:\folders2\') + excludedprocesses = @('processes.exe', 'process3.exe') # Updated Property + templateId = '45fea5e9-280d-4da1-9792-fb5736da0ca9_1' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneAppConfigurationPolicy 'AddAppConfigPolicy' { - DisplayName = 'ContosoNew' - Description = 'New Contoso Policy' + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'Test' + value = 'TestValue' + }); + Ensure = 'Present' + } + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' + { + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { # Updated Property + name = 'Test2' + value = 'TestValue2' + }); Ensure = 'Present' - Credential = $Credscredential } - IntuneAppConfigurationPolicy 'RemoveAppConfigPolicy' + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' { - DisplayName = 'ContosoOld' - Description = 'Old Contoso Policy' + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; Ensure = 'Absent' - Credential = $Credscredential } IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' { @@ -110,6 +224,23 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + AppLockerApplicationControl = 'enforceComponentsAndStoreApps' + SmartScreenBlockOverrideForFiles = $False # Updated Property + SmartScreenEnableInShell = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' { DisplayName = 'My DSC Android App Protection Policy' @@ -118,13 +249,11 @@ AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' AllowedOutboundDataTransferDestinations = 'managedApps' Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') ContactSyncBlocked = $false DataBackupBlocked = $false Description = '' DeviceComplianceRequired = $True DisableAppPinIfDevicePinIsSet = $True - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') FingerprintBlocked = $False ManagedBrowserToOpenLinksRequired = $True MaximumPinRetries = 5 @@ -137,9 +266,39 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $true # Updated Property + DataBackupBlocked = $false + Description = '' + DeviceComplianceRequired = $True + DisableAppPinIfDevicePinIsSet = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $false + PinRequired = $True + PrintBlocked = $True + SaveAsBlocked = $True + SimplePinBlocked = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' { - Identity = '1352a41f-bd32-4ee3-b227-2f11b17b8614' DisplayName = 'My DSC iOS App Protection Policy' AllowedDataStorageLocations = @('sharePoint') AllowedInboundDataTransferSources = 'managedApps' @@ -147,12 +306,10 @@ AllowedOutboundDataTransferDestinations = 'managedApps' AppDataEncryptionType = 'whenDeviceLocked' Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - Assignments = @('6ee86c9f-2b3c-471d-ad38-ff4673ed723e') ContactSyncBlocked = $False DataBackupBlocked = $False Description = '' DeviceComplianceRequired = $True - ExcludedGroups = @('3eacc231-d77b-4efb-bb5f-310f68bd6198') FingerprintBlocked = $False ManagedBrowserToOpenLinksRequired = $True MaximumPinRetries = 5 @@ -169,9 +326,43 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 7 # Updated Property + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodOfflineBeforeAccessCheck = 'PT12H' + PeriodOfflineBeforeWipeIsEnforced = 'P90D' + PeriodOnlineBeforeAccessCheck = 'PT30M' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' { - Identity = '1902b7f6-ac2c-4c00-bc17-8ada967cc6a8' DisplayName = 'test' AdditionalGuardedFolders = @() AdobeReaderLaunchChildProcess = 'auditMode' @@ -197,15 +388,61 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + AdditionalGuardedFolders = @() + AdobeReaderLaunchChildProcess = 'auditMode' + AdvancedRansomewareProtectionType = 'enable' + Assignments = @() + AttackSurfaceReductionExcludedPaths = @('c:\Novo') + BlockPersistenceThroughWmiType = 'auditMode' + Description = '' + EmailContentExecutionType = 'auditMode' + GuardedFoldersAllowedAppPaths = @() + GuardMyFoldersType = 'enable' + OfficeAppsExecutableContentCreationOrLaunchType = 'block' + OfficeAppsLaunchChildProcessType = 'auditMode' + OfficeAppsOtherProcessInjectionType = 'block' + OfficeCommunicationAppsLaunchChildProcess = 'auditMode' + OfficeMacroCodeAllowWin32ImportsType = 'block' + PreventCredentialStealingType = 'enable' + ProcessCreationType = 'userDefined' # Updated Property + ScriptDownloadedPayloadExecutionType = 'block' + ScriptObfuscatedMacroCodeType = 'block' + UntrustedExecutableType = 'block' + UntrustedUSBProcessType = 'block' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' { - Identity = 'f6d1d1bc-d78f-4a5a-8f1b-0d95a60b0bc1' DisplayName = 'asr ConfigMgr' - Assignments = @() + blockadobereaderfromcreatingchildprocesses = "block"; + Description = 'My revised description' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + blockadobereaderfromcreatingchildprocesses = "audit"; # Updated Property Description = 'My revised description' Ensure = 'Present' Credential = $Credscredential } + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' { DisplayName = 'Test Device Filter' @@ -215,6 +452,21 @@ Ensure = 'Present' Credential = $intuneAdmin } + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Description = 'This is a new Filter' + Platform = 'windows10AndLater' + Rule = "(device.manufacturer -ne `"Apple`")" # Updated Property + Ensure = 'Present' + Credential = $intuneAdmin + } + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Ensure = 'Absent' + Credential = $intuneAdmin + } IntuneDeviceCategory 'ConfigureDeviceCategory' { DisplayName = 'Contoso' @@ -222,11 +474,24 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceCategory 'ConfigureDeviceCategory' + { + DisplayName = 'Contoso' + Description = 'Contoso Category - Updated' # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCategory 'ConfigureDeviceCategory' + { + DisplayName = 'Contoso' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceCleanupRule 'Example' { Enabled = $true IsSingleInstance = 'Yes' - DeviceInactivityBeforeRetirementInDays = 30 + DeviceInactivityBeforeRetirementInDays = 25 # Updated Property Ensure = 'Present' Credential = $Credscredential } @@ -256,22 +521,48 @@ Ensure = 'Present' Credential = $Credscredential } - IntuneDeviceCompliancePolicyAndroid 'RemoveDeviceCompliancePolicyAndroid' - { - DisplayName = 'Test Android Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' { - DisplayName = 'DeviceOwner' + DisplayName = 'Test Policy' Description = '' DeviceThreatProtectionEnabled = $False DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - OsMinimumVersion = '10' + osMinimumVersion = '7' + PasswordExpirationDays = 90 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 10 + PasswordRequired = $True + PasswordRequiredType = 'deviceDefault' + SecurityBlockJailbrokenDevices = $False + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' + { + DisplayName = 'Test Policy' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + { + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' OsMaximumVersion = '11' PasswordRequired = $True PasswordMinimumLength = 6 @@ -283,11 +574,47 @@ Ensure = 'Present' Credential = $Credscredential } - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'RemoveAndroidDeviceCompliancePolicyOwner' + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' { - DisplayName = 'DeviceOwnerPolicy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 8 # Updated Property + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + { + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 8 # Updated Property + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential } IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' { @@ -313,11 +640,35 @@ Ensure = 'Present' Credential = $Credscredential } - IntuneDeviceCompliancePolicyAndroidWorkProfile 'RemoveDeviceCompliancePolicyAndroidWorkProfile' + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' { - DisplayName = 'Test Android Work Profile Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + PasswordExpirationDays = 90 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordRequired = $True + PasswordRequiredType = 'numericComplex' + SecurityBlockJailbrokenDevices = $True + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' + { + DisplayName = 'Test Policy' + Ensure = 'Absent' + Credential = $Credscredential } IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' { @@ -341,11 +692,34 @@ Credential = $Credscredential } - IntuneDeviceCompliancePolicyiOs 'RemoveDeviceCompliancePolicyiOS' + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' { - DisplayName = 'Demo iOS Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Test iOS Device Compliance Policy' + Description = 'Test iOS Device Compliance Policy Description' + PasscodeBlockSimple = $True + PasscodeExpirationDays = 365 + PasscodeMinimumLength = 8 # Updated Property + PasscodeMinutesOfInactivityBeforeLock = 5 + PasscodePreviousPasscodeBlockCount = 3 + PasscodeMinimumCharacterSetCount = 2 + PasscodeRequiredType = 'numeric' + PasscodeRequired = $True + OsMinimumVersion = 10 + OsMaximumVersion = 12 + SecurityBlockJailbrokenDevices = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'medium' + ManagedEmailProfileRequired = $True + Ensure = 'Present' + Credential = $Credscredential + + } + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' + { + DisplayName = 'Test iOS Device Compliance Policy' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' { @@ -371,11 +745,35 @@ Ensure = 'Present' Credential = $Credscredential } - IntuneDeviceCompliancePolicyMacOS 'RemoveDeviceCompliancePolicyMacOS' + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' { - DisplayName = 'Demo MacOS Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'MacOS DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordExpirationDays = 365 + PasswordMinimumLength = 8 # Updated Property + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'DeviceDefault' + OsMinimumVersion = 10 + OsMaximumVersion = 13 + SystemIntegrityProtectionEnabled = $False + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'Unavailable' + StorageRequireEncryption = $False + FirewallEnabled = $False + FirewallBlockAllIncoming = $False + FirewallEnableStealthMode = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' + { + DisplayName = 'MacOS DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential } IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' { @@ -416,11 +814,50 @@ Ensure = 'Present' Credential = $Credscredential } - IntuneDeviceCompliancePolicyWindows10 'RemoveDeviceCompliancePolicyWindows10' + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' { - DisplayName = 'Demo Windows 10 Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential + DisplayName = 'Windows 10 DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordRequiredToUnlockFromIdle = $True + PasswordMinutesOfInactivityBeforeLock = 15 + PasswordExpirationDays = 365 + PasswordMinimumLength = 8 # Updated Property + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'Devicedefault' + RequireHealthyDeviceReport = $True + OsMinimumVersion = 10 + OsMaximumVersion = 10.19 + MobileOsMinimumVersion = 10 + MobileOsMaximumVersion = 10.19 + EarlyLaunchAntiMalwareDriverEnabled = $False + BitLockerEnabled = $False + SecureBootEnabled = $True + CodeIntegrityEnabled = $True + StorageRequireEncryption = $True + ActiveFirewallRequired = $True + DefenderEnabled = $True + DefenderVersion = '' + SignatureOutOfDate = $True + RtpEnabled = $True + AntivirusRequired = $True + AntiSpywareRequired = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'Medium' + ConfigurationManagerComplianceRequired = $False + TPMRequired = $False + deviceCompliancePolicyScript = $null + ValidOperatingSystemBuildRanges = @() + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' + { + DisplayName = 'Windows 10 DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential } IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' { @@ -545,48 +982,216 @@ Description = '' DisplayName = 'admin template' Ensure = 'Present' - Id = '2e72acda-30a8-4955-a4ca-c5e28527c81c' PolicyConfigurationIngestionType = 'unknown' } - IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "custom"; - Ensure = "Present"; - Id = "e072d616-12bc-4ea3-9171-ab080e4c120d"; - OmaSettings = @( - MSFT_MicrosoftGraphomaSetting{ - Description = 'custom' - OmaUri = '/oma/custom' - odataType = '#microsoft.graph.omaSettingString' - SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' - Value = '****' - IsEncrypted = $True - DisplayName = 'oma' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' } - MSFT_MicrosoftGraphomaSetting{ - Description = 'custom 2' - OmaUri = '/oma/custom2' - odataType = '#microsoft.graph.omaSettingInteger' - Value = 2 - IsReadOnly = $False - IsEncrypted = $False - DisplayName = 'custom 2' + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False } - ); - SupportsScopeTags = $True; - } - IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' - { - AdvancedThreatProtectionAutoPopulateOnboardingBlob = $False; - AdvancedThreatProtectionOnboardingBlob = "MIId0wYJKoZIhvcNAQcDoIIdxDCCHcACAQIxggEwMIIBLAIBAoAUZuvH4bMiLMrmE7+vlIg3N42bKKgwDQYJKoZIhvcNAQEBBQAEggEAxqk1HWqA/PwA6Pq5Yxjp/PGI+XZQMqmwJ47ipnmoDJT/6juZVohVUmnadMbwG/lMPSsCayUR82ZutwziB7dgq5Bkw0XoastlaRQVlnJYcMa+rp1cPmfJxH3XfiWkvtyOfls2OvGot8ACtpOPpHAgHswUC8CQozwtbiGbv2d+GKOqbDyKuDUmguZ1IjgHXSK4QdT7CHyxsqvkF7th3BfzQDYP4RkHt7MdcguhlneSiM12yYWZPZWEq8DR8qgJmhxUt12QzWMNATcuVGbITMzhFSKzsQC+rYY+JHxF4KLtleDIsZagvAJryqYp8UCIKz4RjXfNdUobkqMBHl/FLlzvNTCCHIUGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYD8sl4f+5/KAghxgyl2DMt2B0VwAzMrCjltr8GLeCDx7yQemqhWCw5a2kPowKAtY7Iu60QKiR+F0AknYBwXesbGhYp5NU89ztByHizxh/q/puoBMuN1yHWWYKKu+hqxH40DXxiAi060JA06HoD6mSrLQCz1SXprnLNyiC8rHnVTaJ9alUJOT+FLYH09WOLYZMKKNsTEd8gIjQpXwUVY/zzOBpYS0L3SL28Kk858o5OzowQ9XX/JtyRStcLEZJhQ1u2UkhFCyioNQzS4gOW4/a4rw6vZsxFk+ZBHUEy1aYjmXXuYXPTazCZS1nhj7cpPGTqhxiqoSTMxbBHaKiM7HrQcezFD6oPrloti9PFSCahMLmb6OBpsh4vkMh8WzDE3JyPK8A43iTG+qw+ykfi1CUscTBoaLALmryI3csrmjWpgzwH1+UjpK/7vkjzCXNgazxP9/OysCjRsygSWDKVgcoeZtLPzHwvED9sMns4Sw/vfREOqt9n072ZTt8FjrjEsa2yZCfubeBSuiG1V/wUoDel01jKZ+ZtvpP7EwPuGOQT2Zdl6d/J8fw3PrbahWWyUStmihDq5plQg6moZ31Mtn0QiWkRdbYuoY3s6cBhlBeRUy9oX9mWe165MI1LbwZZRkqf+PtAbFgVQDXDToRsqAmqIFzdWI39HH3xnUdv8z8to8fiprhm6exurrrWkQw8Ss6zloBlzte3QqJbagGS/QXObxDMvXCCSXnckrzfFUtYd+wHZ4T8Mswm40wdKqhQtED7GHP8olrk/VmmRi3I6Ezj1/iK6hc28fH7CJT2CadNOEusM9Xsnzw/AfIJAFWojc05niavd0UC3orL7jlUv9Kay+SDGsAyuE9EDS7Y4bhixkZWUoEuftlH/3W7Jq6kESzFoXrzfS4Ssj81riYXUlXwlAd9AG3hnndJU3Z4aND/cWVYEvJdDHNdRWO+MqxbNNodOYr3R/6ZUewGBBxOeIh2+KNKaouHRwnSVq227NbnzMLATAENwsey/Q4NxBM+8aivmhR/O7cfNuObb+4AFvyzZJoUsdbcGVubdc8qvzqJFeALbM8iMOqIwDPflPhsNuHEHZljg/d20v4D9ZeogzJp5qW2w86gXgBTi8OS8KR2nm0+5I1mIU8ChyMJUEQNlddcxNRlq6QzOsSE+gqwvDTcKXCvQx0Acu5gVJSp4USGca4SPUsPKa+Uhef1e8gMpzXa4c6xGEptp7wY/7yaEzATnLQ8qC3ozGzOBpatgi8amkEOleo4EtSqUBAxYPq+TNo9COd7/u9gnBEXHLVuul26gsFA7K37VXBO2Qty2yOruy+2e0f+WpctBc1bbGgsLC0X30QAgG6ZRRwGedteVeVr9zjq6sIOjhkftcegetkVQhTj0acTCIy8NBLd9I+t9oEecvQgCTJVOU4G6IIoWZYn8/entxn41V8ThLS8Z20ekgBcZf/4r+huiQZZDyk+gVIStokJehtUb9qfg60aogSOn9Cmha9EzY+NtllPBTbIyBnklC89/sJPFiLBbtDihjm96NCECkl0DNL3o0BFHdjceuscs/MBbVCiGiy74+bKbpigXG80rKFfsOSY6OIFgVuQuW8ETQFxBwXRR3h72BorojOghfHGNMAIadJRVEcyPI7Vnjk+ii0YZEw5AuzJtnpQ8gNbudQzy5PvNdMwEwOo2AT1IIjDvGXqHcEW8hCEZkD2GqcQNBrJ/vYBQloCzmzuakYQhGVQuqTUHnKWPfcPeKOm8mcG+vqGMlw6iPlFM3omfmMXHIgehxxPOnusaxvPTNgcVBEvCR+tn2Z3Xim1riDj2ILSIAKylS4Bndu4VJI4+zA0yjNm/udXhMoH21HiTF7mohpSBReLxjmMbBWpMelXj5jHKgI+Ik8IRxNzIvYQD9eG2zqkEixZfgyhiZUfkLC5+J/M7rYSrEonL+Yx4OEm/9TfpEzVTW7DBM8d/pZy7rIJ4+Tx7YpJXMPnPZfsK7DZycujUlkIKxe10vG29BS/hi5ioyPBRz1qx+ez9QpoajWJ0mOSyAwBk47kD8y3KvKwn+woyk3/Tvj7QUW+Apw7b1L2dfR7T7MWF9u0bBD97fGAMA7kyghIV3W2eBRCG495ut5OjQBzOhtWSOvWGQefDdBtbzd1cLg0vrEk0jTedk90lNyr/ODcN7Ejr4fFlp2WIjS6yl3+iepRafpmW4iIxz4JfGHlGrOKkY1LMd1NtctU3W23iYu6fQJxws+Q67LeGJR1i1ai/indtu+xtjto0avT1UtOl3mS5Odl4W+nuqKnAf8Rhch+0ozcywpaOJiPNpls1RYlEJIXmGh1ANYzrrz5MbhyKjIRiAaZQ7sl9Pk5ijuL+4vDK+qUeWmBHU6Jd5xYbRMtmpFQs2mb7EZDDG9pWP5k30IPfMy3Ma2Bt6B3Nq/nI8JirjMGp0WF0wiuK8G1Z5u2K4QemzIyRPGzIqWg+RwjTykmZwwT/Njn7UL6tk1OSB9cSIiJ8mws5z2hf5rqmi6WbgBQ1V0s52w9elfgTeurUBMsXOWT+XTTEI/nvSa4BEMlALQnef0k+Ap32vgnzN7ZVcIY4ZI2pKhCFVLV3nUhuSZQKZwtA+N7IObxDLCnZD1OIaLcacQl8pXN4O0WeJ9/KhdAidPNoM3N/Ak/toEW5eD6tmEqHleUPnHT1MzeyM8SgSJmGql5flGYTzx22RTUe23JcbaY2wmY6tiDvYxfw5XYJUdUyhUOSik6Ttqz1y8E8nnlFtq+4PwJPdbWrMV0oWcjgVAiaq9ALX5GwPGoLo5QxRHZ/tg5LEnIOtZJdmNfaeDO6GSjwhiiW63kvBMjPDZ+R2SQdm1UAyIYg9AD1GY1eOuZ3Qs5/KHUmcBBy48bIcGFaaK0kdlwWdlWtJUP+4UMv8vlxXt05o9NVIHZ+YD6KBOgE+NPMoI4Y+ht7hzSf6cSIxz8AfEZHWnC7Co2tFkBF6SkqQse0uLL9Wf+CWzMy+JLXqo9tBKxsnxXq07a5HF9+WNiuLGnQoz5PlKjzgwWOOJ1yGdQhlWc1cYYHEnXMkrFoc0tdCvCAYL5+dm9lhc5MXR3hqpOSByWfz14oaBx4fCqPZqSvE09DYNkJB2Abo+WIqmW8vnb1aFyqMWj0nK/lT0rpfaiXww7vMMuN6TYp1JAubZ9ijx+Yq1TObi409aRYRmJkH3quBD3HExAS0bRIavExQaM8zP+gqxxsEG71gtFUK0jI/6Q71OIfh9Tf3uSB/NLl/HyDegsRyxMCqqowC6mBa8TLM/gDp7yOyrQ7Cs2HnWWYrNfZd6n5F0OB9ProL0Tykg1cci1bcteO4gKadhRZtOYhLXJMcLcy/fUbBdooxGak2c9i7XBGUbD4vklR66yACKETi0Ou3RVrVxJvkRDuU2seU9PW3Y6leYHbgpZdzkoDshflbxkXvWnxRAV/moH8RxBusT7yx81fytRieumN12QJjdMNQRRvRbe9vhCR9uj7lSaXHcYCQvNX4jMbYgYW401NlFFAsSGdy3XkgXfCvKZQDcf2oaWoc3R5MjDdMod9R1/z3vlx22RRzahCDZdOfFysq2rkzJDGZW9WWnKJHKXEA8lGWA62WSxjeUUOt+Gnjjww1RD8yK0uQtcGlcN+OeH2WtZDiN3gTNBmAkyU7EgWvSKstSS+/fCwt39o1ldG7ZNoIsAqdESgXFPfToaEs2E+pmunn8iF5Vly4BSce+jBok8zES+wopGpQr3NB7ai/lCKQZ4yH9cb5Aj0jYv0Bp91KEHrZU09pcg5foLb/NMFNNb0h91UsHZpJlx4r2zj7hJ5GKXTGX1xfJ8Fettpht+2mgxSiSuG1CNKncIAHWIicMwcFMea+H7fSGZwqRu0Q+iRmc0rZBXIE7sGm4TnKSXU35HZBw9M5vpzCnUxT2wPAbDDAdGIwguD0vzS3AhHMJdcIQ+WNALfvxgSReI57Hk4BlP2SZRJAeSejCMkOe6x1CZWLPxMbGQORdtXadCEfCQ2r0COrppMPIhI0sLuBPRSqt5+l4LgCN+n52U5PzWD8L2r6gVxItI3uRuV8+TWI8noDKvSB3nZIM6XVwlcCPgsa8rwsf+wdrNLOEY2aqYg7h9ieEvAk3GttwqomDkZfZdEMNShlD2xX+Ub3tu0cUr7ntISzvR6y5MkKyaNWOW0wO8LeBxRHBQqUs63KFz7wrFu006X6CJgkcD902IzWam3DlI9+ivtz+eIG1ZKo+2NA2piyXuGhFEbSf+lEERVnNmBkYbCl0TWCglkd4ajsbaGwsFizeVGEPPdy5ePuvosxssLpk+qSPLdY1qJeCFTT9qww1D3/tjL6p1LDMtaGFaDQ2JvU+51AmNt0ca65rtaGHIGRCdNSLfaaKsXqgekd61qBIqlv2zArbN7fJtwH7BYH3FpoEUw2eWR7Xc7JqYVYE1P/ggF8x9mWDUuujCHp8awxJzAhPUu43hSOd0O30Lr79jWoBi/BIHzs+P5IZxnq/cTGdYVEWxMeQF6vmRnFjo3UtKSQNQR7Xwec0bpmByJx6v5YcL9xG/OwQ8D/Qcmof8INwNLePVckvM+jbkJ+iLvgpZL9xDU9qsYjYbKpp0VhuZqtAPzIdgzWv4mWVp0kI1F9q2DOAAZS7xcIeohBBXE1gEwzlr3r23WYNjcX+KXfQuY3zxb7dNtBLOOMqvbgYtKEoHT731GL0mINkDCTKaoxlLIoUyjycMNEKKhyzLHG1ELqtzR1Mi2bFy7Edj4VvjS+owFOg5sTrbtaf55w/RburfZzYpavIyl9q60+kcoLfKtwva5bGfJKbOhF3cMKDCDEmKxgLSIYH7swCM6Gv/D8p38Bkd7qs6Q4wp13hspmoq1d9SZtHU/DV0/KHKy9/ef18dXNa/I7unMGcETbc+GE/yGfTue/Sv9l8Beq2H2eMfrpkTVOMGxnIwRTf6FBNyhpQsaeN52qz9kqFcScziZlRyvq57kz22USWW3oLrC4LWHiu4QJzBMJeeZO3E7SrBdGMyOcXpXXBHEbJHqb2zOSefObjagX2Ld5pGWS3zIyaJPV73yS7FhaKwA50Syw+nbeG5ysEicbdUOKLZCPKTDi+jBjVpd7B/SokzxbnkojQdDF50453YUlTx2KuAMONaw7sf3lVzbGalZ1O6RcGp3s2BJsFDwEJErPh6zbFEM8VCttNFU2sT89P+wKMUX8Wt8qU+Q/wg0vwLReoTfqqmNbmD/4FRLbgpfP6NJ7IbUisR8a7PCKMWIz7sX7iTk1OQsUptgkNSWGPe2bKQ/ln593n6q7CD5oKgN+d1099lJokSEa4hvlFkHRI248ITqMxaXjuRD8pyTpx+k7TzXSjzb3oAsDfBsI7IJEEp5O2Rrg0bE/vBLPWVXubSfSYd/RqKoos8Ril46Q43L05uJfiixkEvJiZo21+qQsK+/MUnOUl2lmB7uscPSZWUGQbs+BecxEhYXpjgaCPfVClyJHwBAwk+PqOOqGrNEz4fQppnR4wgCYhxCbJHKQTSGnmrTeHXRWNs74+RXaDZarvPRg/DronoiMozAJv0YIg9VjTkZhxdw4pFUPm2PChsM+iVy0Fia1uyTy1+SsTPTfHFArZNdWPyiezISJIicDPSCQGUREt2VVgN5dFmsbHytmMPlGnk9fSJfAgRQqQLxEIFy629aFR4MsuLvez7RFOjxhcxx4HEmKQ52RlZz4yzwHj1pip+UVgj+Kcb87P3BJX6eW8G2OAyvePmA77dGWoSVdFLeTaj+L6ZgHvBqHBEico1HnlR8aSnPJtYuNR7CKB2AWvaZvY2t1RkA3Efrga8acgxi3h3o6DjfcYHS5xdSTS9aYsJNPo3p3/bhhSfYCHDQeZfotHzaHe9b/d9CH8cZsvCqH0zUHjwR3BgpkWHfd4c0XQdrH7HyfOU6XEVs5h7DmWGof0msy1Esn6qLk6NrKfgMZOqxs0lEW26bjoerUOLxb7UxCLuwpthTBU9qHdMQ3fxCK2mkn3KCeE8VeSb2KskTeTxnUnJXan9eURKVzf3LYwouQtB0jkoYzPY27GLLWBp5coYZScODE3lk0oZGGPxa42DqNvVBbyvIyw5o7AZsICnnNv3wCxXZenncFqVu2lG6pgQV5RleU9zgGaz0uKNJAN66jKxlxcmsYi2ugVwGjPf45tnJcTDtdV46Nep4n4Cko+y5lMYRTpSz5hB1zodBykfALCE1daqD+dHrgPFfKFIlMElZjNmVdIoY9UEnsBYbZji1dxKvlwVvcKFH9RQDHY5l74H4UNXGbtrxesZHWc5EUxf48CtV9+DHwOkm30ZDjt6MVsEU/69aOi1L153tAKBY3I2icwL337y2Zez8Fbpq8nHGipFZB+9ygejNRCXAmVmn4QjkgqFLZgTU1nX1/rw6CTPyO8dz5ad94EKvHn/iUIrlH3A3bGGqjCNV+4hH90xdpBStvagg+NIRHKlTY2T0UWUZWG1nHeivCFxKJbwn7wOVAlvSVqAFDmlewryH7MHTOVXkOqbNpi5P6GBqrOYGxndwzfr0QW00gGHmVO7G5W+PcX7EGXPzfR4td8kBlZOE5XoXm/AbwAxw7pn048iMxCyR5vY6uA4WqZLOoYMNwYi5N11apYbc4A8sl/JCY7qaFmWzCKG7h261gCz7gcFV7m6fqnuDsBsZuPCMJlVUKTY0hu4lWYNCy4y63i7dBO/4Fwhl1Gl8lcZmQvTcXvQSUUTFhoZJ0DLHLOpv0eJ9D7iXrxztIIo5143CGuNJf7A2e86FsGv5L/7znkRcC72eC1LV1hxi6NEJZdQDCiZPM3i0pSk11NTpMBpqn9HX4cN5rrdBlXynB44GxC9rMFrTdVTsLa8+6hx3LcMfqyRocBvk+jbTv2ahiX4afCyF+qKoyhlz69/NnWXiw+ZhsE/0pakEOre/UxBfX3L6u1YUxCX4S2Mn2COlpur9ypOmxahQ8ogAP+dLIkBd4QsSnB4Kwkfd9bQLoR87nv64lvx0T/Mt1PuMgsMamGvmnp5Zl437JEWSLQxQeG/8/1/ybAEkr5Vjws72hqLp6zZe3TSv0P9IKkuhU0Bq/jSrpcIQsVhAMj4miitmhe44sKnpqVuLo0qVHwEa9/TIA22xg7crZmkdzkyllrsWv38W89S5nWX/OkOM1ha37bdfbyDnEnysOmLKdMUv9nCTIFHwX0hoVCsvgiS/6Alo3OT8k7NDv3XNkZn05nba1kV+wEMvVMfZNyEPzkYleLtCEZTLG6LwvL7y45OBZ57qx+a0vlHpIrG1uEY9TK09Qsp1nn/CG25+hJvSrcaod8P6M2u5OVU71lhQzQX0dkMpzzhm7f4SaBYN8eOfCDen+nJ8gqz559Mbnri8XqcTI7XPXknmRGbPLR9M692jyQ35hywUCDvlD/FDk+tDNtb7oTbNNhrlqZH+w1uXe8lk+Ply4iMB0EouglBvIDLoiWrIqwxoL5VRqj+EEHe7/iXwZpHkPZGizB63bbBiZ+8FbXZP+yU/LaB72EJAWFF/o/fROT+BQKDjPp3ZXCSKsgt2ate/aBbSyjJpOe+56CQb2bJczRrUnXOp2gYuXSzWwKaTJEa/l45cELEtCcWT44EukOXYz1qKP9gYnKw80v5BmExemIDSjYKCAnYsyvggVDl8k4E5HFoxzcl7L/X3ramNTV/ibhslXR+/MOGfV9SUNB1LCLJfD2N0LJGIheR3tyuDRs0z5LH3fSckCVVZWsDHVT4VyK2ljzsR8DJ06fTs15G9B9cwWvLGkds7pHHNt7nylWkyVwtm8KA1FQoiKxLizrGFFcjyf47WYZ8bkUhW5HgO7VedOdvsNVod72hqo1e8gcPpCJszlPAeKVyALIiL9HC19OgBUj/ZLBEUUjWn31dzbPGqPh00Sq0t6J+XNcNmHSyoRhBn8qKPtni3WoxYDPiW+vaQl9u9qIwpPrCz80o4Y5ppBgHIw0V3PFk1qzSuXM8VN+Fbhc4F7tPJv8wYe84q4v7BX7BRbAHirbd3TXAGcjB6SQITx9IPpdTxzyBD64S3Mk16NBxobI/o1Y3Pmhb2qA4h6vImV8nHvRStm+HDMzWKiZ9eSm8O7ll/mXjeiW5SgJRd9iLqU1vk2QC0ZqpFkd4zEZP5E9cPtPDs8MMkLyw2kl1NuDEWaGM3uRXEG5VjcF07ynOLVgpxfW8XkH+R84+JAr3g4wYwzRDv/5hHRLIONwLARvhQ1QU5tX2HphS3oVzA8uazJnEW+HMwzkw2+YRX8rLNoWLqpQFF7igwmCMddAaPCIWB7yvimhgDGm7jM6XjFj/DBxIMtHk8IWnTrj4ouZRt4NJTzzLKl8Um6wctlRy4BEkQhxEP6qZDewTYrcdZXf3+82r746d7iuSqlK2eV5sGmARU0pht4FRSCs83ofQszqbXAIAzYA7/POn9Y33aD0T1Uo5f6W0p/fGqPew/JKEiWYsvGYJBEc4xMA3/APASHkvyow371AMy5EtG6hQEBYjZ8Ou8ao7QF0ERhLEzBo2+vAW1OI8uo6UeKJyySpcseSHNyJ9LjnGMg+2XfBNuVHJ+Q1Fzm+9+zuzD9KDiv1AClu9XWWF083Wcn9Otjl1vNYe0rREnJ82KW/ZXmX4c9YWRS+plbzZ654PLbeN+A64qbxbbO6LvYwAETclyCeuVYE6ffgtSvFuxsvaZVYHvzsOukdHU0Y0zy05tiO5gCDgDuntATZ7E/AjJNOod+RS2QoY7ttEuinfNorQ1x78Jot+u6bInT+NjNTV87jmaHSgP2GM0yaDWgPB2Q4YSPId9KT3O7/jV6A6AV/dnJMk/H+Xkgy9e5fdd2rry966S9ZqC6+jYJBo64av8oP72DxJDDbADt931hcZGoQHpPKLS4oE2fhTh6nnNdqhr2vxnCa2rF3afswOUYFaTU73S6E6E8sBwaXP4YCkRGl19VlfJWL+FykYboxvrUGnrRRBFV5V8LKIuXpOaakZakgJJQI4OqD1+G++pSFZsD2EyRn7iYQOsqa+VZ1jz7/5FNE2fRX2AmNDRcT42ZwRJeV/uCA9dS/zpUQU9JzDYrM+9f3+L4XD2auxm4qw20X+rU4V4MLteEqevcp8AZTmui3KQMHnRU8HPRpAIJcp8rMeBY5Q4g+UYzAUf3/8PTBv022N/cEifii/Yln/I+yRWx2mfeCAIBk14aBkb2+h3SOsBJPYvBF+s2l91jGlmtkOWIlSuCmEn2ChkQZ8HveX2oTrLq/Fpj+iIDyvmSJrLYB51y0Sd7R49Gi3LEpHdYMLes/0dcwtXab0ZTIMuiAoSJJMWzRTCx8P+NqxOeqfGXr6WiG6SOWOw+RPHlIYo74Ob18cl6s5SIwGGaBajPbyHlhm/nbtoSRg05po3ABO/Jgd9CnskRIei6fMGdUdV2Bwl6Uph4Iut8z6SeZ1Cag8/GM299Rwu2FYnqTj+B1TEyfxZTFIYhZk2oVSUQkAJecR9Sx7eOmzW0Vv2mMj6hROyirlHRbh17xdSiaqwf4IhOETvvFMqcqiqhk3Gh70UBZ4rwNq2RTjTkSaAZk7PL49PnNp5L31E4yiNdN7cVNS184ODATfHs6VpatgiczCSn3O5WUwB7IJuINt9o9y5SQerXjL1FsLKIAQ2ojID2BPznqp7lkEyg+PjD2hOmLAN2KpYHKXJQm0pV9jP9lX7kvfyJhISJaiWwhhiHDQ2cTGPW0rw+a4ve3pg1HQ==D97F84CD027F883C2A6A7B4F1B8A194EF3042369"; - AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + PolicyConfigurationIngestionType = 'builtIn' # Updated Property + } + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + DisplayName = 'admin template' + Ensure = 'Absent' + } + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom 2' + OmaUri = '/oma/custom2' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 2' + } + ); + SupportsScopeTags = $True; + } + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ # Updated Property + Description = 'custom 3' + OmaUri = '/oma/custom3' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 3' + } + ); + SupportsScopeTags = $True; + } + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Absent"; + } + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + AdvancedThreatProtectionAutoPopulateOnboardingBlob = $False; + AdvancedThreatProtectionOnboardingBlob = "MIId0wYJKoZIhvcNAQcDoIIdxDCCHcACAQIxggEwMIIBLAIBAoAUZuvH4bMiLMrmE7+vlIg3N42bKKgwDQYJKoZIhvcNAQEBBQAEggEAxqk1HWqA/PwA6Pq5Yxjp/PGI+XZQMqmwJ47ipnmoDJT/6juZVohVUmnadMbwG/lMPSsCayUR82ZutwziB7dgq5Bkw0XoastlaRQVlnJYcMa+rp1cPmfJxH3XfiWkvtyOfls2OvGot8ACtpOPpHAgHswUC8CQozwtbiGbv2d+GKOqbDyKuDUmguZ1IjgHXSK4QdT7CHyxsqvkF7th3BfzQDYP4RkHt7MdcguhlneSiM12yYWZPZWEq8DR8qgJmhxUt12QzWMNATcuVGbITMzhFSKzsQC+rYY+JHxF4KLtleDIsZagvAJryqYp8UCIKz4RjXfNdUobkqMBHl/FLlzvNTCCHIUGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYD8sl4f+5/KAghxgyl2DMt2B0VwAzMrCjltr8GLeCDx7yQemqhWCw5a2kPowKAtY7Iu60QKiR+F0AknYBwXesbGhYp5NU89ztByHizxh/q/puoBMuN1yHWWYKKu+hqxH40DXxiAi060JA06HoD6mSrLQCz1SXprnLNyiC8rHnVTaJ9alUJOT+FLYH09WOLYZMKKNsTEd8gIjQpXwUVY/zzOBpYS0L3SL28Kk858o5OzowQ9XX/JtyRStcLEZJhQ1u2UkhFCyioNQzS4gOW4/a4rw6vZsxFk+ZBHUEy1aYjmXXuYXPTazCZS1nhj7cpPGTqhxiqoSTMxbBHaKiM7HrQcezFD6oPrloti9PFSCahMLmb6OBpsh4vkMh8WzDE3JyPK8A43iTG+qw+ykfi1CUscTBoaLALmryI3csrmjWpgzwH1+UjpK/7vkjzCXNgazxP9/OysCjRsygSWDKVgcoeZtLPzHwvED9sMns4Sw/vfREOqt9n072ZTt8FjrjEsa2yZCfubeBSuiG1V/wUoDel01jKZ+ZtvpP7EwPuGOQT2Zdl6d/J8fw3PrbahWWyUStmihDq5plQg6moZ31Mtn0QiWkRdbYuoY3s6cBhlBeRUy9oX9mWe165MI1LbwZZRkqf+PtAbFgVQDXDToRsqAmqIFzdWI39HH3xnUdv8z8to8fiprhm6exurrrWkQw8Ss6zloBlzte3QqJbagGS/QXObxDMvXCCSXnckrzfFUtYd+wHZ4T8Mswm40wdKqhQtED7GHP8olrk/VmmRi3I6Ezj1/iK6hc28fH7CJT2CadNOEusM9Xsnzw/AfIJAFWojc05niavd0UC3orL7jlUv9Kay+SDGsAyuE9EDS7Y4bhixkZWUoEuftlH/3W7Jq6kESzFoXrzfS4Ssj81riYXUlXwlAd9AG3hnndJU3Z4aND/cWVYEvJdDHNdRWO+MqxbNNodOYr3R/6ZUewGBBxOeIh2+KNKaouHRwnSVq227NbnzMLATAENwsey/Q4NxBM+8aivmhR/O7cfNuObb+4AFvyzZJoUsdbcGVubdc8qvzqJFeALbM8iMOqIwDPflPhsNuHEHZljg/d20v4D9ZeogzJp5qW2w86gXgBTi8OS8KR2nm0+5I1mIU8ChyMJUEQNlddcxNRlq6QzOsSE+gqwvDTcKXCvQx0Acu5gVJSp4USGca4SPUsPKa+Uhef1e8gMpzXa4c6xGEptp7wY/7yaEzATnLQ8qC3ozGzOBpatgi8amkEOleo4EtSqUBAxYPq+TNo9COd7/u9gnBEXHLVuul26gsFA7K37VXBO2Qty2yOruy+2e0f+WpctBc1bbGgsLC0X30QAgG6ZRRwGedteVeVr9zjq6sIOjhkftcegetkVQhTj0acTCIy8NBLd9I+t9oEecvQgCTJVOU4G6IIoWZYn8/entxn41V8ThLS8Z20ekgBcZf/4r+huiQZZDyk+gVIStokJehtUb9qfg60aogSOn9Cmha9EzY+NtllPBTbIyBnklC89/sJPFiLBbtDihjm96NCECkl0DNL3o0BFHdjceuscs/MBbVCiGiy74+bKbpigXG80rKFfsOSY6OIFgVuQuW8ETQFxBwXRR3h72BorojOghfHGNMAIadJRVEcyPI7Vnjk+ii0YZEw5AuzJtnpQ8gNbudQzy5PvNdMwEwOo2AT1IIjDvGXqHcEW8hCEZkD2GqcQNBrJ/vYBQloCzmzuakYQhGVQuqTUHnKWPfcPeKOm8mcG+vqGMlw6iPlFM3omfmMXHIgehxxPOnusaxvPTNgcVBEvCR+tn2Z3Xim1riDj2ILSIAKylS4Bndu4VJI4+zA0yjNm/udXhMoH21HiTF7mohpSBReLxjmMbBWpMelXj5jHKgI+Ik8IRxNzIvYQD9eG2zqkEixZfgyhiZUfkLC5+J/M7rYSrEonL+Yx4OEm/9TfpEzVTW7DBM8d/pZy7rIJ4+Tx7YpJXMPnPZfsK7DZycujUlkIKxe10vG29BS/hi5ioyPBRz1qx+ez9QpoajWJ0mOSyAwBk47kD8y3KvKwn+woyk3/Tvj7QUW+Apw7b1L2dfR7T7MWF9u0bBD97fGAMA7kyghIV3W2eBRCG495ut5OjQBzOhtWSOvWGQefDdBtbzd1cLg0vrEk0jTedk90lNyr/ODcN7Ejr4fFlp2WIjS6yl3+iepRafpmW4iIxz4JfGHlGrOKkY1LMd1NtctU3W23iYu6fQJxws+Q67LeGJR1i1ai/indtu+xtjto0avT1UtOl3mS5Odl4W+nuqKnAf8Rhch+0ozcywpaOJiPNpls1RYlEJIXmGh1ANYzrrz5MbhyKjIRiAaZQ7sl9Pk5ijuL+4vDK+qUeWmBHU6Jd5xYbRMtmpFQs2mb7EZDDG9pWP5k30IPfMy3Ma2Bt6B3Nq/nI8JirjMGp0WF0wiuK8G1Z5u2K4QemzIyRPGzIqWg+RwjTykmZwwT/Njn7UL6tk1OSB9cSIiJ8mws5z2hf5rqmi6WbgBQ1V0s52w9elfgTeurUBMsXOWT+XTTEI/nvSa4BEMlALQnef0k+Ap32vgnzN7ZVcIY4ZI2pKhCFVLV3nUhuSZQKZwtA+N7IObxDLCnZD1OIaLcacQl8pXN4O0WeJ9/KhdAidPNoM3N/Ak/toEW5eD6tmEqHleUPnHT1MzeyM8SgSJmGql5flGYTzx22RTUe23JcbaY2wmY6tiDvYxfw5XYJUdUyhUOSik6Ttqz1y8E8nnlFtq+4PwJPdbWrMV0oWcjgVAiaq9ALX5GwPGoLo5QxRHZ/tg5LEnIOtZJdmNfaeDO6GSjwhiiW63kvBMjPDZ+R2SQdm1UAyIYg9AD1GY1eOuZ3Qs5/KHUmcBBy48bIcGFaaK0kdlwWdlWtJUP+4UMv8vlxXt05o9NVIHZ+YD6KBOgE+NPMoI4Y+ht7hzSf6cSIxz8AfEZHWnC7Co2tFkBF6SkqQse0uLL9Wf+CWzMy+JLXqo9tBKxsnxXq07a5HF9+WNiuLGnQoz5PlKjzgwWOOJ1yGdQhlWc1cYYHEnXMkrFoc0tdCvCAYL5+dm9lhc5MXR3hqpOSByWfz14oaBx4fCqPZqSvE09DYNkJB2Abo+WIqmW8vnb1aFyqMWj0nK/lT0rpfaiXww7vMMuN6TYp1JAubZ9ijx+Yq1TObi409aRYRmJkH3quBD3HExAS0bRIavExQaM8zP+gqxxsEG71gtFUK0jI/6Q71OIfh9Tf3uSB/NLl/HyDegsRyxMCqqowC6mBa8TLM/gDp7yOyrQ7Cs2HnWWYrNfZd6n5F0OB9ProL0Tykg1cci1bcteO4gKadhRZtOYhLXJMcLcy/fUbBdooxGak2c9i7XBGUbD4vklR66yACKETi0Ou3RVrVxJvkRDuU2seU9PW3Y6leYHbgpZdzkoDshflbxkXvWnxRAV/moH8RxBusT7yx81fytRieumN12QJjdMNQRRvRbe9vhCR9uj7lSaXHcYCQvNX4jMbYgYW401NlFFAsSGdy3XkgXfCvKZQDcf2oaWoc3R5MjDdMod9R1/z3vlx22RRzahCDZdOfFysq2rkzJDGZW9WWnKJHKXEA8lGWA62WSxjeUUOt+Gnjjww1RD8yK0uQtcGlcN+OeH2WtZDiN3gTNBmAkyU7EgWvSKstSS+/fCwt39o1ldG7ZNoIsAqdESgXFPfToaEs2E+pmunn8iF5Vly4BSce+jBok8zES+wopGpQr3NB7ai/lCKQZ4yH9cb5Aj0jYv0Bp91KEHrZU09pcg5foLb/NMFNNb0h91UsHZpJlx4r2zj7hJ5GKXTGX1xfJ8Fettpht+2mgxSiSuG1CNKncIAHWIicMwcFMea+H7fSGZwqRu0Q+iRmc0rZBXIE7sGm4TnKSXU35HZBw9M5vpzCnUxT2wPAbDDAdGIwguD0vzS3AhHMJdcIQ+WNALfvxgSReI57Hk4BlP2SZRJAeSejCMkOe6x1CZWLPxMbGQORdtXadCEfCQ2r0COrppMPIhI0sLuBPRSqt5+l4LgCN+n52U5PzWD8L2r6gVxItI3uRuV8+TWI8noDKvSB3nZIM6XVwlcCPgsa8rwsf+wdrNLOEY2aqYg7h9ieEvAk3GttwqomDkZfZdEMNShlD2xX+Ub3tu0cUr7ntISzvR6y5MkKyaNWOW0wO8LeBxRHBQqUs63KFz7wrFu006X6CJgkcD902IzWam3DlI9+ivtz+eIG1ZKo+2NA2piyXuGhFEbSf+lEERVnNmBkYbCl0TWCglkd4ajsbaGwsFizeVGEPPdy5ePuvosxssLpk+qSPLdY1qJeCFTT9qww1D3/tjL6p1LDMtaGFaDQ2JvU+51AmNt0ca65rtaGHIGRCdNSLfaaKsXqgekd61qBIqlv2zArbN7fJtwH7BYH3FpoEUw2eWR7Xc7JqYVYE1P/ggF8x9mWDUuujCHp8awxJzAhPUu43hSOd0O30Lr79jWoBi/BIHzs+P5IZxnq/cTGdYVEWxMeQF6vmRnFjo3UtKSQNQR7Xwec0bpmByJx6v5YcL9xG/OwQ8D/Qcmof8INwNLePVckvM+jbkJ+iLvgpZL9xDU9qsYjYbKpp0VhuZqtAPzIdgzWv4mWVp0kI1F9q2DOAAZS7xcIeohBBXE1gEwzlr3r23WYNjcX+KXfQuY3zxb7dNtBLOOMqvbgYtKEoHT731GL0mINkDCTKaoxlLIoUyjycMNEKKhyzLHG1ELqtzR1Mi2bFy7Edj4VvjS+owFOg5sTrbtaf55w/RburfZzYpavIyl9q60+kcoLfKtwva5bGfJKbOhF3cMKDCDEmKxgLSIYH7swCM6Gv/D8p38Bkd7qs6Q4wp13hspmoq1d9SZtHU/DV0/KHKy9/ef18dXNa/I7unMGcETbc+GE/yGfTue/Sv9l8Beq2H2eMfrpkTVOMGxnIwRTf6FBNyhpQsaeN52qz9kqFcScziZlRyvq57kz22USWW3oLrC4LWHiu4QJzBMJeeZO3E7SrBdGMyOcXpXXBHEbJHqb2zOSefObjagX2Ld5pGWS3zIyaJPV73yS7FhaKwA50Syw+nbeG5ysEicbdUOKLZCPKTDi+jBjVpd7B/SokzxbnkojQdDF50453YUlTx2KuAMONaw7sf3lVzbGalZ1O6RcGp3s2BJsFDwEJErPh6zbFEM8VCttNFU2sT89P+wKMUX8Wt8qU+Q/wg0vwLReoTfqqmNbmD/4FRLbgpfP6NJ7IbUisR8a7PCKMWIz7sX7iTk1OQsUptgkNSWGPe2bKQ/ln593n6q7CD5oKgN+d1099lJokSEa4hvlFkHRI248ITqMxaXjuRD8pyTpx+k7TzXSjzb3oAsDfBsI7IJEEp5O2Rrg0bE/vBLPWVXubSfSYd/RqKoos8Ril46Q43L05uJfiixkEvJiZo21+qQsK+/MUnOUl2lmB7uscPSZWUGQbs+BecxEhYXpjgaCPfVClyJHwBAwk+PqOOqGrNEz4fQppnR4wgCYhxCbJHKQTSGnmrTeHXRWNs74+RXaDZarvPRg/DronoiMozAJv0YIg9VjTkZhxdw4pFUPm2PChsM+iVy0Fia1uyTy1+SsTPTfHFArZNdWPyiezISJIicDPSCQGUREt2VVgN5dFmsbHytmMPlGnk9fSJfAgRQqQLxEIFy629aFR4MsuLvez7RFOjxhcxx4HEmKQ52RlZz4yzwHj1pip+UVgj+Kcb87P3BJX6eW8G2OAyvePmA77dGWoSVdFLeTaj+L6ZgHvBqHBEico1HnlR8aSnPJtYuNR7CKB2AWvaZvY2t1RkA3Efrga8acgxi3h3o6DjfcYHS5xdSTS9aYsJNPo3p3/bhhSfYCHDQeZfotHzaHe9b/d9CH8cZsvCqH0zUHjwR3BgpkWHfd4c0XQdrH7HyfOU6XEVs5h7DmWGof0msy1Esn6qLk6NrKfgMZOqxs0lEW26bjoerUOLxb7UxCLuwpthTBU9qHdMQ3fxCK2mkn3KCeE8VeSb2KskTeTxnUnJXan9eURKVzf3LYwouQtB0jkoYzPY27GLLWBp5coYZScODE3lk0oZGGPxa42DqNvVBbyvIyw5o7AZsICnnNv3wCxXZenncFqVu2lG6pgQV5RleU9zgGaz0uKNJAN66jKxlxcmsYi2ugVwGjPf45tnJcTDtdV46Nep4n4Cko+y5lMYRTpSz5hB1zodBykfALCE1daqD+dHrgPFfKFIlMElZjNmVdIoY9UEnsBYbZji1dxKvlwVvcKFH9RQDHY5l74H4UNXGbtrxesZHWc5EUxf48CtV9+DHwOkm30ZDjt6MVsEU/69aOi1L153tAKBY3I2icwL337y2Zez8Fbpq8nHGipFZB+9ygejNRCXAmVmn4QjkgqFLZgTU1nX1/rw6CTPyO8dz5ad94EKvHn/iUIrlH3A3bGGqjCNV+4hH90xdpBStvagg+NIRHKlTY2T0UWUZWG1nHeivCFxKJbwn7wOVAlvSVqAFDmlewryH7MHTOVXkOqbNpi5P6GBqrOYGxndwzfr0QW00gGHmVO7G5W+PcX7EGXPzfR4td8kBlZOE5XoXm/AbwAxw7pn048iMxCyR5vY6uA4WqZLOoYMNwYi5N11apYbc4A8sl/JCY7qaFmWzCKG7h261gCz7gcFV7m6fqnuDsBsZuPCMJlVUKTY0hu4lWYNCy4y63i7dBO/4Fwhl1Gl8lcZmQvTcXvQSUUTFhoZJ0DLHLOpv0eJ9D7iXrxztIIo5143CGuNJf7A2e86FsGv5L/7znkRcC72eC1LV1hxi6NEJZdQDCiZPM3i0pSk11NTpMBpqn9HX4cN5rrdBlXynB44GxC9rMFrTdVTsLa8+6hx3LcMfqyRocBvk+jbTv2ahiX4afCyF+qKoyhlz69/NnWXiw+ZhsE/0pakEOre/UxBfX3L6u1YUxCX4S2Mn2COlpur9ypOmxahQ8ogAP+dLIkBd4QsSnB4Kwkfd9bQLoR87nv64lvx0T/Mt1PuMgsMamGvmnp5Zl437JEWSLQxQeG/8/1/ybAEkr5Vjws72hqLp6zZe3TSv0P9IKkuhU0Bq/jSrpcIQsVhAMj4miitmhe44sKnpqVuLo0qVHwEa9/TIA22xg7crZmkdzkyllrsWv38W89S5nWX/OkOM1ha37bdfbyDnEnysOmLKdMUv9nCTIFHwX0hoVCsvgiS/6Alo3OT8k7NDv3XNkZn05nba1kV+wEMvVMfZNyEPzkYleLtCEZTLG6LwvL7y45OBZ57qx+a0vlHpIrG1uEY9TK09Qsp1nn/CG25+hJvSrcaod8P6M2u5OVU71lhQzQX0dkMpzzhm7f4SaBYN8eOfCDen+nJ8gqz559Mbnri8XqcTI7XPXknmRGbPLR9M692jyQ35hywUCDvlD/FDk+tDNtb7oTbNNhrlqZH+w1uXe8lk+Ply4iMB0EouglBvIDLoiWrIqwxoL5VRqj+EEHe7/iXwZpHkPZGizB63bbBiZ+8FbXZP+yU/LaB72EJAWFF/o/fROT+BQKDjPp3ZXCSKsgt2ate/aBbSyjJpOe+56CQb2bJczRrUnXOp2gYuXSzWwKaTJEa/l45cELEtCcWT44EukOXYz1qKP9gYnKw80v5BmExemIDSjYKCAnYsyvggVDl8k4E5HFoxzcl7L/X3ramNTV/ibhslXR+/MOGfV9SUNB1LCLJfD2N0LJGIheR3tyuDRs0z5LH3fSckCVVZWsDHVT4VyK2ljzsR8DJ06fTs15G9B9cwWvLGkds7pHHNt7nylWkyVwtm8KA1FQoiKxLizrGFFcjyf47WYZ8bkUhW5HgO7VedOdvsNVod72hqo1e8gcPpCJszlPAeKVyALIiL9HC19OgBUj/ZLBEUUjWn31dzbPGqPh00Sq0t6J+XNcNmHSyoRhBn8qKPtni3WoxYDPiW+vaQl9u9qIwpPrCz80o4Y5ppBgHIw0V3PFk1qzSuXM8VN+Fbhc4F7tPJv8wYe84q4v7BX7BRbAHirbd3TXAGcjB6SQITx9IPpdTxzyBD64S3Mk16NBxobI/o1Y3Pmhb2qA4h6vImV8nHvRStm+HDMzWKiZ9eSm8O7ll/mXjeiW5SgJRd9iLqU1vk2QC0ZqpFkd4zEZP5E9cPtPDs8MMkLyw2kl1NuDEWaGM3uRXEG5VjcF07ynOLVgpxfW8XkH+R84+JAr3g4wYwzRDv/5hHRLIONwLARvhQ1QU5tX2HphS3oVzA8uazJnEW+HMwzkw2+YRX8rLNoWLqpQFF7igwmCMddAaPCIWB7yvimhgDGm7jM6XjFj/DBxIMtHk8IWnTrj4ouZRt4NJTzzLKl8Um6wctlRy4BEkQhxEP6qZDewTYrcdZXf3+82r746d7iuSqlK2eV5sGmARU0pht4FRSCs83ofQszqbXAIAzYA7/POn9Y33aD0T1Uo5f6W0p/fGqPew/JKEiWYsvGYJBEc4xMA3/APASHkvyow371AMy5EtG6hQEBYjZ8Ou8ao7QF0ERhLEzBo2+vAW1OI8uo6UeKJyySpcseSHNyJ9LjnGMg+2XfBNuVHJ+Q1Fzm+9+zuzD9KDiv1AClu9XWWF083Wcn9Otjl1vNYe0rREnJ82KW/ZXmX4c9YWRS+plbzZ654PLbeN+A64qbxbbO6LvYwAETclyCeuVYE6ffgtSvFuxsvaZVYHvzsOukdHU0Y0zy05tiO5gCDgDuntATZ7E/AjJNOod+RS2QoY7ttEuinfNorQ1x78Jot+u6bInT+NjNTV87jmaHSgP2GM0yaDWgPB2Q4YSPId9KT3O7/jV6A6AV/dnJMk/H+Xkgy9e5fdd2rry966S9ZqC6+jYJBo64av8oP72DxJDDbADt931hcZGoQHpPKLS4oE2fhTh6nnNdqhr2vxnCa2rF3afswOUYFaTU73S6E6E8sBwaXP4YCkRGl19VlfJWL+FykYboxvrUGnrRRBFV5V8LKIuXpOaakZakgJJQI4OqD1+G++pSFZsD2EyRn7iYQOsqa+VZ1jz7/5FNE2fRX2AmNDRcT42ZwRJeV/uCA9dS/zpUQU9JzDYrM+9f3+L4XD2auxm4qw20X+rU4V4MLteEqevcp8AZTmui3KQMHnRU8HPRpAIJcp8rMeBY5Q4g+UYzAUf3/8PTBv022N/cEifii/Yln/I+yRWx2mfeCAIBk14aBkb2+h3SOsBJPYvBF+s2l91jGlmtkOWIlSuCmEn2ChkQZ8HveX2oTrLq/Fpj+iIDyvmSJrLYB51y0Sd7R49Gi3LEpHdYMLes/0dcwtXab0ZTIMuiAoSJJMWzRTCx8P+NqxOeqfGXr6WiG6SOWOw+RPHlIYo74Ob18cl6s5SIwGGaBajPbyHlhm/nbtoSRg05po3ABO/Jgd9CnskRIei6fMGdUdV2Bwl6Uph4Iut8z6SeZ1Cag8/GM299Rwu2FYnqTj+B1TEyfxZTFIYhZk2oVSUQkAJecR9Sx7eOmzW0Vv2mMj6hROyirlHRbh17xdSiaqwf4IhOETvvFMqcqiqhk3Gh70UBZ4rwNq2RTjTkSaAZk7PL49PnNp5L31E4yiNdN7cVNS184ODATfHs6VpatgiczCSn3O5WUwB7IJuINt9o9y5SQerXjL1FsLKIAQ2ojID2BPznqp7lkEyg+PjD2hOmLAN2KpYHKXJQm0pV9jP9lX7kvfyJhISJaiWwhhiHDQ2cTGPW0rw+a4ve3pg1HQ==D97F84CD027F883C2A6A7B4F1B8A194EF3042369"; + AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; AllowSampleSharing = $True; Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments{ @@ -598,7 +1203,28 @@ DisplayName = "MDE onboarding Legacy"; EnableExpeditedTelemetryReporting = $True; Ensure = "Present"; - Id = "510e4742-9c7b-414d-84a1-a1128fcf57a8"; + } + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + AdvancedThreatProtectionAutoPopulateOnboardingBlob = $True; # Updated Property + AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; + AllowSampleSharing = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + EnableExpeditedTelemetryReporting = $True; + Ensure = "Present"; + } + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + Ensure = "Absent"; } IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' { @@ -626,7 +1252,6 @@ GroupIdSourceOption = 'adSite' odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' }; - Id = "c86efa80-248b-4002-80d4-e70ea151a4c7"; MaximumCacheAgeInDays = 3; MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ MaximumCacheSizeInGigabytes = 4 @@ -641,6 +1266,52 @@ SupportsScopeTags = $True; VpnPeerCaching = "enabled"; } + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackgroundDownloadFromHttpDelayInSeconds = 4; + BandwidthMode = MSFT_MicrosoftGraphdeliveryOptimizationBandwidth{ + MaximumDownloadBandwidthInKilobytesPerSecond = 22 + MaximumUploadBandwidthInKilobytesPerSecond = 33 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' + }; + CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 5; # Updated Property + CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 3; + CacheServerHostNames = @("domain.com"); + Credential = $Credscredential; + DeliveryOptimizationMode = "httpWithPeeringPrivateGroup"; + DisplayName = "delivery optimisation"; + Ensure = "Present"; + ForegroundDownloadFromHttpDelayInSeconds = 234; + GroupIdSource = MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource{ + GroupIdSourceOption = 'adSite' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' + }; + MaximumCacheAgeInDays = 3; + MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ + MaximumCacheSizeInGigabytes = 4 + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + }; + MinimumBatteryPercentageAllowedToUpload = 4; + MinimumDiskSizeAllowedToPeerInGigabytes = 3; + MinimumFileSizeToCacheInMegabytes = 3; + MinimumRamAllowedToPeerInGigabytes = 3; + ModifyCacheLocation = "%systemdrive%"; + RestrictPeerSelectionBy = "subnetMask"; + SupportsScopeTags = $True; + VpnPeerCaching = "enabled"; + } + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "delivery optimisation"; + Ensure = "Absent"; + } IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' { ActiveDirectoryDomainName = "domain.com"; @@ -655,10 +1326,53 @@ Credential = $Credscredential; DisplayName = "Domain Join"; Ensure = "Present"; - Id = "1ab2945b-36b5-4b34-bbf5-717885c15654"; OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; SupportsScopeTags = $True; } + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + ActiveDirectoryDomainName = "domain.com"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ComputerNameStaticPrefix = "WK-"; + ComputerNameSuffixRandomCharCount = 12; + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Present"; + OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; + SupportsScopeTags = $False; # Updated Property + } + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Absent"; + } + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + AccountName = "Corp email2"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "email"; + DurationOfEmailToSync = "unlimited"; + EmailAddressSource = "primarySmtpAddress"; + EmailSyncSchedule = "fifteenMinutes"; + Ensure = "Present"; + HostName = "outlook.office365.com"; + RequireSsl = $True; + SyncCalendar = $True; + SyncContacts = $True; + SyncTasks = $True; + } IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' { AccountName = "Corp email2"; @@ -668,25 +1382,258 @@ dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } ); - Credential = $Credscredential; - DisplayName = "email"; - DurationOfEmailToSync = "unlimited"; - EmailAddressSource = "primarySmtpAddress"; - EmailSyncSchedule = "fifteenMinutes"; - Ensure = "Present"; - HostName = "outlook.office365.com"; - Id = "776bcf45-35f7-4436-93fb-7a74828c6477"; - RequireSsl = $True; - SyncCalendar = $True; - SyncContacts = $True; - SyncTasks = $True; + Credential = $Credscredential; + DisplayName = "email"; + DurationOfEmailToSync = "unlimited"; + EmailAddressSource = "primarySmtpAddress"; + EmailSyncSchedule = "fifteenMinutes"; + Ensure = "Present"; + HostName = "outlook.office365.com"; + RequireSsl = $False; # Updated Property + SyncCalendar = $True; + SyncContacts = $True; + SyncTasks = $True; + } + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "email"; + Ensure = "Absent"; + } + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + ApplicationGuardAllowFileSaveOnHost = $True; + ApplicationGuardAllowPersistence = $True; + ApplicationGuardAllowPrintToLocalPrinters = $True; + ApplicationGuardAllowPrintToNetworkPrinters = $True; + ApplicationGuardAllowPrintToPDF = $True; + ApplicationGuardAllowPrintToXPS = $True; + ApplicationGuardAllowVirtualGPU = $True; + ApplicationGuardBlockClipboardSharing = "blockContainerToHost"; + ApplicationGuardBlockFileTransfer = "blockImageFile"; + ApplicationGuardBlockNonEnterpriseContent = $True; + ApplicationGuardCertificateThumbprints = @(); + ApplicationGuardEnabled = $True; + ApplicationGuardEnabledOptions = "enabledForEdge"; + ApplicationGuardForceAuditing = $True; + AppLockerApplicationControl = "enforceComponentsStoreAppsAndSmartlocker"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BitLockerAllowStandardUserEncryption = $True; + BitLockerDisableWarningForOtherDiskEncryption = $True; + BitLockerEnableStorageCardEncryptionOnMobile = $True; + BitLockerEncryptDevice = $True; + BitLockerFixedDrivePolicy = MSFT_MicrosoftGraphbitLockerFixedDrivePolicy{ + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $True + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $True + RecoveryPasswordUsage = 'allowed' + } + RequireEncryptionForWriteAccess = $True + EncryptionMethod = 'xtsAes128' + }; + BitLockerRecoveryPasswordRotation = "notConfigured"; + BitLockerRemovableDrivePolicy = MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy{ + RequireEncryptionForWriteAccess = $True + BlockCrossOrganizationWriteAccess = $True + EncryptionMethod = 'aesCbc128' + }; + BitLockerSystemDrivePolicy = MSFT_MicrosoftGraphbitLockerSystemDrivePolicy{ + PrebootRecoveryEnableMessageAndUrl = $True + StartupAuthenticationTpmPinUsage = 'allowed' + EncryptionMethod = 'xtsAes128' + StartupAuthenticationTpmPinAndKeyUsage = 'allowed' + StartupAuthenticationRequired = $True + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $False + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $False + RecoveryPasswordUsage = 'allowed' + } + StartupAuthenticationTpmUsage = 'allowed' + StartupAuthenticationTpmKeyUsage = 'allowed' + StartupAuthenticationBlockWithoutTpmChip = $False + }; + Credential = $Credscredential; + DefenderAdditionalGuardedFolders = @(); + DefenderAdobeReaderLaunchChildProcess = "notConfigured"; + DefenderAdvancedRansomewareProtectionType = "notConfigured"; + DefenderAttackSurfaceReductionExcludedPaths = @(); + DefenderBlockPersistenceThroughWmiType = "userDefined"; + DefenderEmailContentExecution = "userDefined"; + DefenderEmailContentExecutionType = "userDefined"; + DefenderExploitProtectionXml = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxNaXRpZ2F0aW9uUG9saWN5Pg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IkFjcm9SZDMyLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJBY3JvUmQzMkluZm8uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImNsdmlldy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iY25mbm90MzIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImV4Y2VsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJleGNlbGNudi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iRXh0RXhwb3J0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJncmFwaC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iaWU0dWluaXQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllaW5zdGFsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJpZWxvd3V0aWwuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllVW5hdHQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImlleHBsb3JlLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJseW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2FjY2Vzcy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNjb3JzdncuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zZmVlZHNzeW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2h0YS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvYWRmc2IuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb2FzYi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvaHRtZWQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3NyZWMuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3htbGVkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc3B1Yi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNxcnkzMi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iTXNTZW5zZS5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgICA8SW1hZ2VMb2FkIFByZWZlclN5c3RlbTMyPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VuLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VudGFzay5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZW0uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im9yZ2NoYXJ0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJvdXRsb29rLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJwb3dlcnBudC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUHJlc2VudGF0aW9uSG9zdC5leGUiPg0KICAgIDxERVAgRW5hYmxlPSJ0cnVlIiBFbXVsYXRlQXRsVGh1bmtzPSJmYWxzZSIgLz4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIEJvdHRvbVVwPSJ0cnVlIiBIaWdoRW50cm9weT0idHJ1ZSIgLz4NCiAgICA8U0VIT1AgRW5hYmxlPSJ0cnVlIiBUZWxlbWV0cnlPbmx5PSJmYWxzZSIgLz4NCiAgICA8SGVhcCBUZXJtaW5hdGVPbkVycm9yPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJQcmludERpYWxvZy5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUmRyQ0VGLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJSZHJTZXJ2aWNlc1VwZGF0ZXIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InJ1bnRpbWVicm9rZXIuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5vc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5wc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNkeGhlbHBlci5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ic2VsZmNlcnQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNldGxhbmcuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IlN5c3RlbVNldHRpbmdzLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3aW53b3JkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3b3JkY29udi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQo8L01pdGlnYXRpb25Qb2xpY3k+"; + DefenderExploitProtectionXmlFileName = "Settings.xml"; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderGuardedFoldersAllowedAppPaths = @(); + DefenderGuardMyFoldersType = "auditMode"; + DefenderNetworkProtectionType = "enable"; + DefenderOfficeAppsExecutableContentCreationOrLaunch = "userDefined"; + DefenderOfficeAppsExecutableContentCreationOrLaunchType = "userDefined"; + DefenderOfficeAppsLaunchChildProcess = "userDefined"; + DefenderOfficeAppsLaunchChildProcessType = "userDefined"; + DefenderOfficeAppsOtherProcessInjection = "userDefined"; + DefenderOfficeAppsOtherProcessInjectionType = "userDefined"; + DefenderOfficeCommunicationAppsLaunchChildProcess = "notConfigured"; + DefenderOfficeMacroCodeAllowWin32Imports = "userDefined"; + DefenderOfficeMacroCodeAllowWin32ImportsType = "userDefined"; + DefenderPreventCredentialStealingType = "enable"; + DefenderProcessCreation = "userDefined"; + DefenderProcessCreationType = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderScriptDownloadedPayloadExecution = "userDefined"; + DefenderScriptDownloadedPayloadExecutionType = "userDefined"; + DefenderScriptObfuscatedMacroCode = "userDefined"; + DefenderScriptObfuscatedMacroCodeType = "userDefined"; + DefenderSecurityCenterBlockExploitProtectionOverride = $False; + DefenderSecurityCenterDisableAccountUI = $False; + DefenderSecurityCenterDisableClearTpmUI = $True; + DefenderSecurityCenterDisableFamilyUI = $False; + DefenderSecurityCenterDisableHardwareUI = $True; + DefenderSecurityCenterDisableHealthUI = $False; + DefenderSecurityCenterDisableNetworkUI = $False; + DefenderSecurityCenterDisableNotificationAreaUI = $False; + DefenderSecurityCenterDisableRansomwareUI = $False; + DefenderSecurityCenterDisableVirusUI = $False; + DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $True; + DefenderSecurityCenterHelpEmail = "me@domain.com"; + DefenderSecurityCenterHelpPhone = "yes"; + DefenderSecurityCenterITContactDisplay = "displayInAppAndInNotifications"; + DefenderSecurityCenterNotificationsFromApp = "blockNoncriticalNotifications"; + DefenderSecurityCenterOrganizationDisplayName = "processes.exe"; + DefenderUntrustedExecutable = "userDefined"; + DefenderUntrustedExecutableType = "userDefined"; + DefenderUntrustedUSBProcess = "userDefined"; + DefenderUntrustedUSBProcessType = "userDefined"; + DeviceGuardEnableSecureBootWithDMA = $True; + DeviceGuardEnableVirtualizationBasedSecurity = $True; + DeviceGuardLaunchSystemGuard = "notConfigured"; + DeviceGuardLocalSystemAuthorityCredentialGuardSettings = "enableWithoutUEFILock"; + DeviceGuardSecureBootWithDMA = "notConfigured"; + DisplayName = "endpoint protection legacy - dsc v2.0"; + DmaGuardDeviceEnumerationPolicy = "deviceDefault"; + Ensure = "Present"; + FirewallCertificateRevocationListCheckMethod = "deviceDefault"; + FirewallIPSecExemptionsAllowDHCP = $False; + FirewallIPSecExemptionsAllowICMP = $False; + FirewallIPSecExemptionsAllowNeighborDiscovery = $False; + FirewallIPSecExemptionsAllowRouterDiscovery = $False; + FirewallIPSecExemptionsNone = $False; + FirewallPacketQueueingMethod = "deviceDefault"; + FirewallPreSharedKeyEncodingMethod = "deviceDefault"; + FirewallProfileDomain = MSFT_MicrosoftGraphwindowsFirewallNetworkProfile{ + PolicyRulesFromGroupPolicyNotMerged = $False + InboundNotificationsBlocked = $True + OutboundConnectionsRequired = $True + GlobalPortRulesFromGroupPolicyNotMerged = $True + ConnectionSecurityRulesFromGroupPolicyNotMerged = $True + UnicastResponsesToMulticastBroadcastsRequired = $True + PolicyRulesFromGroupPolicyMerged = $False + UnicastResponsesToMulticastBroadcastsBlocked = $False + IncomingTrafficRequired = $False + IncomingTrafficBlocked = $True + ConnectionSecurityRulesFromGroupPolicyMerged = $False + StealthModeRequired = $False + InboundNotificationsRequired = $False + AuthorizedApplicationRulesFromGroupPolicyMerged = $False + InboundConnectionsBlocked = $True + OutboundConnectionsBlocked = $False + StealthModeBlocked = $True + GlobalPortRulesFromGroupPolicyMerged = $False + SecuredPacketExemptionBlocked = $False + SecuredPacketExemptionAllowed = $False + InboundConnectionsRequired = $False + FirewallEnabled = 'allowed' + AuthorizedApplicationRulesFromGroupPolicyNotMerged = $True + }; + FirewallRules = @( + MSFT_MicrosoftGraphwindowsFirewallRule{ + Action = 'allowed' + InterfaceTypes = 'notConfigured' + DisplayName = 'ICMP' + TrafficDirection = 'in' + ProfileTypes = 'domain' + EdgeTraversal = 'notConfigured' + } + ); + LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; + LanManagerWorkstationDisableInsecureGuestLogons = $False; + LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $False; + LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $False; + LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $False; + LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $True; + LocalSecurityOptionsAllowUIAccessApplicationElevation = $False; + LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $False; + LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $True; + LocalSecurityOptionsBlockMicrosoftAccounts = $True; + LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $True; + LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $True; + LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $True; + LocalSecurityOptionsClearVirtualMemoryPageFile = $True; + LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $False; + LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $False; + LocalSecurityOptionsDisableAdministratorAccount = $True; + LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $False; + LocalSecurityOptionsDisableGuestAccount = $True; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $False; + LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $True; + LocalSecurityOptionsDoNotRequireCtrlAltDel = $True; + LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $False; + LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = "administrators"; + LocalSecurityOptionsHideLastSignedInUser = $False; + LocalSecurityOptionsHideUsernameAtSignIn = $False; + LocalSecurityOptionsInformationDisplayedOnLockScreen = "notConfigured"; + LocalSecurityOptionsInformationShownOnLockScreen = "notConfigured"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = "none"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = "none"; + LocalSecurityOptionsOnlyElevateSignedExecutables = $False; + LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $True; + LocalSecurityOptionsSmartCardRemovalBehavior = "lockWorkstation"; + LocalSecurityOptionsStandardUserElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $False; + LocalSecurityOptionsUseAdminApprovalMode = $False; + LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $False; + LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $False; + SmartScreenBlockOverrideForFiles = $True; + SmartScreenEnableInShell = $True; + SupportsScopeTags = $True; + UserRightsAccessCredentialManagerAsTrustedCaller = MSFT_MicrosoftGraphdeviceManagementUserRightsSetting{ + State = 'allowed' + LocalUsersOrGroups = @( + MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup{ + Name = 'NT AUTHORITY\Local service' + SecurityIdentifier = '*S-1-5-19' + } + ) + }; + WindowsDefenderTamperProtection = "enable"; + XboxServicesAccessoryManagementServiceStartupMode = "manual"; + XboxServicesEnableXboxGameSaveTask = $True; + XboxServicesLiveAuthManagerServiceStartupMode = "manual"; + XboxServicesLiveGameSaveServiceStartupMode = "manual"; + XboxServicesLiveNetworkingServiceStartupMode = "manual"; } IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' { ApplicationGuardAllowFileSaveOnHost = $True; ApplicationGuardAllowPersistence = $True; ApplicationGuardAllowPrintToLocalPrinters = $True; - ApplicationGuardAllowPrintToNetworkPrinters = $True; + ApplicationGuardAllowPrintToNetworkPrinters = $False; # Updated Property ApplicationGuardAllowPrintToPDF = $True; ApplicationGuardAllowPrintToXPS = $True; ApplicationGuardAllowVirtualGPU = $True; @@ -849,7 +1796,6 @@ EdgeTraversal = 'notConfigured' } ); - Id = "447262e3-74b8-44c8-ac6f-7f036fd25e67"; LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; LanManagerWorkstationDisableInsecureGuestLogons = $False; LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; @@ -910,6 +1856,12 @@ XboxServicesLiveGameSaveServiceStartupMode = "manual"; XboxServicesLiveNetworkingServiceStartupMode = "manual"; } + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + DisplayName = "endpoint protection legacy - dsc v2.0"; + Credential = $Credscredential; + Ensure = "Absent"; + } IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' { Assignments = @( @@ -927,7 +1879,6 @@ DisplayName = "firmware"; Ensure = "Present"; FrontCamera = "enabled"; - Id = "16599412-1827-4837-b2c1-da2c8260d16e"; InfraredCamera = "enabled"; Microphone = "notConfigured"; MicrophonesAndSpeakers = "enabled"; @@ -945,6 +1896,46 @@ WindowsPlatformBinaryTable = "enabled"; WirelessWideAreaNetwork = "notConfigured"; } + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Bluetooth = "notConfigured"; + BootFromBuiltInNetworkAdapters = "notConfigured"; + BootFromExternalMedia = "notConfigured"; + Cameras = "enabled"; # Updated Property + ChangeUefiSettingsPermission = "notConfiguredOnly"; + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Present"; + FrontCamera = "enabled"; + InfraredCamera = "enabled"; + Microphone = "notConfigured"; + MicrophonesAndSpeakers = "enabled"; + NearFieldCommunication = "notConfigured"; + Radios = "enabled"; + RearCamera = "enabled"; + SdCard = "notConfigured"; + SimultaneousMultiThreading = "enabled"; + SupportsScopeTags = $True; + UsbTypeAPort = "notConfigured"; + VirtualizationOfCpuAndIO = "enabled"; + WakeOnLAN = "notConfigured"; + WakeOnPower = "notConfigured"; + WiFi = "notConfigured"; + WindowsPlatformBinaryTable = "enabled"; + WirelessWideAreaNetwork = "notConfigured"; + } + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Absent"; + } IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' { AllowDeviceHealthMonitoring = "enabled"; @@ -958,9 +1949,29 @@ Credential = $Credscredential; DisplayName = "Health Monitoring Configuration"; Ensure = "Present"; - Id = "ea1bbbf2-1593-4156-9995-62b93a474e01"; SupportsScopeTags = $True; } + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + AllowDeviceHealthMonitoring = "enabled"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Present"; + SupportsScopeTags = $False; # Updated Property + } + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Absent"; + } IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' { Assignments = @( @@ -973,7 +1984,6 @@ DisplayName = "identity protection"; EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; Ensure = "Present"; - Id = "e0f7e513-6b34-4a74-8d90-fe7648c0ce30"; PinExpirationInDays = 5; PinLowercaseCharactersUsage = "allowed"; PinMaximumLength = 4; @@ -989,6 +1999,39 @@ UseSecurityKeyForSignin = $True; WindowsHelloForBusinessBlocked = $False; } + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "identity protection"; + EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; + Ensure = "Present"; + PinExpirationInDays = 5; + PinLowercaseCharactersUsage = "allowed"; + PinMaximumLength = 4; + PinMinimumLength = 4; + PinPreviousBlockCount = 4; # Updated Property + PinRecoveryEnabled = $True; + PinSpecialCharactersUsage = "allowed"; + PinUppercaseCharactersUsage = "allowed"; + SecurityDeviceRequired = $True; + SupportsScopeTags = $True; + UnlockWithBiometricsEnabled = $True; + UseCertificatesForOnPremisesAuthEnabled = $True; + UseSecurityKeyForSignin = $True; + WindowsHelloForBusinessBlocked = $False; + } + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "identity protection"; + Ensure = "Absent"; + } IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' { Assignments = @( @@ -1002,13 +2045,37 @@ Credential = $Credscredential; DisplayName = "PKCS Imported"; Ensure = "Present"; - Id = "01a4f283-7bb6-4b11-99fa-e56826d986d0"; IntendedPurpose = "unassigned"; KeyStorageProvider = "useSoftwareKsp"; RenewalThresholdPercentage = 50; SubjectAlternativeNameType = "emailAddress"; SubjectNameFormat = "commonName"; } + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Present"; + IntendedPurpose = "unassigned"; + KeyStorageProvider = "useSoftwareKsp"; + RenewalThresholdPercentage = 60; # Updated Property + SubjectAlternativeNameType = "emailAddress"; + SubjectNameFormat = "commonName"; + } + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Absent"; + } IntuneDeviceConfigurationKioskPolicyWindows10 'Example' { Assignments = @( @@ -1021,7 +2088,6 @@ DisplayName = "kiosk"; EdgeKioskEnablePublicBrowsing = $False; Ensure = "Present"; - Id = "7fea73fd-20d3-439a-9fa4-73955e082dc5"; KioskBrowserBlockedUrlExceptions = @(); KioskBrowserBlockedURLs = @(); KioskBrowserDefaultUrl = "http://bing.com"; @@ -1051,12 +2117,95 @@ } } ); - WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ - RunImmediatelyIfAfterStartDateTime = $False - StartDateTime = '2023-04-15T23:00:00.0000000+00:00' - DayofMonth = 1 - Recurrence = 'daily' - DayofWeek = 'sunday' + WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ + RunImmediatelyIfAfterStartDateTime = $False + StartDateTime = '2023-04-15T23:00:00.0000000+00:00' + DayofMonth = 1 + Recurrence = 'daily' + DayofWeek = 'sunday' + }; + } + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "kiosk"; + EdgeKioskEnablePublicBrowsing = $False; # Updated Property + Ensure = "Present"; + KioskBrowserBlockedUrlExceptions = @(); + KioskBrowserBlockedURLs = @(); + KioskBrowserDefaultUrl = "http://bing.com"; + KioskBrowserEnableEndSessionButton = $False; + KioskBrowserEnableHomeButton = $True; + KioskBrowserEnableNavigationButtons = $False; + KioskProfiles = @( + MSFT_MicrosoftGraphwindowsKioskProfile{ + ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c' + UserAccountsConfiguration = @( + MSFT_MicrosoftGraphWindowsKioskUser{ + odataType = '#microsoft.graph.windowsKioskAutologon' + } + ) + ProfileName = 'profile' + AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{ + Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{ + EdgeNoFirstRun = $True + EdgeKiosk = 'https://domain.com' + ClassicAppPath = 'msedge.exe' + AutoLaunch = $False + StartLayoutTileSize = 'hidden' + AppType = 'unknown' + EdgeKioskType = 'publicBrowsing' + } + odataType = '#microsoft.graph.windowsKioskSingleWin32App' + } + } + ); + WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ + RunImmediatelyIfAfterStartDateTime = $False + StartDateTime = '2023-04-15T23:00:00.0000000+00:00' + DayofMonth = 1 + Recurrence = 'daily' + DayofWeek = 'sunday' + }; + } + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "kiosk"; + Ensure = "Absent"; + } + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Present"; + SupportsScopeTags = $True; + WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ + EnterpriseProxyServers = @() + EnterpriseInternalProxyServers = @() + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('domain.com') + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphIpRange1{ + UpperAddress = '1.1.1.255' + LowerAddress = '1.1.1.0' + odataType = '#microsoft.graph.iPv4Range' + } + ) + NeutralDomainResources = @() }; } IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' @@ -1070,8 +2219,7 @@ Credential = $Credscredential; DisplayName = "network boundary"; Ensure = "Present"; - Id = "16c280a3-a04f-4847-b3bb-3cef06cb2be3"; - SupportsScopeTags = $True; + SupportsScopeTags = $False; # Updated Property WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ EnterpriseProxyServers = @() EnterpriseInternalProxyServers = @() @@ -1088,6 +2236,12 @@ NeutralDomainResources = @() }; } + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Absent"; + } IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' { Assignments = @( @@ -1111,16 +2265,49 @@ ); DisplayName = "PKCS"; Ensure = "Present"; - Id = "2abd77a6-b656-4231-ab64-89c31e871ca6"; KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; RenewalThresholdPercentage = 20; SubjectAlternativeNameType = "none"; SubjectNameFormat = "custom"; SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; } + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateTemplateName = "Template DSC"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + CertificationAuthority = "CA=Name"; + CertificationAuthorityName = "Test"; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'certificate.com' + } + ); + DisplayName = "PKCS"; + Ensure = "Present"; + KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; + RenewalThresholdPercentage = 30; # Updated Property + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + } + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "PKCS"; + Ensure = "Absent"; + } IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' { - Id = '4feff881-d635-4e9d-bd07-d1227d1ab230' DisplayName = 'Android device admin' AppsBlockClipboardSharing = $True AppsBlockCopyPaste = $True @@ -1179,9 +2366,74 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + AppsBlockClipboardSharing = $True + AppsBlockCopyPaste = $False # Updated Property + AppsBlockYouTube = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + BluetoothBlocked = $True + CameraBlocked = $True + CellularBlockDataRoaming = $False + CellularBlockMessaging = $False + CellularBlockVoiceRoaming = $False + CellularBlockWiFiTethering = $False + CompliantAppListType = 'appsInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphAppListitem { + name = 'customApp' + publisher = 'google2' + appStoreUrl = 'https://appUrl.com' + appId = 'com.custom.google.com' + } + ) + DateAndTimeBlockChanges = $True + DeviceSharingAllowed = $False + DiagnosticDataBlockSubmission = $False + FactoryResetBlocked = $False + GoogleAccountBlockAutoSync = $False + GooglePlayStoreBlocked = $False + KioskModeBlockSleepButton = $False + KioskModeBlockVolumeButtons = $True + LocationServicesBlocked = $False + NfcBlocked = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $False + PasswordRequired = $True + PasswordRequiredType = 'numeric' + PowerOffBlocked = $False + RequiredPasswordComplexity = 'low' + ScreenCaptureBlocked = $False + SecurityRequireVerifyApps = $False + StorageBlockGoogleBackup = $False + StorageBlockRemovableStorage = $False + StorageRequireDeviceEncryption = $False + StorageRequireRemovableStorageEncryption = $True + VoiceAssistantBlocked = $False + VoiceDialingBlocked = $False + WebBrowserBlockAutofill = $False + WebBrowserBlocked = $False + WebBrowserBlockJavaScript = $False + WebBrowserBlockPopups = $False + WebBrowserCookieSettings = 'allowAlways' + WiFiBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' { - Id = '57853b98-db50-4605-9292-3ade98e25bc3' DisplayName = 'general confi - AndroidDeviceOwner' Assignments = @() AzureAdSharedDeviceDataClearApps = @() @@ -1226,9 +2478,60 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Assignments = @() + AzureAdSharedDeviceDataClearApps = @() + CameraBlocked = $False # Updated Property + CrossProfilePoliciesAllowDataSharing = 'notConfigured' + EnrollmentProfile = 'notConfigured' + FactoryResetDeviceAdministratorEmails = @() + GlobalProxy = MSFT_MicrosoftGraphandroiddeviceownerglobalproxy { + odataType = '#microsoft.graph.androidDeviceOwnerGlobalProxyDirect' + host = 'myproxy.com' + port = 8083 + } + KioskCustomizationStatusBar = 'notConfigured' + KioskCustomizationSystemNavigation = 'notConfigured' + KioskModeAppPositions = @() + KioskModeApps = @() + KioskModeManagedFolders = @() + KioskModeUseManagedHomeScreenApp = 'notConfigured' + KioskModeWifiAllowedSsids = @() + MicrophoneForceMute = $True + NfcBlockOutgoingBeam = $True + PasswordBlockKeyguardFeatures = @() + PasswordRequiredType = 'deviceDefault' + PasswordRequireUnlock = 'deviceDefault' + PersonalProfilePersonalApplications = @() + PersonalProfilePlayStoreMode = 'notConfigured' + ScreenCaptureBlocked = $True + SecurityRequireVerifyApps = $True + StayOnModes = @() + StorageBlockExternalMedia = $True + SystemUpdateFreezePeriods = @( + MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod { + startMonth = 12 + startDay = 23 + endMonth = 12 + endDay = 30 + }) + VpnAlwaysOnLockdownMode = $False + VpnAlwaysOnPackageIdentifier = '' + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfilePasswordRequireUnlock = 'deviceDefault' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' { - Id = '9191730e-6e01-4b77-b23c-9648b5c7bb1e' DisplayName = 'aosp' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -1244,6 +2547,29 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + CameraBlocked = $True # Updated Property + FactoryResetBlocked = $True + PasswordRequiredType = 'deviceDefault' + ScreenCaptureBlocked = $True + StorageBlockExternalMedia = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' { DisplayName = 'Android Work Profile - Device Restrictions - Standard' @@ -1270,13 +2596,157 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $True # Updated Property + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeScreenTimeout = 15 + PasswordRequiredType = 'atLeastNumeric' + SecurityRequireVerifyApps = $True + WorkProfileBlockAddingAccounts = $True + WorkProfileBlockCamera = $False + WorkProfileBlockCrossProfileCallerId = $False + WorkProfileBlockCrossProfileContactsSearch = $False + WorkProfileBlockCrossProfileCopyPaste = $True + WorkProfileBlockNotificationsWhileDeviceLocked = $True + WorkProfileBlockScreenCapture = $True + WorkProfileBluetoothEnableContactSharing = $False + WorkProfileDataSharingType = 'allowPersonalToWork' + WorkProfileDefaultAppPermissionPolicy = 'deviceDefault' + WorkProfilePasswordBlockFingerprintUnlock = $False + WorkProfilePasswordBlockTrustAgents = $False + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfileRequirePassword = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + AccountBlockModification = $False + ActivationLockAllowWhenSupervised = $False + AirDropBlocked = $False + AirDropForceUnmanagedDropTarget = $False + AirPlayForcePairingPasswordForOutgoingRequests = $False + AppleNewsBlocked = $False + AppleWatchBlockPairing = $False + AppleWatchForceWristDetection = $False + AppStoreBlockAutomaticDownloads = $False + AppStoreBlocked = $False + AppStoreBlockInAppPurchases = $False + AppStoreBlockUIAppInstallation = $False + AppStoreRequirePassword = $False + AppsVisibilityList = @() + AppsVisibilityListType = 'none' + BluetoothBlockModification = $True + CameraBlocked = $False + CellularBlockDataRoaming = $False + CellularBlockGlobalBackgroundFetchWhileRoaming = $False + CellularBlockPerAppDataModification = $False + CellularBlockVoiceRoaming = $False + CertificatesBlockUntrustedTlsCertificates = $False + ClassroomAppBlockRemoteScreenObservation = $False + CompliantAppListType = 'none' + CompliantAppsList = @() + ConfigurationProfileBlockChanges = $False + DefinitionLookupBlocked = $False + Description = 'iOS Device Restriction Policy' + DeviceBlockEnableRestrictions = $True + DeviceBlockEraseContentAndSettings = $False + DeviceBlockNameModification = $False + DiagnosticDataBlockSubmission = $False + DiagnosticDataBlockSubmissionModification = $False + DocumentsBlockManagedDocumentsInUnmanagedApps = $False + DocumentsBlockUnmanagedDocumentsInManagedApps = $False + EmailInDomainSuffixes = @() + EnterpriseAppBlockTrust = $False + EnterpriseAppBlockTrustModification = $False + FaceTimeBlocked = $False + FindMyFriendsBlocked = $False + GameCenterBlocked = $False + GamingBlockGameCenterFriends = $True + GamingBlockMultiplayer = $False + HostPairingBlocked = $False + iBooksStoreBlocked = $False + iBooksStoreBlockErotica = $False + iCloudBlockActivityContinuation = $False + iCloudBlockBackup = $True + iCloudBlockDocumentSync = $True + iCloudBlockManagedAppsSync = $False + iCloudBlockPhotoLibrary = $False + iCloudBlockPhotoStreamSync = $True + iCloudBlockSharedPhotoStream = $False + iCloudRequireEncryptedBackup = $False + iTunesBlockExplicitContent = $False + iTunesBlockMusicService = $False + iTunesBlockRadio = $False + KeyboardBlockAutoCorrect = $False + KeyboardBlockPredictive = $False + KeyboardBlockShortcuts = $False + KeyboardBlockSpellCheck = $False + KioskModeAllowAssistiveSpeak = $False + KioskModeAllowAssistiveTouchSettings = $False + KioskModeAllowAutoLock = $False + KioskModeAllowColorInversionSettings = $False + KioskModeAllowRingerSwitch = $False + KioskModeAllowScreenRotation = $False + KioskModeAllowSleepButton = $False + KioskModeAllowTouchscreen = $False + KioskModeAllowVoiceOverSettings = $False + KioskModeAllowVolumeButtons = $False + KioskModeAllowZoomSettings = $False + KioskModeRequireAssistiveTouch = $False + KioskModeRequireColorInversion = $False + KioskModeRequireMonoAudio = $False + KioskModeRequireVoiceOver = $False + KioskModeRequireZoom = $False + LockScreenBlockControlCenter = $False + LockScreenBlockNotificationView = $False + LockScreenBlockPassbook = $False + LockScreenBlockTodayView = $False + MediaContentRatingApps = 'allAllowed' + messagesBlocked = $False + NotificationsBlockSettingsModification = $False + PasscodeBlockFingerprintUnlock = $False + PasscodeBlockModification = $False + PasscodeBlockSimple = $True + PasscodeMinimumLength = 4 + PasscodeRequired = $True + PasscodeRequiredType = 'deviceDefault' + PodcastsBlocked = $False + SafariBlockAutofill = $False + SafariBlocked = $False + SafariBlockJavaScript = $False + SafariBlockPopups = $False + SafariCookieSettings = 'browserDefault' + SafariManagedDomains = @() + SafariPasswordAutoFillDomains = @() + SafariRequireFraudWarning = $False + ScreenCaptureBlocked = $False + SiriBlocked = $False + SiriBlockedWhenLocked = $False + SiriBlockUserGeneratedContent = $False + SiriRequireProfanityFilter = $False + SpotlightBlockInternetResults = $False + VoiceDialingBlocked = $False + WallpaperBlockModification = $False + Ensure = 'Present' + Credential = $Credscredential + } IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' { - Id = '901c99e3-6429-4f02-851f-54b49a53f103' DisplayName = 'iOS DSC Policy' AccountBlockModification = $False ActivationLockAllowWhenSupervised = $False - AirDropBlocked = $False + AirDropBlocked = $True # Updated Property AirDropForceUnmanagedDropTarget = $False AirPlayForcePairingPasswordForOutgoingRequests = $False AppleNewsBlocked = $False @@ -1384,9 +2854,14 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' { - Id = '01fc772e-a2ef-4c33-8b57-29b7aa5243cb' DisplayName = 'MacOS device restriction' AddingGameCenterFriendsBlocked = $True AirDropBlocked = $False @@ -1482,11 +2957,368 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + AddingGameCenterFriendsBlocked = $True + AirDropBlocked = $True # Updated Property + AppleWatchBlockAutoUnlock = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + } + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20' + }) + CameraBlocked = $False + ClassroomAppBlockRemoteScreenObservation = $False + ClassroomAppForceUnpromptedScreenObservation = $False + ClassroomForceAutomaticallyJoinClasses = $False + ClassroomForceRequestPermissionToLeaveClasses = $False + ClassroomForceUnpromptedAppAndDeviceLock = $False + CompliantAppListType = 'appsNotInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphapplistitemMacOS { + name = 'appname2' + publisher = 'publisher' + appId = 'bundle' + } + ) + ContentCachingBlocked = $False + DefinitionLookupBlocked = $True + EmailInDomainSuffixes = @() + EraseContentAndSettingsBlocked = $False + GameCenterBlocked = $False + ICloudBlockActivityContinuation = $False + ICloudBlockAddressBook = $False + ICloudBlockBookmarks = $False + ICloudBlockCalendar = $False + ICloudBlockDocumentSync = $False + ICloudBlockMail = $False + ICloudBlockNotes = $False + ICloudBlockPhotoLibrary = $False + ICloudBlockReminders = $False + ICloudDesktopAndDocumentsBlocked = $False + ICloudPrivateRelayBlocked = $False + ITunesBlockFileSharing = $False + ITunesBlockMusicService = $False + KeyboardBlockDictation = $False + KeychainBlockCloudSync = $False + MultiplayerGamingBlocked = $False + PasswordBlockAirDropSharing = $False + PasswordBlockAutoFill = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockModification = $False + PasswordBlockProximityRequests = $False + PasswordBlockSimple = $False + PasswordRequired = $False + PasswordRequiredType = 'deviceDefault' + PrivacyAccessControls = @( + MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { + displayName = 'test' + identifier = 'test45' + identifierType = 'path' + codeRequirement = 'test' + blockCamera = $True + speechRecognition = 'notConfigured' + accessibility = 'notConfigured' + addressBook = 'enabled' + calendar = 'notConfigured' + reminders = 'notConfigured' + photos = 'notConfigured' + mediaLibrary = 'notConfigured' + fileProviderPresence = 'notConfigured' + systemPolicyAllFiles = 'notConfigured' + systemPolicySystemAdminFiles = 'notConfigured' + systemPolicyDesktopFolder = 'notConfigured' + systemPolicyDocumentsFolder = 'notConfigured' + systemPolicyDownloadsFolder = 'notConfigured' + systemPolicyNetworkVolumes = 'notConfigured' + systemPolicyRemovableVolumes = 'notConfigured' + postEvent = 'notConfigured' + } + ) + SafariBlockAutofill = $False + ScreenCaptureBlocked = $False + SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateNonOSDeferredInstallDelayInDays = 30 + SoftwareUpdatesEnforcedDelayInDays = 30 + SpotlightBlockInternetResults = $False + UpdateDelayPolicy = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility') + WallpaperModificationBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $False; + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } IntuneDeviceConfigurationPolicyWindows10 'Example' { AccountsBlockAddingNonMicrosoftAccountEmail = $False; ActivateAppsWithVoice = "notConfigured"; - AntiTheftModeBlocked = $False; + AntiTheftModeBlocked = $True; # Updated Property AppManagementMSIAllowUserControlOverInstall = $False; AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); @@ -1597,7 +3429,6 @@ ExperienceDoNotSyncBrowserSettings = "notConfigured"; FindMyFiles = "notConfigured"; GameDvrBlocked = $True; - Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; InkWorkspaceAccess = "notConfigured"; InkWorkspaceAccessState = "notConfigured"; InkWorkspaceBlockSuggestedApps = $False; @@ -1737,6 +3568,49 @@ WirelessDisplayBlockUserInputFromReceiver = $False; WirelessDisplayRequirePinForPairing = $False; } + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "device config"; + Ensure = "Absent"; + } + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 5; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'dns' + } + ); + DisplayName = "SCEP"; + Ensure = "Present"; + ExtendedKeyUsages = @( + MSFT_MicrosoftGraphextendedKeyUsage{ + ObjectIdentifier = '1.3.6.1.5.5.7.3.2' + Name = 'Client Authentication' + } + ); + HashAlgorithm = "sha2"; + KeySize = "size2048"; + KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; + KeyUsage = "digitalSignature"; + RenewalThresholdPercentage = 25; + ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; + } IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' { Assignments = @( @@ -1763,22 +3637,47 @@ Name = 'Client Authentication' } ); - HashAlgorithm = "sha2"; - Id = "0b9aef2f-1671-4260-8eb9-3ab3138e176a"; - KeySize = "size2048"; - KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; - KeyUsage = "digitalSignature"; - RenewalThresholdPercentage = 25; - ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); - SubjectAlternativeNameType = "none"; - SubjectNameFormat = "custom"; - SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; - RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; + HashAlgorithm = "sha2"; + KeySize = "size2048"; + KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; + KeyUsage = "digitalSignature"; + RenewalThresholdPercentage = 30; # Updated Property + ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; + } + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "SCEP"; + Ensure = "Absent"; + } + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + AllowPrinting = $True; + AllowScreenCapture = $True; + AllowTextSuggestion = $True; + AssessmentAppUserModelId = ""; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigurationAccount = "user@domain.com"; + ConfigurationAccountType = "azureADAccount"; + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Present"; + LaunchUri = "https://assessment.domain.com"; + LocalGuestAccountName = ""; } IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' { AllowPrinting = $True; - AllowScreenCapture = $True; + AllowScreenCapture = $False; # Updated Property AllowTextSuggestion = $True; AssessmentAppUserModelId = ""; Assignments = @( @@ -1792,10 +3691,15 @@ Credential = $Credscredential; DisplayName = "Secure Assessment"; Ensure = "Present"; - Id = "b46822c4-48af-422a-960b-92473bee56e0"; LaunchUri = "https://assessment.domain.com"; LocalGuestAccountName = ""; } + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Absent"; + } IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' { AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ @@ -1820,7 +3724,6 @@ Enabled = $True; Ensure = "Present"; FastFirstSignIn = "notConfigured"; - Id = "e77026f6-707e-417c-ad1a-8e1182d36832"; IdleTimeBeforeSleepInSeconds = 60; LocalStorage = "enabled"; MaintenanceStartTime = "00:03:00"; @@ -1829,6 +3732,44 @@ SetPowerPolicies = "enabled"; SignInOnResume = "enabled"; } + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ + CacheAccountsAboveDiskFreePercentage = 60 # Updated Property + AccountDeletionPolicy = 'diskSpaceThreshold' + RemoveAccountsBelowDiskFreePercentage = 20 + }; + AllowedAccounts = @("guest","domain"); + AllowLocalStorage = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisableAccountManager = $False; + DisableEduPolicies = $False; + DisablePowerPolicies = $False; + DisableSignInOnResume = $False; + DisplayName = "Shared Multi device"; + Enabled = $True; + Ensure = "Present"; + FastFirstSignIn = "notConfigured"; + IdleTimeBeforeSleepInSeconds = 60; + LocalStorage = "enabled"; + MaintenanceStartTime = "00:03:00"; + SetAccountManager = "enabled"; + SetEduPolicies = "enabled"; + SetPowerPolicies = "enabled"; + SignInOnResume = "enabled"; + } + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Shared Multi device"; + Ensure = "Absent"; + } IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' { Assignments = @( @@ -1842,9 +3783,29 @@ DestinationStore = "computerCertStoreRoot"; DisplayName = "Trusted Cert"; Ensure = "Present"; - Id = "169bf4fc-5914-40f4-ad33-48c225396183"; TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; } + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertFileName = "RootNew.cer"; # Updated Property + Credential = $Credscredential; + DestinationStore = "computerCertStoreRoot"; + DisplayName = "Trusted Cert"; + Ensure = "Present"; + TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; + } + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Trusted Cert"; + Ensure = "Absent"; + } IntuneDeviceConfigurationVpnPolicyWindows10 'Example' { Assignments = @( @@ -1874,7 +3835,6 @@ EnableSingleSignOnWithAlternateCertificate = $False; EnableSplitTunneling = $False; Ensure = "Present"; - Id = "9f3734d4-eb1e-46dc-b668-2f13bfa572ee"; ProfileTarget = "user"; ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ Port = 8081 @@ -1906,6 +3866,72 @@ ); TrustedNetworkDomains = @(); } + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AuthenticationMethod = "usernameAndPassword"; + ConnectionName = "Cisco VPN"; + ConnectionType = "ciscoAnyConnect"; + Credential = $Credscredential; + CustomXml = ""; + DisplayName = "VPN"; + DnsRules = @( + MSFT_MicrosoftGraphvpnDnsRule{ + Servers = @('10.0.1.10') + Name = 'NRPT rule' + Persistent = $True + AutoTrigger = $True + } + ); + DnsSuffixes = @("mydomain.com"); + EnableAlwaysOn = $True; + EnableConditionalAccess = $True; + EnableDnsRegistration = $True; + EnableSingleSignOnWithAlternateCertificate = $True; # Updated Property + EnableSplitTunneling = $False; + Ensure = "Present"; + ProfileTarget = "user"; + ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ + Port = 8081 + BypassProxyServerForLocalAddress = $True + AutomaticConfigurationScriptUrl = '' + Address = '10.0.10.100' + }; + RememberUserCredentials = $True; + ServerCollection = @( + MSFT_MicrosoftGraphvpnServer{ + IsDefaultServer = $True + Description = 'gateway1' + Address = '10.0.1.10' + } + ); + TrafficRules = @( + MSFT_MicrosoftGraphvpnTrafficRule{ + Name = 'VPN rule' + AppType = 'none' + LocalAddressRanges = @( + MSFT_MicrosoftGraphIPv4Range{ + UpperAddress = '10.0.2.240' + LowerAddress = '10.0.2.0' + } + ) + RoutingPolicyType = 'forceTunnel' + VpnTrafficDirection = 'outbound' + } + ); + TrustedNetworkDomains = @(); + } + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "VPN"; + Ensure = "Absent"; + } IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' { Assignments = @( @@ -1919,7 +3945,6 @@ Credential = $Credscredential; DisplayName = "Device restrictions (Windows 10 Team)"; Ensure = "Present"; - Id = "55308358-a4b9-4e26-bc75-7a6871836436"; MaintenanceWindowBlocked = $False; MaintenanceWindowDurationInHours = 1; MaintenanceWindowStartTime = "00:00:00"; @@ -1933,6 +3958,38 @@ WelcomeScreenBlockAutomaticWakeUp = $True; WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; } + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AzureOperationalInsightsBlockTelemetry = $False; # Updated Property + ConnectAppBlockAutoLaunch = $True; + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Present"; + MaintenanceWindowBlocked = $False; + MaintenanceWindowDurationInHours = 1; + MaintenanceWindowStartTime = "00:00:00"; + MiracastBlocked = $True; + MiracastChannel = "oneHundredFortyNine"; + MiracastRequirePin = $True; + SettingsBlockMyMeetingsAndFiles = $True; + SettingsBlockSessionResume = $True; + SettingsBlockSigninSuggestions = $True; + SupportsScopeTags = $True; + WelcomeScreenBlockAutomaticWakeUp = $True; + WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; + } + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Absent"; + } IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' { Assignments = @( @@ -1954,7 +4011,6 @@ EapType = 'teap' Enforce8021X = $True Ensure = 'Present' - Id = 'ff8049cd-a1f8-4417-b937-d455a02cce2a' MaximumAuthenticationFailures = 5 MaximumEAPOLStartMessages = 5 SecondaryAuthenticationMethod = 'certificate' @@ -1962,6 +4018,40 @@ RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' } + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + AuthenticationBlockPeriodInMinutes = 5 + AuthenticationMethod = 'usernameAndPassword' + AuthenticationPeriodInSeconds = 55 # Updated Property + AuthenticationRetryDelayPeriodInSeconds = 5 + AuthenticationType = 'machine' + CacheCredentials = $True + Credential = $Credscredential + DisplayName = 'Wired Network' + EapolStartPeriodInSeconds = 5 + EapType = 'teap' + Enforce8021X = $True + Ensure = 'Present' + MaximumAuthenticationFailures = 5 + MaximumEAPOLStartMessages = 5 + SecondaryAuthenticationMethod = 'certificate' + TrustedServerCertificateNames = @('srv.domain.com') + RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') + SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' + } + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Credential = $Credscredential + DisplayName = 'Wired Network' + Ensure = 'Present' + } IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' { DisplayName = 'My DSC Limit' @@ -1970,6 +4060,65 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' + { + DisplayName = 'My DSC Limit' + Description = 'My Restriction' + Limit = 11 # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' + { + DisplayName = 'My DSC Limit' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }); + Credential = $Credscredential + Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; + DeviceEnrollmentConfigurationType = "platformRestrictions"; + DisplayName = "All users and all devices"; + Ensure = "Present"; + IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True + personalDeviceEnrollmentBlocked = $False + }; + WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + } IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' { AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ @@ -1990,9 +4139,8 @@ DeviceEnrollmentConfigurationType = "platformRestrictions"; DisplayName = "All users and all devices"; Ensure = "Present"; - Identity = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultPlatformRestrictions"; IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False + platformBlocked = $True # Updated Property personalDeviceEnrollmentBlocked = $False }; MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ @@ -2016,6 +4164,12 @@ personalDeviceEnrollmentBlocked = $False }; } + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + Credential = $Credscredential + DisplayName = "All users and all devices"; + Ensure = "Absent"; + } IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' { AllowDeviceResetOnInstallFailure = $True; @@ -2034,7 +4188,6 @@ DisableUserStatusTrackingAfterFirstUser = $True; DisplayName = "All users and all devices"; Ensure = "Present"; - Id = "5b0e1dba-4523-455e-9fdd-e36c833b57bf_DefaultWindows10EnrollmentCompletionPageConfiguration"; InstallProgressTimeoutInMinutes = 60; InstallQualityUpdates = $False; Priority = 0; @@ -2043,18 +4196,62 @@ TrackInstallProgressForAutopilotOnly = $True; Credential = $Credscredential } + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AllowDeviceResetOnInstallFailure = $True; + AllowDeviceUseOnInstallFailure = $False; # Updated Property + AllowLogCollectionOnInstallFailure = $True; + AllowNonBlockingAppInstallation = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + BlockDeviceSetupRetryByUser = $False; + CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; + Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; + DisableUserStatusTrackingAfterFirstUser = $True; + DisplayName = "All users and all devices"; + Ensure = "Present"; + InstallProgressTimeoutInMinutes = 60; + InstallQualityUpdates = $False; + Priority = 0; + SelectedMobileAppIds = @(); + ShowInstallationProgress = $True; + TrackInstallProgressForAutopilotOnly = $True; + Credential = $Credscredential + } + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + DisplayName = "All users and all devices"; + Ensure = "Absent"; + Credential = $Credscredential + } IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' { - Identity = 'f6d1d1bc-d78f-4a5a-8f1b-0d95a60b0bc1' DisplayName = 'Edr Policy' Assignments = @() Description = 'My revised description' Ensure = 'Present' Credential = $Credscredential } + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Assignments = @() + Description = 'My updated description' # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' { - Identity = '130539f6-2be7-4dbc-a58e-ed638cadb186' DisplayName = 'exploit Protection policy with assignments' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -2212,6 +4409,171 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + }) + Description = '' + disallowexploitprotectionoverride = '1' + exploitprotectionsettings = " + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + " # Updated Property + Ensure = 'Present' + Credential = $Credscredential + } + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Ensure = 'Absent' + Credential = $Credscredential + } IntunePolicySets 'Example' { Credential = $Credscredential; @@ -2231,7 +4593,6 @@ DisplayName = "Example"; Ensure = "Present"; GuidedDeploymentTags = @(); - Id = "12345678-5678-5678-5678-1234567890ab"; Items = @( MSFT_DeviceManagementConfigurationPolicyItems{ guidedDeploymentTags = @() @@ -2243,9 +4604,44 @@ ); RoleScopeTags = @("0","1"); } + IntunePolicySets 'Example' + { + Credential = $Credscredential; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '12345678-1234-1234-1234-1234567890ab' + } + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '12345678-4321-4321-4321-1234567890ab' + } + ); + Description = "Example"; + DisplayName = "Example"; + Ensure = "Present"; + GuidedDeploymentTags = @(); + Items = @( + MSFT_DeviceManagementConfigurationPolicyItems{ + guidedDeploymentTags = @() + payloadId = 'T_12345678-90ab-90ab-90ab-1234567890ab' + displayName = 'Example-Policy' + dataType = '#microsoft.graph.managedAppProtectionPolicySetItem' + itemType = '#microsoft.graph.androidManagedAppProtection' + } + ); + RoleScopeTags = @("0","1","2"); # Updated Property + } + IntunePolicySets 'Example' + { + Credential = $Credscredential; + DisplayName = "Example"; + Ensure = "Absent"; + } IntuneRoleAssignment 'IntuneRoleAssignment' { - Id = '20556aad-3d16-465a-890c-cf915ae1cd60' DisplayName = 'test2' Description = 'test2' Members = @('') @@ -2258,9 +4654,28 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Description = 'test Updated' # Updated Property + Members = @('') + MembersDisplayNames = @('SecGroup2') + ResourceScopes = @('6eb76881-f56f-470f-be0d-672145d3dcb1') + ResourceScopesDisplayNames = @('') + ScopeType = 'resourceScope' + RoleDefinition = '2d00d0fd-45e9-4166-904f-b76ac5eed2c7' + RoleDefinitionDisplayName = 'This is my role' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneRoleDefinition 'IntuneRoleDefinition' { - Id = 'f84bc63b-a377-4d90-8f4a-1de84d36a429' DisplayName = 'This is my role' allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') Description = 'My role defined by me.' @@ -2270,9 +4685,25 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') + Description = 'My role defined by me.' + IsBuiltIn = $True # Updated Property + notallowedResourceActions = @() + roleScopeTagIds = @('0', '1') + Ensure = 'Present' + Credential = $Credscredential + } + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' { - Identity = '80d22119-b8cf-466d-bfc5-c2dca1d90f43' DisplayName = 'asr 2' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -2286,6 +4717,27 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + }) + attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') + blockabuseofexploitedvulnerablesigneddrivers = 'audit' # Updated Property + blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' + Description = 'Post' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneSettingCatalogCustomPolicyWindows10 'Example' { Credential = $Credscredential @@ -2297,7 +4749,6 @@ ); Description = ""; Ensure = "Present"; - Id = "4e300eed-1d37-493e-a680-12988874587g"; Name = "Setting Catalog Raw - DSC"; Platforms = "windows10"; Settings = @( @@ -2359,9 +4810,86 @@ ); Technologies = "mdm"; } + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Description = "Updated Description"; # Updated Property + Ensure = "Present"; + Name = "Setting Catalog Raw - DSC"; + Platforms = "windows10"; + Settings = @( + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration' + simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{ + odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + StringValue = '' + } + odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + ); + Technologies = "mdm"; + } + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Ensure = "Absent"; + Name = "Setting Catalog Raw - DSC"; + } IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' { - Id = '41869a42-3217-4bfa-9929-92668fc674c5' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { deviceAndAppManagementAssignmentFilterType = 'none' @@ -2377,9 +4905,31 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $True + DisplayName = 'Wifi Configuration Androind Device' + NetworkName = 'b71f8c63-8140-4c7e-b818-f9b4aa98b79b' + Ssid = 'sf' + WiFiSecurityType = 'wpaEnterprise' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + DisplayName = 'Wifi Configuration Androind Device' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' { - Id = '7d9c4870-e07f-488a-be17-9e1beec45ac3' DisplayName = 'Wifi - androidForWork' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments @@ -2397,9 +4947,33 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'myNetwork' + PreSharedKeyIsSet = $True + ProxySettings = 'none' + Ssid = 'MySSID - 3' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' { - Id = 'b6c59816-7f9b-4f7a-a2a2-13a29c8bc315' DisplayName = 'wifi - android BYOD' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments @@ -2416,42 +4990,135 @@ Ensure = 'Present' Credential = $Credscredential } - IntuneWifiConfigurationPolicyAndroidForWork 'Example' + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $True # Updated Property + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'f8b79489-84fc-4434-b964-2a18dfe08f88' + Ssid = 'MySSID' + WiFiSecurityType = 'open' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Description = 'DSC' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + deviceAndAppManagementAssignmentFilterType = 'include' + deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' + groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' + collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' + } + ) + ConnectAutomatically = $true + ConnectWhenNetworkNameIsHidden = $true + NetworkName = 'CorpNet' + Ssid = 'WiFi' + WiFiSecurityType = 'wpa2Enterprise' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Description = 'DSC' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + deviceAndAppManagementAssignmentFilterType = 'include' + deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' + groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' + collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' + } + ) + ConnectAutomatically = $true # Updated Property + ConnectWhenNetworkNameIsHidden = $true + NetworkName = 'CorpNet' + Ssid = 'WiFi' + WiFiSecurityType = 'wpa2Enterprise' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' + { + DisplayName = 'wifi aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $True + NetworkName = 'aaaa' + PreSharedKeyIsSet = $True + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' { - Id = '41b6b491-9938-42d1-861a-c41762040ddb' - DisplayName = 'AndroindForWork' - Description = 'DSC' + DisplayName = 'wifi aosp' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - deviceAndAppManagementAssignmentFilterType = 'include' - deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' - groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' - collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' } ) - ConnectAutomatically = $true - ConnectWhenNetworkNameIsHidden = $true - NetworkName = 'CorpNet' - Ssid = 'WiFi' - WiFiSecurityType = 'wpa2Enterprise' + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $True + NetworkName = 'Updated Network' # Updated Property + PreSharedKeyIsSet = $True + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' Ensure = 'Present' Credential = $Credscredential } IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' { - Id = 'fe0a93dc-e9cc-4d4b-8dd6-361c51c70f77' DisplayName = 'wifi aosp' + Ensure = 'Absent' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' } ) - ConnectAutomatically = $False + ConnectAutomatically = $True ConnectWhenNetworkNameIsHidden = $True - NetworkName = 'aaaa' - PreSharedKeyIsSet = $True + DisableMacAddressRandomization = $True + NetworkName = 'aaaaa' + ProxyAutomaticConfigurationUrl = 'THSCP.local' + ProxySettings = 'automatic' Ssid = 'aaaaa' WiFiSecurityType = 'wpaPersonal' Ensure = 'Present' @@ -2459,7 +5126,6 @@ } IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' { - Id = '8e809b9e-0032-40b7-b263-e6029daf8e9c' DisplayName = 'ios wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -2470,7 +5136,7 @@ ConnectAutomatically = $True ConnectWhenNetworkNameIsHidden = $True DisableMacAddressRandomization = $True - NetworkName = 'aaaaa' + NetworkName = 'Updated Network' # Updated Property ProxyAutomaticConfigurationUrl = 'THSCP.local' ProxySettings = 'automatic' Ssid = 'aaaaa' @@ -2478,9 +5144,14 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' { - Id = 'cad22363-785b-4820-9909-28d5f35048c2' DisplayName = 'macos wifi' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -2498,9 +5169,33 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $False # Updated Property + NetworkName = 'ea1cf5d7-8d3e-40ca-9cb8-b8c8a4c6170b' + ProxyAutomaticConfigurationUrl = 'AZ500PrivateEndpoint22' + ProxySettings = 'automatic' + Ssid = 'aaaaaaaaaaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' { - Id = '2273c683-7590-4c56-81d3-14adb6b3d19c' DisplayName = 'win10 wifi - revised' Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments { @@ -2521,6 +5216,34 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectToPreferredNetwork = $False # Updated Property + ConnectWhenNetworkNameIsHidden = $True + ForceFIPSCompliance = $True + MeteredConnectionLimit = 'fixed' + NetworkName = 'MyWifi' + ProxyAutomaticConfigurationUrl = 'https://proxy.contoso.com' + ProxySetting = 'automatic' + Ssid = 'ssid' + WifiSecurityType = 'wpa2Personal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' { Assignments = @(); @@ -2533,7 +5256,6 @@ Ensure = "Present"; ExtractHardwareHash = $False; HybridAzureADJoinSkipConnectivityCheck = $True; - Id = "36b4d209-c9af-487f-8cf2-8397cefbc29a"; Language = "os-default"; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ HideEULA = $True @@ -2544,6 +5266,34 @@ UserType = 'standard' }; } + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Assignments = @(); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = ""; + DeviceType = "windowsPc"; + DisplayName = "hybrid"; + EnableWhiteGlove = $False; # Updated Property + Ensure = "Present"; + ExtractHardwareHash = $False; + HybridAzureADJoinSkipConnectivityCheck = $True; + Language = "os-default"; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $False + UserType = 'standard' + }; + } + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Credential = $Credscredential; + DisplayName = "hybrid"; + Ensure = "Absent"; + } IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' { Assignments = @( @@ -2560,7 +5310,6 @@ EnableWhiteGlove = $True; Ensure = "Present"; ExtractHardwareHash = $True; - Id = "30914319-d49b-46da-b054-625d933c5769"; Language = ""; OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ HideEULA = $False @@ -2571,9 +5320,40 @@ UserType = 'administrator' }; } + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = "test"; + DeviceType = "windowsPc"; + DisplayName = "AAD"; + EnableWhiteGlove = $False; # Updated Property + Ensure = "Present"; + ExtractHardwareHash = $True; + Language = ""; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ + HideEULA = $False + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + }; + } + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Credential = $Credscredential; + DisplayName = "AAD"; + Ensure = "Absent"; + } IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' { - Id = 'M_5c927889-a683-4588-afdb-4c90aa5e7e93' DisplayName = 'WIP' AzureRightsManagementServicesAllowed = $False Description = 'DSC' @@ -2610,9 +5390,52 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + AzureRightsManagementServicesAllowed = $False + Description = 'DSC' + EnforcementLevel = 'encryptAndAuditOnly' + EnterpriseDomain = 'domain.com' # Updated Property + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection { + DisplayName = 'ipv4 range' + Ranges = @( + MSFT_MicrosoftGraphIpRange { + UpperAddress = '1.1.1.3' + LowerAddress = '1.1.1.1' + odataType = '#microsoft.graph.iPv4Range' + } + ) + } + ) + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + IconsVisible = $False + IndexingEncryptedStoresOrItemsBlocked = $False + ProtectedApps = @( + MSFT_MicrosoftGraphwindowsInformationProtectionApp { + Description = 'Microsoft.MicrosoftEdge' + odataType = '#microsoft.graph.windowsInformationProtectionStoreApp' + Denied = $False + PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' + ProductName = 'Microsoft.MicrosoftEdge' + DisplayName = 'Microsoft Edge' + } + ) + ProtectionUnderLockConfigRequired = $False + RevokeOnUnenrollDisabled = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' { - Id = 'b5d1020d-f641-42a0-a882-82f3358bf4c5' DisplayName = 'WUfB Feature -dsc' Assignments = @() Description = 'test 2' @@ -2623,9 +5446,26 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Feature -dsc' + Assignments = @() + Description = 'test 2' + FeatureUpdateVersion = 'Windows 10, version 22H2' + RolloutSettings = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings { + OfferStartDateTimeInUTC = '2023-02-05T16:00:00.0000000+00:00' # Updated Property + } + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Feature -dsc' + Ensure = 'Absent' + Credential = $Credscredential + } IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' { - Id = 'f2a9a546-6087-45b9-81da-59994e79dfd2' DisplayName = 'WUfB Ring' AllowWindows11Upgrade = $False Assignments = @( @@ -2668,6 +5508,56 @@ Ensure = 'Present' Credential = $Credscredential } + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + AllowWindows11Upgrade = $True # Updated Property + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + AutomaticUpdateMode = 'autoInstallAtMaintenanceTime' + AutoRestartNotificationDismissal = 'notConfigured' + BusinessReadyUpdatesOnly = 'userDefined' + DeadlineForFeatureUpdatesInDays = 1 + DeadlineForQualityUpdatesInDays = 2 + DeadlineGracePeriodInDays = 3 + DeliveryOptimizationMode = 'userDefined' + Description = '' + DriversExcluded = $False + FeatureUpdatesDeferralPeriodInDays = 0 + FeatureUpdatesPaused = $False + FeatureUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackWindowInDays = 10 + InstallationSchedule = MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType { + ActiveHoursStart = '08:00:00' + ActiveHoursEnd = '17:00:00' + odataType = '#microsoft.graph.windowsUpdateActiveHoursInstall' + } + MicrosoftUpdateServiceAllowed = $True + PostponeRebootUntilAfterDeadline = $False + PrereleaseFeatures = 'userDefined' + QualityUpdatesDeferralPeriodInDays = 0 + QualityUpdatesPaused = $False + QualityUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + QualityUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + SkipChecksBeforeRestart = $False + UpdateNotificationLevel = 'defaultNotifications' + UserPauseAccess = 'enabled' + UserWindowsUpdateScanAccess = 'enabled' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + Ensure = 'Absent' + Credential = $Credscredential + } } } From 921c67a57075048ba902276c61ee025b6cee8d18 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 15 Dec 2023 08:22:45 -0500 Subject: [PATCH 11/58] Improved Integration Test Engine --- .../Global - Integration - INTUNE.yml | 20 +- Tests/Integration/M365DSCTestEngine.psm1 | 14 +- .../M365DSCIntegration.INTUNE.Tests.ps1 | 5582 ----------------- 3 files changed, 20 insertions(+), 5596 deletions(-) delete mode 100644 Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 diff --git a/.github/workflows/Global - Integration - INTUNE.yml b/.github/workflows/Global - Integration - INTUNE.yml index c7ecf9667f..f7f4b103c4 100644 --- a/.github/workflows/Global - Integration - INTUNE.yml +++ b/.github/workflows/Global - Integration - INTUNE.yml @@ -28,33 +28,33 @@ jobs: Get-ChildItem "C:\Program Files\WindowsPowerShell\Modules" -Recurse | Unblock-File Set-M365DSCTelemetryOption -Enabled $false Set-Item -Path WSMan:\localhost\MaxEnvelopeSizekb -Value 99999 - - name: Generate Integration Tests from Examples + - name: Generate {Create} Integration Tests from Examples shell: pwsh run: | Import-Module './Tests/Integration/M365DSCTestEngine.psm1' - New-M365DSCIntegrationTest -Workload INTUNE - - name: Commit Integration Tests + New-M365DSCIntegrationTest -Workload INTUNE -Step '1-Create' + - name: Commit {Create} Integration Tests shell: pwsh run: | git config --local user.email "nicharl@microsoft.com" git config --local user.name "NikCharlebois" git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/Integration/* git pull - git commit -m "Updated Intune Integration Tests" + git commit -m "Updated {Create} Intune Integration Tests" git push $SHA = git rev-parse HEAD echo "commitid=$SHA" >> $env:GITHUB_OUTPUT - - name: Run Integration Tests + - name: Run {Create} Integration Tests shell: powershell env: - PUBLIC_USERNAME: ${{ secrets.PUBLIC_USERNAME }} - PUBLIC_PASSWORD: ${{ secrets.PUBLIC_PASSWORD }} + PUBLIC_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} + PUBLIC_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} run: | - $CredPassword = ConvertTo-SecureString $env:PUBLIC_PASSWORD -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ($env:PUBLIC_USERNAME, $CredPassword) + $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword) try { - & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.INTUNE.Tests.ps1 -Credential $Credential + & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.INTUNE.Create.Tests.ps1 -Credential $Credential } catch { diff --git a/Tests/Integration/M365DSCTestEngine.psm1 b/Tests/Integration/M365DSCTestEngine.psm1 index c3e3d26193..566d1e11ce 100644 --- a/Tests/Integration/M365DSCTestEngine.psm1 +++ b/Tests/Integration/M365DSCTestEngine.psm1 @@ -4,9 +4,14 @@ function New-M365DSCIntegrationTest { [CmdletBinding()] param( - [Parameter()] + [Parameter(Mandatory = $true)] + [System.String] + $Workload, + + [Parameter(Mandatory = $true)] + [ValidateSet('1-Create', '2-Update', '3-Remove')] [System.String] - $Workload + $Step ) # Initialize Master Integration configuration $masterIntegrationConfig = @' @@ -34,7 +39,7 @@ function New-M365DSCIntegrationTest '@ # Fetching examples - $exampleFiles = Get-ChildItem -Path ".\Modules\Microsoft365DSC\Examples\Resources\*.ps1" -Recurse + $exampleFiles = Get-ChildItem -Path ".\Modules\Microsoft365DSC\Examples\Resources\*$Step.ps1" -Recurse foreach ($file in $exampleFiles) { if ($file.FullName -like "*Modules\Microsoft365DSC\Examples\Resources\$Workload*") @@ -100,7 +105,8 @@ function New-M365DSCIntegrationTest '@ # Saving Master Integration configuration to file - Set-Content -Value $masterIntegrationConfig -Path ".\Tests\Integration\Microsoft365DSC\M365DSCIntegration.$Workload.Tests.ps1" + $StepValue = $Step.Split('-')[1] + Set-Content -Value $masterIntegrationConfig -Path ".\Tests\Integration\Microsoft365DSC\M365DSCIntegration.$Workload.$StepValue.Tests.ps1" } Export-ModuleMember -Function @( diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 deleted file mode 100644 index 865d4a59be..0000000000 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Tests.ps1 +++ /dev/null @@ -1,5582 +0,0 @@ - param - ( - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential - ) - - Configuration Master - { - param - ( - [Parameter(Mandatory = $true)] - [System.Management.Automation.PSCredential] - $Credscredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - $Domain = $Credscredential.Username.Split('@')[1] - Node Localhost - { - IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' - { - DisplayName = "Account Protection LAPS Policy"; - Description = "My revised description"; - Ensure = "Present"; - Credential = $Credscredential - Assignments = @( - MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - BackupDirectory = "1"; - PasswordAgeDays_AAD = 10; - AdministratorAccountName = "Administrator"; - PasswordAgeDays = 20; - } - IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' - { - DisplayName = "Account Protection LAPS Policy"; - Description = "My revised description"; - Ensure = "Present"; - Credential = $Credscredential - Assignments = @( - MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - BackupDirectory = "1"; - PasswordAgeDays_AAD = 15; # Updated Property - AdministratorAccountName = "Administrator"; - PasswordAgeDays = 20; - } - IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' - { - DisplayName = "Account Protection LAPS Policy"; - Description = "My revised description"; - Ensure = "Absent"; - Credential = $Credscredential - } - IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' - { - DisplayName = "Account Protection LUGM Policy"; - Description = "My revised description"; - Ensure = "Present"; - Credential = $Credscredential - Assignments = @( - MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - LocalUserGroupCollection = @( - MSFT_IntuneAccountProtectionLocalUserGroupCollection{ - LocalGroups = @('administrators', 'users') - Members = @('S-1-12-1-1167842105-1150511762-402702254-1917434032') - Action = 'add_update' - UserSelectionType = 'users' - } - ); - } - IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' - { - DisplayName = "Account Protection LUGM Policy"; - Description = "My revised description"; - Ensure = "Present"; - Credential = $Credscredential - Assignments = @(); # Updated Property - LocalUserGroupCollection = @( - MSFT_IntuneAccountProtectionLocalUserGroupCollection{ - LocalGroups = @('administrators', 'users') - Members = @('S-1-12-1-1167842105-1150511762-402702254-1917434032') - Action = 'add_update' - UserSelectionType = 'users' - } - ); - } - IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' - { - DisplayName = "Account Protection LUGM Policy"; - Description = "My revised description"; - Ensure = "Absent"; - Credential = $Credscredential - } - IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' - { - DisplayName = 'test' - deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true - PinMinimumLength = 5 - PinSpecialCharactersUsage = 'required' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' - { - DisplayName = 'test' - deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true - PinMinimumLength = 10 # Updated Property - PinSpecialCharactersUsage = 'required' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' - { - DisplayName = 'test' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' - { - DisplayName = 'av exclusions' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - }) - Description = '' - excludedextensions = @('.exe') - excludedpaths = @('c:\folders\', 'c:\folders2\') - excludedprocesses = @('processes.exe', 'process2.exe') - templateId = '45fea5e9-280d-4da1-9792-fb5736da0ca9_1' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' - { - DisplayName = 'av exclusions' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - }) - Description = '' - excludedextensions = @('.exe') - excludedpaths = @('c:\folders\', 'c:\folders2\') - excludedprocesses = @('processes.exe', 'process3.exe') # Updated Property - templateId = '45fea5e9-280d-4da1-9792-fb5736da0ca9_1' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' - { - DisplayName = 'av exclusions' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneAppConfigurationPolicy 'AddAppConfigPolicy' - { - DisplayName = 'ContosoNew' - Description = 'New Contoso Policy' - Credential = $Credscredential; - CustomSettings = @( - MSFT_IntuneAppConfigurationPolicyCustomSetting { - name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' - value = 'https://www.aol.com' - } - MSFT_IntuneAppConfigurationPolicyCustomSetting { - name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' - value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' - } - MSFT_IntuneAppConfigurationPolicyCustomSetting { - name = 'Test' - value = 'TestValue' - }); - Ensure = 'Present' - } - IntuneAppConfigurationPolicy 'AddAppConfigPolicy' - { - DisplayName = 'ContosoNew' - Description = 'New Contoso Policy' - Credential = $Credscredential; - CustomSettings = @( - MSFT_IntuneAppConfigurationPolicyCustomSetting { - name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' - value = 'https://www.aol.com' - } - MSFT_IntuneAppConfigurationPolicyCustomSetting { - name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' - value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' - } - MSFT_IntuneAppConfigurationPolicyCustomSetting { # Updated Property - name = 'Test2' - value = 'TestValue2' - }); - Ensure = 'Present' - } - IntuneAppConfigurationPolicy 'AddAppConfigPolicy' - { - DisplayName = 'ContosoNew' - Description = 'New Contoso Policy' - Credential = $Credscredential; - Ensure = 'Absent' - } - IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' - { - DisplayName = 'Windows 10 Desktops' - Description = 'All windows 10 Desktops' - AppLockerApplicationControl = 'enforceComponentsAndStoreApps' - SmartScreenBlockOverrideForFiles = $True - SmartScreenEnableInShell = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' - { - DisplayName = 'Windows 10 Desktops' - Description = 'All windows 10 Desktops' - AppLockerApplicationControl = 'enforceComponentsAndStoreApps' - SmartScreenBlockOverrideForFiles = $False # Updated Property - SmartScreenEnableInShell = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' - { - DisplayName = 'Windows 10 Desktops' - Description = 'All windows 10 Desktops' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' - { - DisplayName = 'My DSC Android App Protection Policy' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - ContactSyncBlocked = $false - DataBackupBlocked = $false - Description = '' - DeviceComplianceRequired = $True - DisableAppPinIfDevicePinIsSet = $True - FingerprintBlocked = $False - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $false - PinRequired = $True - PrintBlocked = $True - SaveAsBlocked = $True - SimplePinBlocked = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' - { - DisplayName = 'My DSC Android App Protection Policy' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - ContactSyncBlocked = $true # Updated Property - DataBackupBlocked = $false - Description = '' - DeviceComplianceRequired = $True - DisableAppPinIfDevicePinIsSet = $True - FingerprintBlocked = $False - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $false - PinRequired = $True - PrintBlocked = $True - SaveAsBlocked = $True - SimplePinBlocked = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' - { - DisplayName = 'My DSC Android App Protection Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' - { - DisplayName = 'My DSC iOS App Protection Policy' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - FingerprintBlocked = $False - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 5 - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodOfflineBeforeAccessCheck = 'PT12H' - PeriodOfflineBeforeWipeIsEnforced = 'P90D' - PeriodOnlineBeforeAccessCheck = 'PT30M' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' - { - DisplayName = 'My DSC iOS App Protection Policy' - AllowedDataStorageLocations = @('sharePoint') - AllowedInboundDataTransferSources = 'managedApps' - AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' - AllowedOutboundDataTransferDestinations = 'managedApps' - AppDataEncryptionType = 'whenDeviceLocked' - Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') - ContactSyncBlocked = $False - DataBackupBlocked = $False - Description = '' - DeviceComplianceRequired = $True - FingerprintBlocked = $False - ManagedBrowserToOpenLinksRequired = $True - MaximumPinRetries = 7 # Updated Property - MinimumPinLength = 4 - OrganizationalCredentialsRequired = $False - PeriodOfflineBeforeAccessCheck = 'PT12H' - PeriodOfflineBeforeWipeIsEnforced = 'P90D' - PeriodOnlineBeforeAccessCheck = 'PT30M' - PinCharacterSet = 'alphanumericAndSymbol' - PinRequired = $True - PrintBlocked = $False - SaveAsBlocked = $True - SimplePinBlocked = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' - { - DisplayName = 'My DSC iOS App Protection Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' - { - DisplayName = 'test' - AdditionalGuardedFolders = @() - AdobeReaderLaunchChildProcess = 'auditMode' - AdvancedRansomewareProtectionType = 'enable' - Assignments = @() - AttackSurfaceReductionExcludedPaths = @('c:\Novo') - BlockPersistenceThroughWmiType = 'auditMode' - Description = '' - EmailContentExecutionType = 'auditMode' - GuardedFoldersAllowedAppPaths = @() - GuardMyFoldersType = 'enable' - OfficeAppsExecutableContentCreationOrLaunchType = 'block' - OfficeAppsLaunchChildProcessType = 'auditMode' - OfficeAppsOtherProcessInjectionType = 'block' - OfficeCommunicationAppsLaunchChildProcess = 'auditMode' - OfficeMacroCodeAllowWin32ImportsType = 'block' - PreventCredentialStealingType = 'enable' - ProcessCreationType = 'block' - ScriptDownloadedPayloadExecutionType = 'block' - ScriptObfuscatedMacroCodeType = 'block' - UntrustedExecutableType = 'block' - UntrustedUSBProcessType = 'block' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' - { - DisplayName = 'test' - AdditionalGuardedFolders = @() - AdobeReaderLaunchChildProcess = 'auditMode' - AdvancedRansomewareProtectionType = 'enable' - Assignments = @() - AttackSurfaceReductionExcludedPaths = @('c:\Novo') - BlockPersistenceThroughWmiType = 'auditMode' - Description = '' - EmailContentExecutionType = 'auditMode' - GuardedFoldersAllowedAppPaths = @() - GuardMyFoldersType = 'enable' - OfficeAppsExecutableContentCreationOrLaunchType = 'block' - OfficeAppsLaunchChildProcessType = 'auditMode' - OfficeAppsOtherProcessInjectionType = 'block' - OfficeCommunicationAppsLaunchChildProcess = 'auditMode' - OfficeMacroCodeAllowWin32ImportsType = 'block' - PreventCredentialStealingType = 'enable' - ProcessCreationType = 'userDefined' # Updated Property - ScriptDownloadedPayloadExecutionType = 'block' - ScriptObfuscatedMacroCodeType = 'block' - UntrustedExecutableType = 'block' - UntrustedUSBProcessType = 'block' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' - { - DisplayName = 'test' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' - { - DisplayName = 'asr ConfigMgr' - blockadobereaderfromcreatingchildprocesses = "block"; - Description = 'My revised description' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' - { - DisplayName = 'asr ConfigMgr' - blockadobereaderfromcreatingchildprocesses = "audit"; # Updated Property - Description = 'My revised description' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' - { - DisplayName = 'asr ConfigMgr' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' - { - DisplayName = 'Test Device Filter' - Description = 'This is a new Filter' - Platform = 'windows10AndLater' - Rule = "(device.manufacturer -ne `"Microsoft Corporation`")" - Ensure = 'Present' - Credential = $intuneAdmin - } - IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' - { - DisplayName = 'Test Device Filter' - Description = 'This is a new Filter' - Platform = 'windows10AndLater' - Rule = "(device.manufacturer -ne `"Apple`")" # Updated Property - Ensure = 'Present' - Credential = $intuneAdmin - } - IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' - { - DisplayName = 'Test Device Filter' - Ensure = 'Absent' - Credential = $intuneAdmin - } - IntuneDeviceCategory 'ConfigureDeviceCategory' - { - DisplayName = 'Contoso' - Description = 'Contoso Category' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCategory 'ConfigureDeviceCategory' - { - DisplayName = 'Contoso' - Description = 'Contoso Category - Updated' # Updated Property - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCategory 'ConfigureDeviceCategory' - { - DisplayName = 'Contoso' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceCleanupRule 'Example' - { - Enabled = $true - IsSingleInstance = 'Yes' - DeviceInactivityBeforeRetirementInDays = 25 # Updated Property - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' - { - DisplayName = 'Test Policy' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - osMinimumVersion = '7' - PasswordExpirationDays = 90 - PasswordMinimumLength = 6 - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordPreviousPasswordBlockCount = 10 - PasswordRequired = $True - PasswordRequiredType = 'deviceDefault' - SecurityBlockJailbrokenDevices = $False - SecurityDisableUsbDebugging = $False - SecurityPreventInstallAppsFromUnknownSources = $False - SecurityRequireCompanyPortalAppIntegrity = $False - SecurityRequireGooglePlayServices = $False - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - SecurityRequireUpToDateSecurityProviders = $False - SecurityRequireVerifyApps = $False - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' - { - DisplayName = 'Test Policy' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - osMinimumVersion = '7' - PasswordExpirationDays = 90 - PasswordMinimumLength = 8 # Updated Property - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordPreviousPasswordBlockCount = 10 - PasswordRequired = $True - PasswordRequiredType = 'deviceDefault' - SecurityBlockJailbrokenDevices = $False - SecurityDisableUsbDebugging = $False - SecurityPreventInstallAppsFromUnknownSources = $False - SecurityRequireCompanyPortalAppIntegrity = $False - SecurityRequireGooglePlayServices = $False - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - SecurityRequireUpToDateSecurityProviders = $False - SecurityRequireVerifyApps = $False - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' - { - DisplayName = 'Test Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' - { - DisplayName = 'DeviceOwner' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - OsMinimumVersion = '10' - OsMaximumVersion = '11' - PasswordRequired = $True - PasswordMinimumLength = 6 - PasswordRequiredType = 'numericComplex' - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordExpirationDays = 90 - PasswordPreviousPasswordCountToBlock = 13 - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' - { - DisplayName = 'DeviceOwner' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - OsMinimumVersion = '10' - OsMaximumVersion = '11' - PasswordRequired = $True - PasswordMinimumLength = 8 # Updated Property - PasswordRequiredType = 'numericComplex' - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordExpirationDays = 90 - PasswordPreviousPasswordCountToBlock = 13 - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' - { - DisplayName = 'DeviceOwner' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - OsMinimumVersion = '10' - OsMaximumVersion = '11' - PasswordRequired = $True - PasswordMinimumLength = 8 # Updated Property - PasswordRequiredType = 'numericComplex' - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordExpirationDays = 90 - PasswordPreviousPasswordCountToBlock = 13 - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' - { - DisplayName = 'Test Policy' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - PasswordExpirationDays = 90 - PasswordMinimumLength = 6 - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordRequired = $True - PasswordRequiredType = 'numericComplex' - SecurityBlockJailbrokenDevices = $True - SecurityDisableUsbDebugging = $False - SecurityPreventInstallAppsFromUnknownSources = $False - SecurityRequireCompanyPortalAppIntegrity = $False - SecurityRequireGooglePlayServices = $False - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - SecurityRequireUpToDateSecurityProviders = $False - SecurityRequireVerifyApps = $False - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' - { - DisplayName = 'Test Policy' - Description = '' - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' - PasswordExpirationDays = 90 - PasswordMinimumLength = 8 # Updated Property - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordRequired = $True - PasswordRequiredType = 'numericComplex' - SecurityBlockJailbrokenDevices = $True - SecurityDisableUsbDebugging = $False - SecurityPreventInstallAppsFromUnknownSources = $False - SecurityRequireCompanyPortalAppIntegrity = $False - SecurityRequireGooglePlayServices = $False - SecurityRequireSafetyNetAttestationBasicIntegrity = $False - SecurityRequireSafetyNetAttestationCertifiedDevice = $False - SecurityRequireUpToDateSecurityProviders = $False - SecurityRequireVerifyApps = $False - StorageRequireEncryption = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' - { - DisplayName = 'Test Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' - { - DisplayName = 'Test iOS Device Compliance Policy' - Description = 'Test iOS Device Compliance Policy Description' - PasscodeBlockSimple = $True - PasscodeExpirationDays = 365 - PasscodeMinimumLength = 6 - PasscodeMinutesOfInactivityBeforeLock = 5 - PasscodePreviousPasscodeBlockCount = 3 - PasscodeMinimumCharacterSetCount = 2 - PasscodeRequiredType = 'numeric' - PasscodeRequired = $True - OsMinimumVersion = 10 - OsMaximumVersion = 12 - SecurityBlockJailbrokenDevices = $True - DeviceThreatProtectionEnabled = $True - DeviceThreatProtectionRequiredSecurityLevel = 'medium' - ManagedEmailProfileRequired = $True - Ensure = 'Present' - Credential = $Credscredential - - } - IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' - { - DisplayName = 'Test iOS Device Compliance Policy' - Description = 'Test iOS Device Compliance Policy Description' - PasscodeBlockSimple = $True - PasscodeExpirationDays = 365 - PasscodeMinimumLength = 8 # Updated Property - PasscodeMinutesOfInactivityBeforeLock = 5 - PasscodePreviousPasscodeBlockCount = 3 - PasscodeMinimumCharacterSetCount = 2 - PasscodeRequiredType = 'numeric' - PasscodeRequired = $True - OsMinimumVersion = 10 - OsMaximumVersion = 12 - SecurityBlockJailbrokenDevices = $True - DeviceThreatProtectionEnabled = $True - DeviceThreatProtectionRequiredSecurityLevel = 'medium' - ManagedEmailProfileRequired = $True - Ensure = 'Present' - Credential = $Credscredential - - } - IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' - { - DisplayName = 'Test iOS Device Compliance Policy' - Ensure = 'Absent' - Credential = $Credscredential - - } - IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' - { - DisplayName = 'MacOS DSC Policy' - Description = 'Test policy' - PasswordRequired = $False - PasswordBlockSimple = $False - PasswordExpirationDays = 365 - PasswordMinimumLength = 6 - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordPreviousPasswordBlockCount = 13 - PasswordMinimumCharacterSetCount = 1 - PasswordRequiredType = 'DeviceDefault' - OsMinimumVersion = 10 - OsMaximumVersion = 13 - SystemIntegrityProtectionEnabled = $False - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'Unavailable' - StorageRequireEncryption = $False - FirewallEnabled = $False - FirewallBlockAllIncoming = $False - FirewallEnableStealthMode = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' - { - DisplayName = 'MacOS DSC Policy' - Description = 'Test policy' - PasswordRequired = $False - PasswordBlockSimple = $False - PasswordExpirationDays = 365 - PasswordMinimumLength = 8 # Updated Property - PasswordMinutesOfInactivityBeforeLock = 5 - PasswordPreviousPasswordBlockCount = 13 - PasswordMinimumCharacterSetCount = 1 - PasswordRequiredType = 'DeviceDefault' - OsMinimumVersion = 10 - OsMaximumVersion = 13 - SystemIntegrityProtectionEnabled = $False - DeviceThreatProtectionEnabled = $False - DeviceThreatProtectionRequiredSecurityLevel = 'Unavailable' - StorageRequireEncryption = $False - FirewallEnabled = $False - FirewallBlockAllIncoming = $False - FirewallEnableStealthMode = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' - { - DisplayName = 'MacOS DSC Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' - { - DisplayName = 'Windows 10 DSC Policy' - Description = 'Test policy' - PasswordRequired = $False - PasswordBlockSimple = $False - PasswordRequiredToUnlockFromIdle = $True - PasswordMinutesOfInactivityBeforeLock = 15 - PasswordExpirationDays = 365 - PasswordMinimumLength = 6 - PasswordPreviousPasswordBlockCount = 13 - PasswordMinimumCharacterSetCount = 1 - PasswordRequiredType = 'Devicedefault' - RequireHealthyDeviceReport = $True - OsMinimumVersion = 10 - OsMaximumVersion = 10.19 - MobileOsMinimumVersion = 10 - MobileOsMaximumVersion = 10.19 - EarlyLaunchAntiMalwareDriverEnabled = $False - BitLockerEnabled = $False - SecureBootEnabled = $True - CodeIntegrityEnabled = $True - StorageRequireEncryption = $True - ActiveFirewallRequired = $True - DefenderEnabled = $True - DefenderVersion = '' - SignatureOutOfDate = $True - RtpEnabled = $True - AntivirusRequired = $True - AntiSpywareRequired = $True - DeviceThreatProtectionEnabled = $True - DeviceThreatProtectionRequiredSecurityLevel = 'Medium' - ConfigurationManagerComplianceRequired = $False - TPMRequired = $False - deviceCompliancePolicyScript = $null - ValidOperatingSystemBuildRanges = @() - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' - { - DisplayName = 'Windows 10 DSC Policy' - Description = 'Test policy' - PasswordRequired = $False - PasswordBlockSimple = $False - PasswordRequiredToUnlockFromIdle = $True - PasswordMinutesOfInactivityBeforeLock = 15 - PasswordExpirationDays = 365 - PasswordMinimumLength = 8 # Updated Property - PasswordPreviousPasswordBlockCount = 13 - PasswordMinimumCharacterSetCount = 1 - PasswordRequiredType = 'Devicedefault' - RequireHealthyDeviceReport = $True - OsMinimumVersion = 10 - OsMaximumVersion = 10.19 - MobileOsMinimumVersion = 10 - MobileOsMaximumVersion = 10.19 - EarlyLaunchAntiMalwareDriverEnabled = $False - BitLockerEnabled = $False - SecureBootEnabled = $True - CodeIntegrityEnabled = $True - StorageRequireEncryption = $True - ActiveFirewallRequired = $True - DefenderEnabled = $True - DefenderVersion = '' - SignatureOutOfDate = $True - RtpEnabled = $True - AntivirusRequired = $True - AntiSpywareRequired = $True - DeviceThreatProtectionEnabled = $True - DeviceThreatProtectionRequiredSecurityLevel = 'Medium' - ConfigurationManagerComplianceRequired = $False - TPMRequired = $False - deviceCompliancePolicyScript = $null - ValidOperatingSystemBuildRanges = @() - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' - { - DisplayName = 'Windows 10 DSC Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' - { - Credential = $Credscredential - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - DefinitionValues = @( - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' - DisplayName = 'Do not display the lock screen' - CategoryPath = '\Control Panel\Personalization' - PolicyType = 'admxBacked' - SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' - ClassType = 'machine' - } - Enabled = $False - } - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - PresentationValues = @( - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' - presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' - KeyValuePairValues = @( - MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair - { - Name = 'hosted_app' - } - - MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair - { - Name = 'user_script' - } - ) - Id = '7312a452-e087-4290-9b9f-3f14a304c18d' - odataType = '#microsoft.graph.groupPolicyPresentationValueList' - } - ) - Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' - DisplayName = 'Configure allowed app/extension types' - CategoryPath = '\Google\Google Chrome\Extensions' - PolicyType = 'admxIngested' - SupportedOn = 'Microsoft Windows 7 or later' - ClassType = 'machine' - } - Enabled = $True - } - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - PresentationValues = @( - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' - presentationDefinitionLabel = 'Password Length' - DecimalValue = 15 - Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' - odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' - } - - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' - presentationDefinitionLabel = 'Password Age (Days)' - DecimalValue = 30 - Id = '4d654df9-6826-470f-af4e-d37491663c76' - odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' - } - - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' - presentationDefinitionLabel = 'Password Complexity' - StringValue = '4' - Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' - odataType = '#microsoft.graph.groupPolicyPresentationValueText' - } - ) - Id = '426c9e99-0084-443a-ae07-b8f40c11910f' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' - DisplayName = 'Password Settings' - CategoryPath = '\LAPS' - PolicyType = 'admxBacked' - SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' - ClassType = 'machine' - } - Enabled = $True - } - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - Id = 'a3577119-b240-4093-842c-d8e959dfe317' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = '986073b6-e149-495f-a131-aa0e3c697225' - DisplayName = 'Ability to change properties of an all user remote access connection' - CategoryPath = '\Network\Network Connections' - PolicyType = 'admxBacked' - SupportedOn = 'At least Windows 2000 Service Pack 1' - ClassType = 'user' - } - Enabled = $True - } - ) - Description = '' - DisplayName = 'admin template' - Ensure = 'Present' - PolicyConfigurationIngestionType = 'unknown' - } - IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' - { - Credential = $Credscredential - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - DefinitionValues = @( - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' - DisplayName = 'Do not display the lock screen' - CategoryPath = '\Control Panel\Personalization' - PolicyType = 'admxBacked' - SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' - ClassType = 'machine' - } - Enabled = $False - } - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - PresentationValues = @( - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' - presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' - KeyValuePairValues = @( - MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair - { - Name = 'hosted_app' - } - - MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair - { - Name = 'user_script' - } - ) - Id = '7312a452-e087-4290-9b9f-3f14a304c18d' - odataType = '#microsoft.graph.groupPolicyPresentationValueList' - } - ) - Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' - DisplayName = 'Configure allowed app/extension types' - CategoryPath = '\Google\Google Chrome\Extensions' - PolicyType = 'admxIngested' - SupportedOn = 'Microsoft Windows 7 or later' - ClassType = 'machine' - } - Enabled = $True - } - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - PresentationValues = @( - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' - presentationDefinitionLabel = 'Password Length' - DecimalValue = 15 - Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' - odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' - } - - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' - presentationDefinitionLabel = 'Password Age (Days)' - DecimalValue = 30 - Id = '4d654df9-6826-470f-af4e-d37491663c76' - odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' - } - - MSFT_IntuneGroupPolicyDefinitionValuePresentationValue - { - presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' - presentationDefinitionLabel = 'Password Complexity' - StringValue = '4' - Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' - odataType = '#microsoft.graph.groupPolicyPresentationValueText' - } - ) - Id = '426c9e99-0084-443a-ae07-b8f40c11910f' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' - DisplayName = 'Password Settings' - CategoryPath = '\LAPS' - PolicyType = 'admxBacked' - SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' - ClassType = 'machine' - } - Enabled = $True - } - MSFT_IntuneGroupPolicyDefinitionValue - { - ConfigurationType = 'policy' - Id = 'a3577119-b240-4093-842c-d8e959dfe317' - Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition - { - Id = '986073b6-e149-495f-a131-aa0e3c697225' - DisplayName = 'Ability to change properties of an all user remote access connection' - CategoryPath = '\Network\Network Connections' - PolicyType = 'admxBacked' - SupportedOn = 'At least Windows 2000 Service Pack 1' - ClassType = 'user' - } - Enabled = $True - } - ) - Description = '' - DisplayName = 'admin template' - Ensure = 'Present' - PolicyConfigurationIngestionType = 'builtIn' # Updated Property - } - IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' - { - Credential = $Credscredential - DisplayName = 'admin template' - Ensure = 'Absent' - } - IntuneDeviceConfigurationCustomPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "custom"; - Ensure = "Present"; - OmaSettings = @( - MSFT_MicrosoftGraphomaSetting{ - Description = 'custom' - OmaUri = '/oma/custom' - odataType = '#microsoft.graph.omaSettingString' - SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' - Value = '****' - IsEncrypted = $True - DisplayName = 'oma' - } - MSFT_MicrosoftGraphomaSetting{ - Description = 'custom 2' - OmaUri = '/oma/custom2' - odataType = '#microsoft.graph.omaSettingInteger' - Value = 2 - IsReadOnly = $False - IsEncrypted = $False - DisplayName = 'custom 2' - } - ); - SupportsScopeTags = $True; - } - IntuneDeviceConfigurationCustomPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "custom"; - Ensure = "Present"; - OmaSettings = @( - MSFT_MicrosoftGraphomaSetting{ - Description = 'custom' - OmaUri = '/oma/custom' - odataType = '#microsoft.graph.omaSettingString' - SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' - Value = '****' - IsEncrypted = $True - DisplayName = 'oma' - } - MSFT_MicrosoftGraphomaSetting{ # Updated Property - Description = 'custom 3' - OmaUri = '/oma/custom3' - odataType = '#microsoft.graph.omaSettingInteger' - Value = 2 - IsReadOnly = $False - IsEncrypted = $False - DisplayName = 'custom 3' - } - ); - SupportsScopeTags = $True; - } - IntuneDeviceConfigurationCustomPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "custom"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' - { - AdvancedThreatProtectionAutoPopulateOnboardingBlob = $False; - AdvancedThreatProtectionOnboardingBlob = "MIId0wYJKoZIhvcNAQcDoIIdxDCCHcACAQIxggEwMIIBLAIBAoAUZuvH4bMiLMrmE7+vlIg3N42bKKgwDQYJKoZIhvcNAQEBBQAEggEAxqk1HWqA/PwA6Pq5Yxjp/PGI+XZQMqmwJ47ipnmoDJT/6juZVohVUmnadMbwG/lMPSsCayUR82ZutwziB7dgq5Bkw0XoastlaRQVlnJYcMa+rp1cPmfJxH3XfiWkvtyOfls2OvGot8ACtpOPpHAgHswUC8CQozwtbiGbv2d+GKOqbDyKuDUmguZ1IjgHXSK4QdT7CHyxsqvkF7th3BfzQDYP4RkHt7MdcguhlneSiM12yYWZPZWEq8DR8qgJmhxUt12QzWMNATcuVGbITMzhFSKzsQC+rYY+JHxF4KLtleDIsZagvAJryqYp8UCIKz4RjXfNdUobkqMBHl/FLlzvNTCCHIUGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYD8sl4f+5/KAghxgyl2DMt2B0VwAzMrCjltr8GLeCDx7yQemqhWCw5a2kPowKAtY7Iu60QKiR+F0AknYBwXesbGhYp5NU89ztByHizxh/q/puoBMuN1yHWWYKKu+hqxH40DXxiAi060JA06HoD6mSrLQCz1SXprnLNyiC8rHnVTaJ9alUJOT+FLYH09WOLYZMKKNsTEd8gIjQpXwUVY/zzOBpYS0L3SL28Kk858o5OzowQ9XX/JtyRStcLEZJhQ1u2UkhFCyioNQzS4gOW4/a4rw6vZsxFk+ZBHUEy1aYjmXXuYXPTazCZS1nhj7cpPGTqhxiqoSTMxbBHaKiM7HrQcezFD6oPrloti9PFSCahMLmb6OBpsh4vkMh8WzDE3JyPK8A43iTG+qw+ykfi1CUscTBoaLALmryI3csrmjWpgzwH1+UjpK/7vkjzCXNgazxP9/OysCjRsygSWDKVgcoeZtLPzHwvED9sMns4Sw/vfREOqt9n072ZTt8FjrjEsa2yZCfubeBSuiG1V/wUoDel01jKZ+ZtvpP7EwPuGOQT2Zdl6d/J8fw3PrbahWWyUStmihDq5plQg6moZ31Mtn0QiWkRdbYuoY3s6cBhlBeRUy9oX9mWe165MI1LbwZZRkqf+PtAbFgVQDXDToRsqAmqIFzdWI39HH3xnUdv8z8to8fiprhm6exurrrWkQw8Ss6zloBlzte3QqJbagGS/QXObxDMvXCCSXnckrzfFUtYd+wHZ4T8Mswm40wdKqhQtED7GHP8olrk/VmmRi3I6Ezj1/iK6hc28fH7CJT2CadNOEusM9Xsnzw/AfIJAFWojc05niavd0UC3orL7jlUv9Kay+SDGsAyuE9EDS7Y4bhixkZWUoEuftlH/3W7Jq6kESzFoXrzfS4Ssj81riYXUlXwlAd9AG3hnndJU3Z4aND/cWVYEvJdDHNdRWO+MqxbNNodOYr3R/6ZUewGBBxOeIh2+KNKaouHRwnSVq227NbnzMLATAENwsey/Q4NxBM+8aivmhR/O7cfNuObb+4AFvyzZJoUsdbcGVubdc8qvzqJFeALbM8iMOqIwDPflPhsNuHEHZljg/d20v4D9ZeogzJp5qW2w86gXgBTi8OS8KR2nm0+5I1mIU8ChyMJUEQNlddcxNRlq6QzOsSE+gqwvDTcKXCvQx0Acu5gVJSp4USGca4SPUsPKa+Uhef1e8gMpzXa4c6xGEptp7wY/7yaEzATnLQ8qC3ozGzOBpatgi8amkEOleo4EtSqUBAxYPq+TNo9COd7/u9gnBEXHLVuul26gsFA7K37VXBO2Qty2yOruy+2e0f+WpctBc1bbGgsLC0X30QAgG6ZRRwGedteVeVr9zjq6sIOjhkftcegetkVQhTj0acTCIy8NBLd9I+t9oEecvQgCTJVOU4G6IIoWZYn8/entxn41V8ThLS8Z20ekgBcZf/4r+huiQZZDyk+gVIStokJehtUb9qfg60aogSOn9Cmha9EzY+NtllPBTbIyBnklC89/sJPFiLBbtDihjm96NCECkl0DNL3o0BFHdjceuscs/MBbVCiGiy74+bKbpigXG80rKFfsOSY6OIFgVuQuW8ETQFxBwXRR3h72BorojOghfHGNMAIadJRVEcyPI7Vnjk+ii0YZEw5AuzJtnpQ8gNbudQzy5PvNdMwEwOo2AT1IIjDvGXqHcEW8hCEZkD2GqcQNBrJ/vYBQloCzmzuakYQhGVQuqTUHnKWPfcPeKOm8mcG+vqGMlw6iPlFM3omfmMXHIgehxxPOnusaxvPTNgcVBEvCR+tn2Z3Xim1riDj2ILSIAKylS4Bndu4VJI4+zA0yjNm/udXhMoH21HiTF7mohpSBReLxjmMbBWpMelXj5jHKgI+Ik8IRxNzIvYQD9eG2zqkEixZfgyhiZUfkLC5+J/M7rYSrEonL+Yx4OEm/9TfpEzVTW7DBM8d/pZy7rIJ4+Tx7YpJXMPnPZfsK7DZycujUlkIKxe10vG29BS/hi5ioyPBRz1qx+ez9QpoajWJ0mOSyAwBk47kD8y3KvKwn+woyk3/Tvj7QUW+Apw7b1L2dfR7T7MWF9u0bBD97fGAMA7kyghIV3W2eBRCG495ut5OjQBzOhtWSOvWGQefDdBtbzd1cLg0vrEk0jTedk90lNyr/ODcN7Ejr4fFlp2WIjS6yl3+iepRafpmW4iIxz4JfGHlGrOKkY1LMd1NtctU3W23iYu6fQJxws+Q67LeGJR1i1ai/indtu+xtjto0avT1UtOl3mS5Odl4W+nuqKnAf8Rhch+0ozcywpaOJiPNpls1RYlEJIXmGh1ANYzrrz5MbhyKjIRiAaZQ7sl9Pk5ijuL+4vDK+qUeWmBHU6Jd5xYbRMtmpFQs2mb7EZDDG9pWP5k30IPfMy3Ma2Bt6B3Nq/nI8JirjMGp0WF0wiuK8G1Z5u2K4QemzIyRPGzIqWg+RwjTykmZwwT/Njn7UL6tk1OSB9cSIiJ8mws5z2hf5rqmi6WbgBQ1V0s52w9elfgTeurUBMsXOWT+XTTEI/nvSa4BEMlALQnef0k+Ap32vgnzN7ZVcIY4ZI2pKhCFVLV3nUhuSZQKZwtA+N7IObxDLCnZD1OIaLcacQl8pXN4O0WeJ9/KhdAidPNoM3N/Ak/toEW5eD6tmEqHleUPnHT1MzeyM8SgSJmGql5flGYTzx22RTUe23JcbaY2wmY6tiDvYxfw5XYJUdUyhUOSik6Ttqz1y8E8nnlFtq+4PwJPdbWrMV0oWcjgVAiaq9ALX5GwPGoLo5QxRHZ/tg5LEnIOtZJdmNfaeDO6GSjwhiiW63kvBMjPDZ+R2SQdm1UAyIYg9AD1GY1eOuZ3Qs5/KHUmcBBy48bIcGFaaK0kdlwWdlWtJUP+4UMv8vlxXt05o9NVIHZ+YD6KBOgE+NPMoI4Y+ht7hzSf6cSIxz8AfEZHWnC7Co2tFkBF6SkqQse0uLL9Wf+CWzMy+JLXqo9tBKxsnxXq07a5HF9+WNiuLGnQoz5PlKjzgwWOOJ1yGdQhlWc1cYYHEnXMkrFoc0tdCvCAYL5+dm9lhc5MXR3hqpOSByWfz14oaBx4fCqPZqSvE09DYNkJB2Abo+WIqmW8vnb1aFyqMWj0nK/lT0rpfaiXww7vMMuN6TYp1JAubZ9ijx+Yq1TObi409aRYRmJkH3quBD3HExAS0bRIavExQaM8zP+gqxxsEG71gtFUK0jI/6Q71OIfh9Tf3uSB/NLl/HyDegsRyxMCqqowC6mBa8TLM/gDp7yOyrQ7Cs2HnWWYrNfZd6n5F0OB9ProL0Tykg1cci1bcteO4gKadhRZtOYhLXJMcLcy/fUbBdooxGak2c9i7XBGUbD4vklR66yACKETi0Ou3RVrVxJvkRDuU2seU9PW3Y6leYHbgpZdzkoDshflbxkXvWnxRAV/moH8RxBusT7yx81fytRieumN12QJjdMNQRRvRbe9vhCR9uj7lSaXHcYCQvNX4jMbYgYW401NlFFAsSGdy3XkgXfCvKZQDcf2oaWoc3R5MjDdMod9R1/z3vlx22RRzahCDZdOfFysq2rkzJDGZW9WWnKJHKXEA8lGWA62WSxjeUUOt+Gnjjww1RD8yK0uQtcGlcN+OeH2WtZDiN3gTNBmAkyU7EgWvSKstSS+/fCwt39o1ldG7ZNoIsAqdESgXFPfToaEs2E+pmunn8iF5Vly4BSce+jBok8zES+wopGpQr3NB7ai/lCKQZ4yH9cb5Aj0jYv0Bp91KEHrZU09pcg5foLb/NMFNNb0h91UsHZpJlx4r2zj7hJ5GKXTGX1xfJ8Fettpht+2mgxSiSuG1CNKncIAHWIicMwcFMea+H7fSGZwqRu0Q+iRmc0rZBXIE7sGm4TnKSXU35HZBw9M5vpzCnUxT2wPAbDDAdGIwguD0vzS3AhHMJdcIQ+WNALfvxgSReI57Hk4BlP2SZRJAeSejCMkOe6x1CZWLPxMbGQORdtXadCEfCQ2r0COrppMPIhI0sLuBPRSqt5+l4LgCN+n52U5PzWD8L2r6gVxItI3uRuV8+TWI8noDKvSB3nZIM6XVwlcCPgsa8rwsf+wdrNLOEY2aqYg7h9ieEvAk3GttwqomDkZfZdEMNShlD2xX+Ub3tu0cUr7ntISzvR6y5MkKyaNWOW0wO8LeBxRHBQqUs63KFz7wrFu006X6CJgkcD902IzWam3DlI9+ivtz+eIG1ZKo+2NA2piyXuGhFEbSf+lEERVnNmBkYbCl0TWCglkd4ajsbaGwsFizeVGEPPdy5ePuvosxssLpk+qSPLdY1qJeCFTT9qww1D3/tjL6p1LDMtaGFaDQ2JvU+51AmNt0ca65rtaGHIGRCdNSLfaaKsXqgekd61qBIqlv2zArbN7fJtwH7BYH3FpoEUw2eWR7Xc7JqYVYE1P/ggF8x9mWDUuujCHp8awxJzAhPUu43hSOd0O30Lr79jWoBi/BIHzs+P5IZxnq/cTGdYVEWxMeQF6vmRnFjo3UtKSQNQR7Xwec0bpmByJx6v5YcL9xG/OwQ8D/Qcmof8INwNLePVckvM+jbkJ+iLvgpZL9xDU9qsYjYbKpp0VhuZqtAPzIdgzWv4mWVp0kI1F9q2DOAAZS7xcIeohBBXE1gEwzlr3r23WYNjcX+KXfQuY3zxb7dNtBLOOMqvbgYtKEoHT731GL0mINkDCTKaoxlLIoUyjycMNEKKhyzLHG1ELqtzR1Mi2bFy7Edj4VvjS+owFOg5sTrbtaf55w/RburfZzYpavIyl9q60+kcoLfKtwva5bGfJKbOhF3cMKDCDEmKxgLSIYH7swCM6Gv/D8p38Bkd7qs6Q4wp13hspmoq1d9SZtHU/DV0/KHKy9/ef18dXNa/I7unMGcETbc+GE/yGfTue/Sv9l8Beq2H2eMfrpkTVOMGxnIwRTf6FBNyhpQsaeN52qz9kqFcScziZlRyvq57kz22USWW3oLrC4LWHiu4QJzBMJeeZO3E7SrBdGMyOcXpXXBHEbJHqb2zOSefObjagX2Ld5pGWS3zIyaJPV73yS7FhaKwA50Syw+nbeG5ysEicbdUOKLZCPKTDi+jBjVpd7B/SokzxbnkojQdDF50453YUlTx2KuAMONaw7sf3lVzbGalZ1O6RcGp3s2BJsFDwEJErPh6zbFEM8VCttNFU2sT89P+wKMUX8Wt8qU+Q/wg0vwLReoTfqqmNbmD/4FRLbgpfP6NJ7IbUisR8a7PCKMWIz7sX7iTk1OQsUptgkNSWGPe2bKQ/ln593n6q7CD5oKgN+d1099lJokSEa4hvlFkHRI248ITqMxaXjuRD8pyTpx+k7TzXSjzb3oAsDfBsI7IJEEp5O2Rrg0bE/vBLPWVXubSfSYd/RqKoos8Ril46Q43L05uJfiixkEvJiZo21+qQsK+/MUnOUl2lmB7uscPSZWUGQbs+BecxEhYXpjgaCPfVClyJHwBAwk+PqOOqGrNEz4fQppnR4wgCYhxCbJHKQTSGnmrTeHXRWNs74+RXaDZarvPRg/DronoiMozAJv0YIg9VjTkZhxdw4pFUPm2PChsM+iVy0Fia1uyTy1+SsTPTfHFArZNdWPyiezISJIicDPSCQGUREt2VVgN5dFmsbHytmMPlGnk9fSJfAgRQqQLxEIFy629aFR4MsuLvez7RFOjxhcxx4HEmKQ52RlZz4yzwHj1pip+UVgj+Kcb87P3BJX6eW8G2OAyvePmA77dGWoSVdFLeTaj+L6ZgHvBqHBEico1HnlR8aSnPJtYuNR7CKB2AWvaZvY2t1RkA3Efrga8acgxi3h3o6DjfcYHS5xdSTS9aYsJNPo3p3/bhhSfYCHDQeZfotHzaHe9b/d9CH8cZsvCqH0zUHjwR3BgpkWHfd4c0XQdrH7HyfOU6XEVs5h7DmWGof0msy1Esn6qLk6NrKfgMZOqxs0lEW26bjoerUOLxb7UxCLuwpthTBU9qHdMQ3fxCK2mkn3KCeE8VeSb2KskTeTxnUnJXan9eURKVzf3LYwouQtB0jkoYzPY27GLLWBp5coYZScODE3lk0oZGGPxa42DqNvVBbyvIyw5o7AZsICnnNv3wCxXZenncFqVu2lG6pgQV5RleU9zgGaz0uKNJAN66jKxlxcmsYi2ugVwGjPf45tnJcTDtdV46Nep4n4Cko+y5lMYRTpSz5hB1zodBykfALCE1daqD+dHrgPFfKFIlMElZjNmVdIoY9UEnsBYbZji1dxKvlwVvcKFH9RQDHY5l74H4UNXGbtrxesZHWc5EUxf48CtV9+DHwOkm30ZDjt6MVsEU/69aOi1L153tAKBY3I2icwL337y2Zez8Fbpq8nHGipFZB+9ygejNRCXAmVmn4QjkgqFLZgTU1nX1/rw6CTPyO8dz5ad94EKvHn/iUIrlH3A3bGGqjCNV+4hH90xdpBStvagg+NIRHKlTY2T0UWUZWG1nHeivCFxKJbwn7wOVAlvSVqAFDmlewryH7MHTOVXkOqbNpi5P6GBqrOYGxndwzfr0QW00gGHmVO7G5W+PcX7EGXPzfR4td8kBlZOE5XoXm/AbwAxw7pn048iMxCyR5vY6uA4WqZLOoYMNwYi5N11apYbc4A8sl/JCY7qaFmWzCKG7h261gCz7gcFV7m6fqnuDsBsZuPCMJlVUKTY0hu4lWYNCy4y63i7dBO/4Fwhl1Gl8lcZmQvTcXvQSUUTFhoZJ0DLHLOpv0eJ9D7iXrxztIIo5143CGuNJf7A2e86FsGv5L/7znkRcC72eC1LV1hxi6NEJZdQDCiZPM3i0pSk11NTpMBpqn9HX4cN5rrdBlXynB44GxC9rMFrTdVTsLa8+6hx3LcMfqyRocBvk+jbTv2ahiX4afCyF+qKoyhlz69/NnWXiw+ZhsE/0pakEOre/UxBfX3L6u1YUxCX4S2Mn2COlpur9ypOmxahQ8ogAP+dLIkBd4QsSnB4Kwkfd9bQLoR87nv64lvx0T/Mt1PuMgsMamGvmnp5Zl437JEWSLQxQeG/8/1/ybAEkr5Vjws72hqLp6zZe3TSv0P9IKkuhU0Bq/jSrpcIQsVhAMj4miitmhe44sKnpqVuLo0qVHwEa9/TIA22xg7crZmkdzkyllrsWv38W89S5nWX/OkOM1ha37bdfbyDnEnysOmLKdMUv9nCTIFHwX0hoVCsvgiS/6Alo3OT8k7NDv3XNkZn05nba1kV+wEMvVMfZNyEPzkYleLtCEZTLG6LwvL7y45OBZ57qx+a0vlHpIrG1uEY9TK09Qsp1nn/CG25+hJvSrcaod8P6M2u5OVU71lhQzQX0dkMpzzhm7f4SaBYN8eOfCDen+nJ8gqz559Mbnri8XqcTI7XPXknmRGbPLR9M692jyQ35hywUCDvlD/FDk+tDNtb7oTbNNhrlqZH+w1uXe8lk+Ply4iMB0EouglBvIDLoiWrIqwxoL5VRqj+EEHe7/iXwZpHkPZGizB63bbBiZ+8FbXZP+yU/LaB72EJAWFF/o/fROT+BQKDjPp3ZXCSKsgt2ate/aBbSyjJpOe+56CQb2bJczRrUnXOp2gYuXSzWwKaTJEa/l45cELEtCcWT44EukOXYz1qKP9gYnKw80v5BmExemIDSjYKCAnYsyvggVDl8k4E5HFoxzcl7L/X3ramNTV/ibhslXR+/MOGfV9SUNB1LCLJfD2N0LJGIheR3tyuDRs0z5LH3fSckCVVZWsDHVT4VyK2ljzsR8DJ06fTs15G9B9cwWvLGkds7pHHNt7nylWkyVwtm8KA1FQoiKxLizrGFFcjyf47WYZ8bkUhW5HgO7VedOdvsNVod72hqo1e8gcPpCJszlPAeKVyALIiL9HC19OgBUj/ZLBEUUjWn31dzbPGqPh00Sq0t6J+XNcNmHSyoRhBn8qKPtni3WoxYDPiW+vaQl9u9qIwpPrCz80o4Y5ppBgHIw0V3PFk1qzSuXM8VN+Fbhc4F7tPJv8wYe84q4v7BX7BRbAHirbd3TXAGcjB6SQITx9IPpdTxzyBD64S3Mk16NBxobI/o1Y3Pmhb2qA4h6vImV8nHvRStm+HDMzWKiZ9eSm8O7ll/mXjeiW5SgJRd9iLqU1vk2QC0ZqpFkd4zEZP5E9cPtPDs8MMkLyw2kl1NuDEWaGM3uRXEG5VjcF07ynOLVgpxfW8XkH+R84+JAr3g4wYwzRDv/5hHRLIONwLARvhQ1QU5tX2HphS3oVzA8uazJnEW+HMwzkw2+YRX8rLNoWLqpQFF7igwmCMddAaPCIWB7yvimhgDGm7jM6XjFj/DBxIMtHk8IWnTrj4ouZRt4NJTzzLKl8Um6wctlRy4BEkQhxEP6qZDewTYrcdZXf3+82r746d7iuSqlK2eV5sGmARU0pht4FRSCs83ofQszqbXAIAzYA7/POn9Y33aD0T1Uo5f6W0p/fGqPew/JKEiWYsvGYJBEc4xMA3/APASHkvyow371AMy5EtG6hQEBYjZ8Ou8ao7QF0ERhLEzBo2+vAW1OI8uo6UeKJyySpcseSHNyJ9LjnGMg+2XfBNuVHJ+Q1Fzm+9+zuzD9KDiv1AClu9XWWF083Wcn9Otjl1vNYe0rREnJ82KW/ZXmX4c9YWRS+plbzZ654PLbeN+A64qbxbbO6LvYwAETclyCeuVYE6ffgtSvFuxsvaZVYHvzsOukdHU0Y0zy05tiO5gCDgDuntATZ7E/AjJNOod+RS2QoY7ttEuinfNorQ1x78Jot+u6bInT+NjNTV87jmaHSgP2GM0yaDWgPB2Q4YSPId9KT3O7/jV6A6AV/dnJMk/H+Xkgy9e5fdd2rry966S9ZqC6+jYJBo64av8oP72DxJDDbADt931hcZGoQHpPKLS4oE2fhTh6nnNdqhr2vxnCa2rF3afswOUYFaTU73S6E6E8sBwaXP4YCkRGl19VlfJWL+FykYboxvrUGnrRRBFV5V8LKIuXpOaakZakgJJQI4OqD1+G++pSFZsD2EyRn7iYQOsqa+VZ1jz7/5FNE2fRX2AmNDRcT42ZwRJeV/uCA9dS/zpUQU9JzDYrM+9f3+L4XD2auxm4qw20X+rU4V4MLteEqevcp8AZTmui3KQMHnRU8HPRpAIJcp8rMeBY5Q4g+UYzAUf3/8PTBv022N/cEifii/Yln/I+yRWx2mfeCAIBk14aBkb2+h3SOsBJPYvBF+s2l91jGlmtkOWIlSuCmEn2ChkQZ8HveX2oTrLq/Fpj+iIDyvmSJrLYB51y0Sd7R49Gi3LEpHdYMLes/0dcwtXab0ZTIMuiAoSJJMWzRTCx8P+NqxOeqfGXr6WiG6SOWOw+RPHlIYo74Ob18cl6s5SIwGGaBajPbyHlhm/nbtoSRg05po3ABO/Jgd9CnskRIei6fMGdUdV2Bwl6Uph4Iut8z6SeZ1Cag8/GM299Rwu2FYnqTj+B1TEyfxZTFIYhZk2oVSUQkAJecR9Sx7eOmzW0Vv2mMj6hROyirlHRbh17xdSiaqwf4IhOETvvFMqcqiqhk3Gh70UBZ4rwNq2RTjTkSaAZk7PL49PnNp5L31E4yiNdN7cVNS184ODATfHs6VpatgiczCSn3O5WUwB7IJuINt9o9y5SQerXjL1FsLKIAQ2ojID2BPznqp7lkEyg+PjD2hOmLAN2KpYHKXJQm0pV9jP9lX7kvfyJhISJaiWwhhiHDQ2cTGPW0rw+a4ve3pg1HQ==D97F84CD027F883C2A6A7B4F1B8A194EF3042369"; - AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; - AllowSampleSharing = $True; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "MDE onboarding Legacy"; - EnableExpeditedTelemetryReporting = $True; - Ensure = "Present"; - } - IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' - { - AdvancedThreatProtectionAutoPopulateOnboardingBlob = $True; # Updated Property - AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; - AllowSampleSharing = $True; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "MDE onboarding Legacy"; - EnableExpeditedTelemetryReporting = $True; - Ensure = "Present"; - } - IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "MDE onboarding Legacy"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - BackgroundDownloadFromHttpDelayInSeconds = 4; - BandwidthMode = MSFT_MicrosoftGraphdeliveryOptimizationBandwidth{ - MaximumDownloadBandwidthInKilobytesPerSecond = 22 - MaximumUploadBandwidthInKilobytesPerSecond = 33 - odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' - }; - CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 3; - CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 3; - CacheServerHostNames = @("domain.com"); - Credential = $Credscredential; - DeliveryOptimizationMode = "httpWithPeeringPrivateGroup"; - DisplayName = "delivery optimisation"; - Ensure = "Present"; - ForegroundDownloadFromHttpDelayInSeconds = 234; - GroupIdSource = MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource{ - GroupIdSourceOption = 'adSite' - odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' - }; - MaximumCacheAgeInDays = 3; - MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ - MaximumCacheSizeInGigabytes = 4 - odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' - }; - MinimumBatteryPercentageAllowedToUpload = 4; - MinimumDiskSizeAllowedToPeerInGigabytes = 3; - MinimumFileSizeToCacheInMegabytes = 3; - MinimumRamAllowedToPeerInGigabytes = 3; - ModifyCacheLocation = "%systemdrive%"; - RestrictPeerSelectionBy = "subnetMask"; - SupportsScopeTags = $True; - VpnPeerCaching = "enabled"; - } - IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - BackgroundDownloadFromHttpDelayInSeconds = 4; - BandwidthMode = MSFT_MicrosoftGraphdeliveryOptimizationBandwidth{ - MaximumDownloadBandwidthInKilobytesPerSecond = 22 - MaximumUploadBandwidthInKilobytesPerSecond = 33 - odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' - }; - CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 5; # Updated Property - CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 3; - CacheServerHostNames = @("domain.com"); - Credential = $Credscredential; - DeliveryOptimizationMode = "httpWithPeeringPrivateGroup"; - DisplayName = "delivery optimisation"; - Ensure = "Present"; - ForegroundDownloadFromHttpDelayInSeconds = 234; - GroupIdSource = MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource{ - GroupIdSourceOption = 'adSite' - odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' - }; - MaximumCacheAgeInDays = 3; - MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ - MaximumCacheSizeInGigabytes = 4 - odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' - }; - MinimumBatteryPercentageAllowedToUpload = 4; - MinimumDiskSizeAllowedToPeerInGigabytes = 3; - MinimumFileSizeToCacheInMegabytes = 3; - MinimumRamAllowedToPeerInGigabytes = 3; - ModifyCacheLocation = "%systemdrive%"; - RestrictPeerSelectionBy = "subnetMask"; - SupportsScopeTags = $True; - VpnPeerCaching = "enabled"; - } - IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "delivery optimisation"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' - { - ActiveDirectoryDomainName = "domain.com"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - ComputerNameStaticPrefix = "WK-"; - ComputerNameSuffixRandomCharCount = 12; - Credential = $Credscredential; - DisplayName = "Domain Join"; - Ensure = "Present"; - OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; - SupportsScopeTags = $True; - } - IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' - { - ActiveDirectoryDomainName = "domain.com"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - ComputerNameStaticPrefix = "WK-"; - ComputerNameSuffixRandomCharCount = 12; - Credential = $Credscredential; - DisplayName = "Domain Join"; - Ensure = "Present"; - OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; - SupportsScopeTags = $False; # Updated Property - } - IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "Domain Join"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' - { - AccountName = "Corp email2"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "email"; - DurationOfEmailToSync = "unlimited"; - EmailAddressSource = "primarySmtpAddress"; - EmailSyncSchedule = "fifteenMinutes"; - Ensure = "Present"; - HostName = "outlook.office365.com"; - RequireSsl = $True; - SyncCalendar = $True; - SyncContacts = $True; - SyncTasks = $True; - } - IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' - { - AccountName = "Corp email2"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "email"; - DurationOfEmailToSync = "unlimited"; - EmailAddressSource = "primarySmtpAddress"; - EmailSyncSchedule = "fifteenMinutes"; - Ensure = "Present"; - HostName = "outlook.office365.com"; - RequireSsl = $False; # Updated Property - SyncCalendar = $True; - SyncContacts = $True; - SyncTasks = $True; - } - IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "email"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' - { - ApplicationGuardAllowFileSaveOnHost = $True; - ApplicationGuardAllowPersistence = $True; - ApplicationGuardAllowPrintToLocalPrinters = $True; - ApplicationGuardAllowPrintToNetworkPrinters = $True; - ApplicationGuardAllowPrintToPDF = $True; - ApplicationGuardAllowPrintToXPS = $True; - ApplicationGuardAllowVirtualGPU = $True; - ApplicationGuardBlockClipboardSharing = "blockContainerToHost"; - ApplicationGuardBlockFileTransfer = "blockImageFile"; - ApplicationGuardBlockNonEnterpriseContent = $True; - ApplicationGuardCertificateThumbprints = @(); - ApplicationGuardEnabled = $True; - ApplicationGuardEnabledOptions = "enabledForEdge"; - ApplicationGuardForceAuditing = $True; - AppLockerApplicationControl = "enforceComponentsStoreAppsAndSmartlocker"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - BitLockerAllowStandardUserEncryption = $True; - BitLockerDisableWarningForOtherDiskEncryption = $True; - BitLockerEnableStorageCardEncryptionOnMobile = $True; - BitLockerEncryptDevice = $True; - BitLockerFixedDrivePolicy = MSFT_MicrosoftGraphbitLockerFixedDrivePolicy{ - RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ - RecoveryInformationToStore = 'passwordAndKey' - HideRecoveryOptions = $True - BlockDataRecoveryAgent = $True - RecoveryKeyUsage = 'allowed' - EnableBitLockerAfterRecoveryInformationToStore = $True - EnableRecoveryInformationSaveToStore = $True - RecoveryPasswordUsage = 'allowed' - } - RequireEncryptionForWriteAccess = $True - EncryptionMethod = 'xtsAes128' - }; - BitLockerRecoveryPasswordRotation = "notConfigured"; - BitLockerRemovableDrivePolicy = MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy{ - RequireEncryptionForWriteAccess = $True - BlockCrossOrganizationWriteAccess = $True - EncryptionMethod = 'aesCbc128' - }; - BitLockerSystemDrivePolicy = MSFT_MicrosoftGraphbitLockerSystemDrivePolicy{ - PrebootRecoveryEnableMessageAndUrl = $True - StartupAuthenticationTpmPinUsage = 'allowed' - EncryptionMethod = 'xtsAes128' - StartupAuthenticationTpmPinAndKeyUsage = 'allowed' - StartupAuthenticationRequired = $True - RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ - RecoveryInformationToStore = 'passwordAndKey' - HideRecoveryOptions = $False - BlockDataRecoveryAgent = $True - RecoveryKeyUsage = 'allowed' - EnableBitLockerAfterRecoveryInformationToStore = $True - EnableRecoveryInformationSaveToStore = $False - RecoveryPasswordUsage = 'allowed' - } - StartupAuthenticationTpmUsage = 'allowed' - StartupAuthenticationTpmKeyUsage = 'allowed' - StartupAuthenticationBlockWithoutTpmChip = $False - }; - Credential = $Credscredential; - DefenderAdditionalGuardedFolders = @(); - DefenderAdobeReaderLaunchChildProcess = "notConfigured"; - DefenderAdvancedRansomewareProtectionType = "notConfigured"; - DefenderAttackSurfaceReductionExcludedPaths = @(); - DefenderBlockPersistenceThroughWmiType = "userDefined"; - DefenderEmailContentExecution = "userDefined"; - DefenderEmailContentExecutionType = "userDefined"; - DefenderExploitProtectionXml = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxNaXRpZ2F0aW9uUG9saWN5Pg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IkFjcm9SZDMyLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJBY3JvUmQzMkluZm8uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImNsdmlldy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iY25mbm90MzIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImV4Y2VsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJleGNlbGNudi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iRXh0RXhwb3J0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJncmFwaC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iaWU0dWluaXQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllaW5zdGFsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJpZWxvd3V0aWwuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllVW5hdHQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImlleHBsb3JlLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJseW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2FjY2Vzcy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNjb3JzdncuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zZmVlZHNzeW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2h0YS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvYWRmc2IuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb2FzYi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvaHRtZWQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3NyZWMuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3htbGVkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc3B1Yi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNxcnkzMi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iTXNTZW5zZS5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgICA8SW1hZ2VMb2FkIFByZWZlclN5c3RlbTMyPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VuLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VudGFzay5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZW0uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im9yZ2NoYXJ0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJvdXRsb29rLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJwb3dlcnBudC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUHJlc2VudGF0aW9uSG9zdC5leGUiPg0KICAgIDxERVAgRW5hYmxlPSJ0cnVlIiBFbXVsYXRlQXRsVGh1bmtzPSJmYWxzZSIgLz4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIEJvdHRvbVVwPSJ0cnVlIiBIaWdoRW50cm9weT0idHJ1ZSIgLz4NCiAgICA8U0VIT1AgRW5hYmxlPSJ0cnVlIiBUZWxlbWV0cnlPbmx5PSJmYWxzZSIgLz4NCiAgICA8SGVhcCBUZXJtaW5hdGVPbkVycm9yPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJQcmludERpYWxvZy5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUmRyQ0VGLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJSZHJTZXJ2aWNlc1VwZGF0ZXIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InJ1bnRpbWVicm9rZXIuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5vc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5wc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNkeGhlbHBlci5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ic2VsZmNlcnQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNldGxhbmcuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IlN5c3RlbVNldHRpbmdzLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3aW53b3JkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3b3JkY29udi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQo8L01pdGlnYXRpb25Qb2xpY3k+"; - DefenderExploitProtectionXmlFileName = "Settings.xml"; - DefenderFileExtensionsToExclude = @(); - DefenderFilesAndFoldersToExclude = @(); - DefenderGuardedFoldersAllowedAppPaths = @(); - DefenderGuardMyFoldersType = "auditMode"; - DefenderNetworkProtectionType = "enable"; - DefenderOfficeAppsExecutableContentCreationOrLaunch = "userDefined"; - DefenderOfficeAppsExecutableContentCreationOrLaunchType = "userDefined"; - DefenderOfficeAppsLaunchChildProcess = "userDefined"; - DefenderOfficeAppsLaunchChildProcessType = "userDefined"; - DefenderOfficeAppsOtherProcessInjection = "userDefined"; - DefenderOfficeAppsOtherProcessInjectionType = "userDefined"; - DefenderOfficeCommunicationAppsLaunchChildProcess = "notConfigured"; - DefenderOfficeMacroCodeAllowWin32Imports = "userDefined"; - DefenderOfficeMacroCodeAllowWin32ImportsType = "userDefined"; - DefenderPreventCredentialStealingType = "enable"; - DefenderProcessCreation = "userDefined"; - DefenderProcessCreationType = "userDefined"; - DefenderProcessesToExclude = @(); - DefenderScriptDownloadedPayloadExecution = "userDefined"; - DefenderScriptDownloadedPayloadExecutionType = "userDefined"; - DefenderScriptObfuscatedMacroCode = "userDefined"; - DefenderScriptObfuscatedMacroCodeType = "userDefined"; - DefenderSecurityCenterBlockExploitProtectionOverride = $False; - DefenderSecurityCenterDisableAccountUI = $False; - DefenderSecurityCenterDisableClearTpmUI = $True; - DefenderSecurityCenterDisableFamilyUI = $False; - DefenderSecurityCenterDisableHardwareUI = $True; - DefenderSecurityCenterDisableHealthUI = $False; - DefenderSecurityCenterDisableNetworkUI = $False; - DefenderSecurityCenterDisableNotificationAreaUI = $False; - DefenderSecurityCenterDisableRansomwareUI = $False; - DefenderSecurityCenterDisableVirusUI = $False; - DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $True; - DefenderSecurityCenterHelpEmail = "me@domain.com"; - DefenderSecurityCenterHelpPhone = "yes"; - DefenderSecurityCenterITContactDisplay = "displayInAppAndInNotifications"; - DefenderSecurityCenterNotificationsFromApp = "blockNoncriticalNotifications"; - DefenderSecurityCenterOrganizationDisplayName = "processes.exe"; - DefenderUntrustedExecutable = "userDefined"; - DefenderUntrustedExecutableType = "userDefined"; - DefenderUntrustedUSBProcess = "userDefined"; - DefenderUntrustedUSBProcessType = "userDefined"; - DeviceGuardEnableSecureBootWithDMA = $True; - DeviceGuardEnableVirtualizationBasedSecurity = $True; - DeviceGuardLaunchSystemGuard = "notConfigured"; - DeviceGuardLocalSystemAuthorityCredentialGuardSettings = "enableWithoutUEFILock"; - DeviceGuardSecureBootWithDMA = "notConfigured"; - DisplayName = "endpoint protection legacy - dsc v2.0"; - DmaGuardDeviceEnumerationPolicy = "deviceDefault"; - Ensure = "Present"; - FirewallCertificateRevocationListCheckMethod = "deviceDefault"; - FirewallIPSecExemptionsAllowDHCP = $False; - FirewallIPSecExemptionsAllowICMP = $False; - FirewallIPSecExemptionsAllowNeighborDiscovery = $False; - FirewallIPSecExemptionsAllowRouterDiscovery = $False; - FirewallIPSecExemptionsNone = $False; - FirewallPacketQueueingMethod = "deviceDefault"; - FirewallPreSharedKeyEncodingMethod = "deviceDefault"; - FirewallProfileDomain = MSFT_MicrosoftGraphwindowsFirewallNetworkProfile{ - PolicyRulesFromGroupPolicyNotMerged = $False - InboundNotificationsBlocked = $True - OutboundConnectionsRequired = $True - GlobalPortRulesFromGroupPolicyNotMerged = $True - ConnectionSecurityRulesFromGroupPolicyNotMerged = $True - UnicastResponsesToMulticastBroadcastsRequired = $True - PolicyRulesFromGroupPolicyMerged = $False - UnicastResponsesToMulticastBroadcastsBlocked = $False - IncomingTrafficRequired = $False - IncomingTrafficBlocked = $True - ConnectionSecurityRulesFromGroupPolicyMerged = $False - StealthModeRequired = $False - InboundNotificationsRequired = $False - AuthorizedApplicationRulesFromGroupPolicyMerged = $False - InboundConnectionsBlocked = $True - OutboundConnectionsBlocked = $False - StealthModeBlocked = $True - GlobalPortRulesFromGroupPolicyMerged = $False - SecuredPacketExemptionBlocked = $False - SecuredPacketExemptionAllowed = $False - InboundConnectionsRequired = $False - FirewallEnabled = 'allowed' - AuthorizedApplicationRulesFromGroupPolicyNotMerged = $True - }; - FirewallRules = @( - MSFT_MicrosoftGraphwindowsFirewallRule{ - Action = 'allowed' - InterfaceTypes = 'notConfigured' - DisplayName = 'ICMP' - TrafficDirection = 'in' - ProfileTypes = 'domain' - EdgeTraversal = 'notConfigured' - } - ); - LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; - LanManagerWorkstationDisableInsecureGuestLogons = $False; - LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; - LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $False; - LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $False; - LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $False; - LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $True; - LocalSecurityOptionsAllowUIAccessApplicationElevation = $False; - LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $False; - LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $True; - LocalSecurityOptionsBlockMicrosoftAccounts = $True; - LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $True; - LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $True; - LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $True; - LocalSecurityOptionsClearVirtualMemoryPageFile = $True; - LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $False; - LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $False; - LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $False; - LocalSecurityOptionsDisableAdministratorAccount = $True; - LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $False; - LocalSecurityOptionsDisableGuestAccount = $True; - LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $False; - LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $False; - LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $True; - LocalSecurityOptionsDoNotRequireCtrlAltDel = $True; - LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $False; - LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = "administrators"; - LocalSecurityOptionsHideLastSignedInUser = $False; - LocalSecurityOptionsHideUsernameAtSignIn = $False; - LocalSecurityOptionsInformationDisplayedOnLockScreen = "notConfigured"; - LocalSecurityOptionsInformationShownOnLockScreen = "notConfigured"; - LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = "none"; - LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = "none"; - LocalSecurityOptionsOnlyElevateSignedExecutables = $False; - LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $True; - LocalSecurityOptionsSmartCardRemovalBehavior = "lockWorkstation"; - LocalSecurityOptionsStandardUserElevationPromptBehavior = "notConfigured"; - LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $False; - LocalSecurityOptionsUseAdminApprovalMode = $False; - LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $False; - LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $False; - SmartScreenBlockOverrideForFiles = $True; - SmartScreenEnableInShell = $True; - SupportsScopeTags = $True; - UserRightsAccessCredentialManagerAsTrustedCaller = MSFT_MicrosoftGraphdeviceManagementUserRightsSetting{ - State = 'allowed' - LocalUsersOrGroups = @( - MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup{ - Name = 'NT AUTHORITY\Local service' - SecurityIdentifier = '*S-1-5-19' - } - ) - }; - WindowsDefenderTamperProtection = "enable"; - XboxServicesAccessoryManagementServiceStartupMode = "manual"; - XboxServicesEnableXboxGameSaveTask = $True; - XboxServicesLiveAuthManagerServiceStartupMode = "manual"; - XboxServicesLiveGameSaveServiceStartupMode = "manual"; - XboxServicesLiveNetworkingServiceStartupMode = "manual"; - } - IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' - { - ApplicationGuardAllowFileSaveOnHost = $True; - ApplicationGuardAllowPersistence = $True; - ApplicationGuardAllowPrintToLocalPrinters = $True; - ApplicationGuardAllowPrintToNetworkPrinters = $False; # Updated Property - ApplicationGuardAllowPrintToPDF = $True; - ApplicationGuardAllowPrintToXPS = $True; - ApplicationGuardAllowVirtualGPU = $True; - ApplicationGuardBlockClipboardSharing = "blockContainerToHost"; - ApplicationGuardBlockFileTransfer = "blockImageFile"; - ApplicationGuardBlockNonEnterpriseContent = $True; - ApplicationGuardCertificateThumbprints = @(); - ApplicationGuardEnabled = $True; - ApplicationGuardEnabledOptions = "enabledForEdge"; - ApplicationGuardForceAuditing = $True; - AppLockerApplicationControl = "enforceComponentsStoreAppsAndSmartlocker"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - BitLockerAllowStandardUserEncryption = $True; - BitLockerDisableWarningForOtherDiskEncryption = $True; - BitLockerEnableStorageCardEncryptionOnMobile = $True; - BitLockerEncryptDevice = $True; - BitLockerFixedDrivePolicy = MSFT_MicrosoftGraphbitLockerFixedDrivePolicy{ - RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ - RecoveryInformationToStore = 'passwordAndKey' - HideRecoveryOptions = $True - BlockDataRecoveryAgent = $True - RecoveryKeyUsage = 'allowed' - EnableBitLockerAfterRecoveryInformationToStore = $True - EnableRecoveryInformationSaveToStore = $True - RecoveryPasswordUsage = 'allowed' - } - RequireEncryptionForWriteAccess = $True - EncryptionMethod = 'xtsAes128' - }; - BitLockerRecoveryPasswordRotation = "notConfigured"; - BitLockerRemovableDrivePolicy = MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy{ - RequireEncryptionForWriteAccess = $True - BlockCrossOrganizationWriteAccess = $True - EncryptionMethod = 'aesCbc128' - }; - BitLockerSystemDrivePolicy = MSFT_MicrosoftGraphbitLockerSystemDrivePolicy{ - PrebootRecoveryEnableMessageAndUrl = $True - StartupAuthenticationTpmPinUsage = 'allowed' - EncryptionMethod = 'xtsAes128' - StartupAuthenticationTpmPinAndKeyUsage = 'allowed' - StartupAuthenticationRequired = $True - RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ - RecoveryInformationToStore = 'passwordAndKey' - HideRecoveryOptions = $False - BlockDataRecoveryAgent = $True - RecoveryKeyUsage = 'allowed' - EnableBitLockerAfterRecoveryInformationToStore = $True - EnableRecoveryInformationSaveToStore = $False - RecoveryPasswordUsage = 'allowed' - } - StartupAuthenticationTpmUsage = 'allowed' - StartupAuthenticationTpmKeyUsage = 'allowed' - StartupAuthenticationBlockWithoutTpmChip = $False - }; - Credential = $Credscredential; - DefenderAdditionalGuardedFolders = @(); - DefenderAdobeReaderLaunchChildProcess = "notConfigured"; - DefenderAdvancedRansomewareProtectionType = "notConfigured"; - DefenderAttackSurfaceReductionExcludedPaths = @(); - DefenderBlockPersistenceThroughWmiType = "userDefined"; - DefenderEmailContentExecution = "userDefined"; - DefenderEmailContentExecutionType = "userDefined"; - DefenderExploitProtectionXml = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxNaXRpZ2F0aW9uUG9saWN5Pg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IkFjcm9SZDMyLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJBY3JvUmQzMkluZm8uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImNsdmlldy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iY25mbm90MzIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImV4Y2VsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJleGNlbGNudi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iRXh0RXhwb3J0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJncmFwaC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iaWU0dWluaXQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllaW5zdGFsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJpZWxvd3V0aWwuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllVW5hdHQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImlleHBsb3JlLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJseW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2FjY2Vzcy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNjb3JzdncuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zZmVlZHNzeW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2h0YS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvYWRmc2IuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb2FzYi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvaHRtZWQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3NyZWMuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3htbGVkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc3B1Yi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNxcnkzMi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iTXNTZW5zZS5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgICA8SW1hZ2VMb2FkIFByZWZlclN5c3RlbTMyPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VuLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VudGFzay5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZW0uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im9yZ2NoYXJ0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJvdXRsb29rLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJwb3dlcnBudC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUHJlc2VudGF0aW9uSG9zdC5leGUiPg0KICAgIDxERVAgRW5hYmxlPSJ0cnVlIiBFbXVsYXRlQXRsVGh1bmtzPSJmYWxzZSIgLz4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIEJvdHRvbVVwPSJ0cnVlIiBIaWdoRW50cm9weT0idHJ1ZSIgLz4NCiAgICA8U0VIT1AgRW5hYmxlPSJ0cnVlIiBUZWxlbWV0cnlPbmx5PSJmYWxzZSIgLz4NCiAgICA8SGVhcCBUZXJtaW5hdGVPbkVycm9yPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJQcmludERpYWxvZy5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUmRyQ0VGLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJSZHJTZXJ2aWNlc1VwZGF0ZXIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InJ1bnRpbWVicm9rZXIuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5vc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5wc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNkeGhlbHBlci5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ic2VsZmNlcnQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNldGxhbmcuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IlN5c3RlbVNldHRpbmdzLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3aW53b3JkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3b3JkY29udi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQo8L01pdGlnYXRpb25Qb2xpY3k+"; - DefenderExploitProtectionXmlFileName = "Settings.xml"; - DefenderFileExtensionsToExclude = @(); - DefenderFilesAndFoldersToExclude = @(); - DefenderGuardedFoldersAllowedAppPaths = @(); - DefenderGuardMyFoldersType = "auditMode"; - DefenderNetworkProtectionType = "enable"; - DefenderOfficeAppsExecutableContentCreationOrLaunch = "userDefined"; - DefenderOfficeAppsExecutableContentCreationOrLaunchType = "userDefined"; - DefenderOfficeAppsLaunchChildProcess = "userDefined"; - DefenderOfficeAppsLaunchChildProcessType = "userDefined"; - DefenderOfficeAppsOtherProcessInjection = "userDefined"; - DefenderOfficeAppsOtherProcessInjectionType = "userDefined"; - DefenderOfficeCommunicationAppsLaunchChildProcess = "notConfigured"; - DefenderOfficeMacroCodeAllowWin32Imports = "userDefined"; - DefenderOfficeMacroCodeAllowWin32ImportsType = "userDefined"; - DefenderPreventCredentialStealingType = "enable"; - DefenderProcessCreation = "userDefined"; - DefenderProcessCreationType = "userDefined"; - DefenderProcessesToExclude = @(); - DefenderScriptDownloadedPayloadExecution = "userDefined"; - DefenderScriptDownloadedPayloadExecutionType = "userDefined"; - DefenderScriptObfuscatedMacroCode = "userDefined"; - DefenderScriptObfuscatedMacroCodeType = "userDefined"; - DefenderSecurityCenterBlockExploitProtectionOverride = $False; - DefenderSecurityCenterDisableAccountUI = $False; - DefenderSecurityCenterDisableClearTpmUI = $True; - DefenderSecurityCenterDisableFamilyUI = $False; - DefenderSecurityCenterDisableHardwareUI = $True; - DefenderSecurityCenterDisableHealthUI = $False; - DefenderSecurityCenterDisableNetworkUI = $False; - DefenderSecurityCenterDisableNotificationAreaUI = $False; - DefenderSecurityCenterDisableRansomwareUI = $False; - DefenderSecurityCenterDisableVirusUI = $False; - DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $True; - DefenderSecurityCenterHelpEmail = "me@domain.com"; - DefenderSecurityCenterHelpPhone = "yes"; - DefenderSecurityCenterITContactDisplay = "displayInAppAndInNotifications"; - DefenderSecurityCenterNotificationsFromApp = "blockNoncriticalNotifications"; - DefenderSecurityCenterOrganizationDisplayName = "processes.exe"; - DefenderUntrustedExecutable = "userDefined"; - DefenderUntrustedExecutableType = "userDefined"; - DefenderUntrustedUSBProcess = "userDefined"; - DefenderUntrustedUSBProcessType = "userDefined"; - DeviceGuardEnableSecureBootWithDMA = $True; - DeviceGuardEnableVirtualizationBasedSecurity = $True; - DeviceGuardLaunchSystemGuard = "notConfigured"; - DeviceGuardLocalSystemAuthorityCredentialGuardSettings = "enableWithoutUEFILock"; - DeviceGuardSecureBootWithDMA = "notConfigured"; - DisplayName = "endpoint protection legacy - dsc v2.0"; - DmaGuardDeviceEnumerationPolicy = "deviceDefault"; - Ensure = "Present"; - FirewallCertificateRevocationListCheckMethod = "deviceDefault"; - FirewallIPSecExemptionsAllowDHCP = $False; - FirewallIPSecExemptionsAllowICMP = $False; - FirewallIPSecExemptionsAllowNeighborDiscovery = $False; - FirewallIPSecExemptionsAllowRouterDiscovery = $False; - FirewallIPSecExemptionsNone = $False; - FirewallPacketQueueingMethod = "deviceDefault"; - FirewallPreSharedKeyEncodingMethod = "deviceDefault"; - FirewallProfileDomain = MSFT_MicrosoftGraphwindowsFirewallNetworkProfile{ - PolicyRulesFromGroupPolicyNotMerged = $False - InboundNotificationsBlocked = $True - OutboundConnectionsRequired = $True - GlobalPortRulesFromGroupPolicyNotMerged = $True - ConnectionSecurityRulesFromGroupPolicyNotMerged = $True - UnicastResponsesToMulticastBroadcastsRequired = $True - PolicyRulesFromGroupPolicyMerged = $False - UnicastResponsesToMulticastBroadcastsBlocked = $False - IncomingTrafficRequired = $False - IncomingTrafficBlocked = $True - ConnectionSecurityRulesFromGroupPolicyMerged = $False - StealthModeRequired = $False - InboundNotificationsRequired = $False - AuthorizedApplicationRulesFromGroupPolicyMerged = $False - InboundConnectionsBlocked = $True - OutboundConnectionsBlocked = $False - StealthModeBlocked = $True - GlobalPortRulesFromGroupPolicyMerged = $False - SecuredPacketExemptionBlocked = $False - SecuredPacketExemptionAllowed = $False - InboundConnectionsRequired = $False - FirewallEnabled = 'allowed' - AuthorizedApplicationRulesFromGroupPolicyNotMerged = $True - }; - FirewallRules = @( - MSFT_MicrosoftGraphwindowsFirewallRule{ - Action = 'allowed' - InterfaceTypes = 'notConfigured' - DisplayName = 'ICMP' - TrafficDirection = 'in' - ProfileTypes = 'domain' - EdgeTraversal = 'notConfigured' - } - ); - LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; - LanManagerWorkstationDisableInsecureGuestLogons = $False; - LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; - LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $False; - LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $False; - LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $False; - LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $True; - LocalSecurityOptionsAllowUIAccessApplicationElevation = $False; - LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $False; - LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $True; - LocalSecurityOptionsBlockMicrosoftAccounts = $True; - LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $True; - LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $True; - LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $True; - LocalSecurityOptionsClearVirtualMemoryPageFile = $True; - LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $False; - LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $False; - LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $False; - LocalSecurityOptionsDisableAdministratorAccount = $True; - LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $False; - LocalSecurityOptionsDisableGuestAccount = $True; - LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $False; - LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $False; - LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $True; - LocalSecurityOptionsDoNotRequireCtrlAltDel = $True; - LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $False; - LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = "administrators"; - LocalSecurityOptionsHideLastSignedInUser = $False; - LocalSecurityOptionsHideUsernameAtSignIn = $False; - LocalSecurityOptionsInformationDisplayedOnLockScreen = "notConfigured"; - LocalSecurityOptionsInformationShownOnLockScreen = "notConfigured"; - LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = "none"; - LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = "none"; - LocalSecurityOptionsOnlyElevateSignedExecutables = $False; - LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $True; - LocalSecurityOptionsSmartCardRemovalBehavior = "lockWorkstation"; - LocalSecurityOptionsStandardUserElevationPromptBehavior = "notConfigured"; - LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $False; - LocalSecurityOptionsUseAdminApprovalMode = $False; - LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $False; - LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $False; - SmartScreenBlockOverrideForFiles = $True; - SmartScreenEnableInShell = $True; - SupportsScopeTags = $True; - UserRightsAccessCredentialManagerAsTrustedCaller = MSFT_MicrosoftGraphdeviceManagementUserRightsSetting{ - State = 'allowed' - LocalUsersOrGroups = @( - MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup{ - Name = 'NT AUTHORITY\Local service' - SecurityIdentifier = '*S-1-5-19' - } - ) - }; - WindowsDefenderTamperProtection = "enable"; - XboxServicesAccessoryManagementServiceStartupMode = "manual"; - XboxServicesEnableXboxGameSaveTask = $True; - XboxServicesLiveAuthManagerServiceStartupMode = "manual"; - XboxServicesLiveGameSaveServiceStartupMode = "manual"; - XboxServicesLiveNetworkingServiceStartupMode = "manual"; - } - IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' - { - DisplayName = "endpoint protection legacy - dsc v2.0"; - Credential = $Credscredential; - Ensure = "Absent"; - } - IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Bluetooth = "notConfigured"; - BootFromBuiltInNetworkAdapters = "notConfigured"; - BootFromExternalMedia = "notConfigured"; - Cameras = "enabled"; - ChangeUefiSettingsPermission = "notConfiguredOnly"; - Credential = $Credscredential; - DisplayName = "firmware"; - Ensure = "Present"; - FrontCamera = "enabled"; - InfraredCamera = "enabled"; - Microphone = "notConfigured"; - MicrophonesAndSpeakers = "enabled"; - NearFieldCommunication = "notConfigured"; - Radios = "enabled"; - RearCamera = "enabled"; - SdCard = "notConfigured"; - SimultaneousMultiThreading = "enabled"; - SupportsScopeTags = $True; - UsbTypeAPort = "notConfigured"; - VirtualizationOfCpuAndIO = "enabled"; - WakeOnLAN = "notConfigured"; - WakeOnPower = "notConfigured"; - WiFi = "notConfigured"; - WindowsPlatformBinaryTable = "enabled"; - WirelessWideAreaNetwork = "notConfigured"; - } - IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Bluetooth = "notConfigured"; - BootFromBuiltInNetworkAdapters = "notConfigured"; - BootFromExternalMedia = "notConfigured"; - Cameras = "enabled"; # Updated Property - ChangeUefiSettingsPermission = "notConfiguredOnly"; - Credential = $Credscredential; - DisplayName = "firmware"; - Ensure = "Present"; - FrontCamera = "enabled"; - InfraredCamera = "enabled"; - Microphone = "notConfigured"; - MicrophonesAndSpeakers = "enabled"; - NearFieldCommunication = "notConfigured"; - Radios = "enabled"; - RearCamera = "enabled"; - SdCard = "notConfigured"; - SimultaneousMultiThreading = "enabled"; - SupportsScopeTags = $True; - UsbTypeAPort = "notConfigured"; - VirtualizationOfCpuAndIO = "enabled"; - WakeOnLAN = "notConfigured"; - WakeOnPower = "notConfigured"; - WiFi = "notConfigured"; - WindowsPlatformBinaryTable = "enabled"; - WirelessWideAreaNetwork = "notConfigured"; - } - IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "firmware"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' - { - AllowDeviceHealthMonitoring = "enabled"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); - Credential = $Credscredential; - DisplayName = "Health Monitoring Configuration"; - Ensure = "Present"; - SupportsScopeTags = $True; - } - IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' - { - AllowDeviceHealthMonitoring = "enabled"; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); - Credential = $Credscredential; - DisplayName = "Health Monitoring Configuration"; - Ensure = "Present"; - SupportsScopeTags = $False; # Updated Property - } - IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "Health Monitoring Configuration"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "identity protection"; - EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; - Ensure = "Present"; - PinExpirationInDays = 5; - PinLowercaseCharactersUsage = "allowed"; - PinMaximumLength = 4; - PinMinimumLength = 4; - PinPreviousBlockCount = 3; - PinRecoveryEnabled = $True; - PinSpecialCharactersUsage = "allowed"; - PinUppercaseCharactersUsage = "allowed"; - SecurityDeviceRequired = $True; - SupportsScopeTags = $True; - UnlockWithBiometricsEnabled = $True; - UseCertificatesForOnPremisesAuthEnabled = $True; - UseSecurityKeyForSignin = $True; - WindowsHelloForBusinessBlocked = $False; - } - IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "identity protection"; - EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; - Ensure = "Present"; - PinExpirationInDays = 5; - PinLowercaseCharactersUsage = "allowed"; - PinMaximumLength = 4; - PinMinimumLength = 4; - PinPreviousBlockCount = 4; # Updated Property - PinRecoveryEnabled = $True; - PinSpecialCharactersUsage = "allowed"; - PinUppercaseCharactersUsage = "allowed"; - SecurityDeviceRequired = $True; - SupportsScopeTags = $True; - UnlockWithBiometricsEnabled = $True; - UseCertificatesForOnPremisesAuthEnabled = $True; - UseSecurityKeyForSignin = $True; - WindowsHelloForBusinessBlocked = $False; - } - IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "identity protection"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertificateValidityPeriodScale = "years"; - CertificateValidityPeriodValue = 1; - Credential = $Credscredential; - DisplayName = "PKCS Imported"; - Ensure = "Present"; - IntendedPurpose = "unassigned"; - KeyStorageProvider = "useSoftwareKsp"; - RenewalThresholdPercentage = 50; - SubjectAlternativeNameType = "emailAddress"; - SubjectNameFormat = "commonName"; - } - IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertificateValidityPeriodScale = "years"; - CertificateValidityPeriodValue = 1; - Credential = $Credscredential; - DisplayName = "PKCS Imported"; - Ensure = "Present"; - IntendedPurpose = "unassigned"; - KeyStorageProvider = "useSoftwareKsp"; - RenewalThresholdPercentage = 60; # Updated Property - SubjectAlternativeNameType = "emailAddress"; - SubjectNameFormat = "commonName"; - } - IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "PKCS Imported"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationKioskPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "kiosk"; - EdgeKioskEnablePublicBrowsing = $False; - Ensure = "Present"; - KioskBrowserBlockedUrlExceptions = @(); - KioskBrowserBlockedURLs = @(); - KioskBrowserDefaultUrl = "http://bing.com"; - KioskBrowserEnableEndSessionButton = $False; - KioskBrowserEnableHomeButton = $True; - KioskBrowserEnableNavigationButtons = $False; - KioskProfiles = @( - MSFT_MicrosoftGraphwindowsKioskProfile{ - ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c' - UserAccountsConfiguration = @( - MSFT_MicrosoftGraphWindowsKioskUser{ - odataType = '#microsoft.graph.windowsKioskAutologon' - } - ) - ProfileName = 'profile' - AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{ - Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{ - EdgeNoFirstRun = $True - EdgeKiosk = 'https://domain.com' - ClassicAppPath = 'msedge.exe' - AutoLaunch = $False - StartLayoutTileSize = 'hidden' - AppType = 'unknown' - EdgeKioskType = 'publicBrowsing' - } - odataType = '#microsoft.graph.windowsKioskSingleWin32App' - } - } - ); - WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ - RunImmediatelyIfAfterStartDateTime = $False - StartDateTime = '2023-04-15T23:00:00.0000000+00:00' - DayofMonth = 1 - Recurrence = 'daily' - DayofWeek = 'sunday' - }; - } - IntuneDeviceConfigurationKioskPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "kiosk"; - EdgeKioskEnablePublicBrowsing = $False; # Updated Property - Ensure = "Present"; - KioskBrowserBlockedUrlExceptions = @(); - KioskBrowserBlockedURLs = @(); - KioskBrowserDefaultUrl = "http://bing.com"; - KioskBrowserEnableEndSessionButton = $False; - KioskBrowserEnableHomeButton = $True; - KioskBrowserEnableNavigationButtons = $False; - KioskProfiles = @( - MSFT_MicrosoftGraphwindowsKioskProfile{ - ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c' - UserAccountsConfiguration = @( - MSFT_MicrosoftGraphWindowsKioskUser{ - odataType = '#microsoft.graph.windowsKioskAutologon' - } - ) - ProfileName = 'profile' - AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{ - Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{ - EdgeNoFirstRun = $True - EdgeKiosk = 'https://domain.com' - ClassicAppPath = 'msedge.exe' - AutoLaunch = $False - StartLayoutTileSize = 'hidden' - AppType = 'unknown' - EdgeKioskType = 'publicBrowsing' - } - odataType = '#microsoft.graph.windowsKioskSingleWin32App' - } - } - ); - WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ - RunImmediatelyIfAfterStartDateTime = $False - StartDateTime = '2023-04-15T23:00:00.0000000+00:00' - DayofMonth = 1 - Recurrence = 'daily' - DayofWeek = 'sunday' - }; - } - IntuneDeviceConfigurationKioskPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "kiosk"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "network boundary"; - Ensure = "Present"; - SupportsScopeTags = $True; - WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ - EnterpriseProxyServers = @() - EnterpriseInternalProxyServers = @() - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @('domain.com') - EnterpriseIPRanges = @( - MSFT_MicrosoftGraphIpRange1{ - UpperAddress = '1.1.1.255' - LowerAddress = '1.1.1.0' - odataType = '#microsoft.graph.iPv4Range' - } - ) - NeutralDomainResources = @() - }; - } - IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisplayName = "network boundary"; - Ensure = "Present"; - SupportsScopeTags = $False; # Updated Property - WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ - EnterpriseProxyServers = @() - EnterpriseInternalProxyServers = @() - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseProxyServersAreAuthoritative = $True - EnterpriseNetworkDomainNames = @('domain.com') - EnterpriseIPRanges = @( - MSFT_MicrosoftGraphIpRange1{ - UpperAddress = '1.1.1.255' - LowerAddress = '1.1.1.0' - odataType = '#microsoft.graph.iPv4Range' - } - ) - NeutralDomainResources = @() - }; - } - IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "network boundary"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertificateStore = "user"; - CertificateTemplateName = "Template DSC"; - CertificateValidityPeriodScale = "years"; - CertificateValidityPeriodValue = 1; - CertificationAuthority = "CA=Name"; - CertificationAuthorityName = "Test"; - Credential = $Credscredential; - CustomSubjectAlternativeNames = @( - MSFT_MicrosoftGraphcustomSubjectAlternativeName{ - SanType = 'domainNameService' - Name = 'certificate.com' - } - ); - DisplayName = "PKCS"; - Ensure = "Present"; - KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; - RenewalThresholdPercentage = 20; - SubjectAlternativeNameType = "none"; - SubjectNameFormat = "custom"; - SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; - } - IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertificateStore = "user"; - CertificateTemplateName = "Template DSC"; - CertificateValidityPeriodScale = "years"; - CertificateValidityPeriodValue = 1; - CertificationAuthority = "CA=Name"; - CertificationAuthorityName = "Test"; - Credential = $Credscredential; - CustomSubjectAlternativeNames = @( - MSFT_MicrosoftGraphcustomSubjectAlternativeName{ - SanType = 'domainNameService' - Name = 'certificate.com' - } - ); - DisplayName = "PKCS"; - Ensure = "Present"; - KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; - RenewalThresholdPercentage = 30; # Updated Property - SubjectAlternativeNameType = "none"; - SubjectNameFormat = "custom"; - SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; - } - IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "PKCS"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' - { - DisplayName = 'Android device admin' - AppsBlockClipboardSharing = $True - AppsBlockCopyPaste = $True - AppsBlockYouTube = $False - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - BluetoothBlocked = $True - CameraBlocked = $True - CellularBlockDataRoaming = $False - CellularBlockMessaging = $False - CellularBlockVoiceRoaming = $False - CellularBlockWiFiTethering = $False - CompliantAppListType = 'appsInListCompliant' - CompliantAppsList = @( - MSFT_MicrosoftGraphAppListitem { - name = 'customApp' - publisher = 'google2' - appStoreUrl = 'https://appUrl.com' - appId = 'com.custom.google.com' - } - ) - DateAndTimeBlockChanges = $True - DeviceSharingAllowed = $False - DiagnosticDataBlockSubmission = $False - FactoryResetBlocked = $False - GoogleAccountBlockAutoSync = $False - GooglePlayStoreBlocked = $False - KioskModeBlockSleepButton = $False - KioskModeBlockVolumeButtons = $True - LocationServicesBlocked = $False - NfcBlocked = $False - PasswordBlockFingerprintUnlock = $False - PasswordBlockTrustAgents = $False - PasswordRequired = $True - PasswordRequiredType = 'numeric' - PowerOffBlocked = $False - RequiredPasswordComplexity = 'low' - ScreenCaptureBlocked = $False - SecurityRequireVerifyApps = $False - StorageBlockGoogleBackup = $False - StorageBlockRemovableStorage = $False - StorageRequireDeviceEncryption = $False - StorageRequireRemovableStorageEncryption = $True - VoiceAssistantBlocked = $False - VoiceDialingBlocked = $False - WebBrowserBlockAutofill = $False - WebBrowserBlocked = $False - WebBrowserBlockJavaScript = $False - WebBrowserBlockPopups = $False - WebBrowserCookieSettings = 'allowAlways' - WiFiBlocked = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' - { - DisplayName = 'Android device admin' - AppsBlockClipboardSharing = $True - AppsBlockCopyPaste = $False # Updated Property - AppsBlockYouTube = $False - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - BluetoothBlocked = $True - CameraBlocked = $True - CellularBlockDataRoaming = $False - CellularBlockMessaging = $False - CellularBlockVoiceRoaming = $False - CellularBlockWiFiTethering = $False - CompliantAppListType = 'appsInListCompliant' - CompliantAppsList = @( - MSFT_MicrosoftGraphAppListitem { - name = 'customApp' - publisher = 'google2' - appStoreUrl = 'https://appUrl.com' - appId = 'com.custom.google.com' - } - ) - DateAndTimeBlockChanges = $True - DeviceSharingAllowed = $False - DiagnosticDataBlockSubmission = $False - FactoryResetBlocked = $False - GoogleAccountBlockAutoSync = $False - GooglePlayStoreBlocked = $False - KioskModeBlockSleepButton = $False - KioskModeBlockVolumeButtons = $True - LocationServicesBlocked = $False - NfcBlocked = $False - PasswordBlockFingerprintUnlock = $False - PasswordBlockTrustAgents = $False - PasswordRequired = $True - PasswordRequiredType = 'numeric' - PowerOffBlocked = $False - RequiredPasswordComplexity = 'low' - ScreenCaptureBlocked = $False - SecurityRequireVerifyApps = $False - StorageBlockGoogleBackup = $False - StorageBlockRemovableStorage = $False - StorageRequireDeviceEncryption = $False - StorageRequireRemovableStorageEncryption = $True - VoiceAssistantBlocked = $False - VoiceDialingBlocked = $False - WebBrowserBlockAutofill = $False - WebBrowserBlocked = $False - WebBrowserBlockJavaScript = $False - WebBrowserBlockPopups = $False - WebBrowserCookieSettings = 'allowAlways' - WiFiBlocked = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' - { - DisplayName = 'Android device admin' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' - { - DisplayName = 'general confi - AndroidDeviceOwner' - Assignments = @() - AzureAdSharedDeviceDataClearApps = @() - CameraBlocked = $True - CrossProfilePoliciesAllowDataSharing = 'notConfigured' - EnrollmentProfile = 'notConfigured' - FactoryResetDeviceAdministratorEmails = @() - GlobalProxy = MSFT_MicrosoftGraphandroiddeviceownerglobalproxy { - odataType = '#microsoft.graph.androidDeviceOwnerGlobalProxyDirect' - host = 'myproxy.com' - port = 8083 - } - KioskCustomizationStatusBar = 'notConfigured' - KioskCustomizationSystemNavigation = 'notConfigured' - KioskModeAppPositions = @() - KioskModeApps = @() - KioskModeManagedFolders = @() - KioskModeUseManagedHomeScreenApp = 'notConfigured' - KioskModeWifiAllowedSsids = @() - MicrophoneForceMute = $True - NfcBlockOutgoingBeam = $True - PasswordBlockKeyguardFeatures = @() - PasswordRequiredType = 'deviceDefault' - PasswordRequireUnlock = 'deviceDefault' - PersonalProfilePersonalApplications = @() - PersonalProfilePlayStoreMode = 'notConfigured' - ScreenCaptureBlocked = $True - SecurityRequireVerifyApps = $True - StayOnModes = @() - StorageBlockExternalMedia = $True - SystemUpdateFreezePeriods = @( - MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod { - startMonth = 12 - startDay = 23 - endMonth = 12 - endDay = 30 - }) - VpnAlwaysOnLockdownMode = $False - VpnAlwaysOnPackageIdentifier = '' - WorkProfilePasswordRequiredType = 'deviceDefault' - WorkProfilePasswordRequireUnlock = 'deviceDefault' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' - { - DisplayName = 'general confi - AndroidDeviceOwner' - Assignments = @() - AzureAdSharedDeviceDataClearApps = @() - CameraBlocked = $False # Updated Property - CrossProfilePoliciesAllowDataSharing = 'notConfigured' - EnrollmentProfile = 'notConfigured' - FactoryResetDeviceAdministratorEmails = @() - GlobalProxy = MSFT_MicrosoftGraphandroiddeviceownerglobalproxy { - odataType = '#microsoft.graph.androidDeviceOwnerGlobalProxyDirect' - host = 'myproxy.com' - port = 8083 - } - KioskCustomizationStatusBar = 'notConfigured' - KioskCustomizationSystemNavigation = 'notConfigured' - KioskModeAppPositions = @() - KioskModeApps = @() - KioskModeManagedFolders = @() - KioskModeUseManagedHomeScreenApp = 'notConfigured' - KioskModeWifiAllowedSsids = @() - MicrophoneForceMute = $True - NfcBlockOutgoingBeam = $True - PasswordBlockKeyguardFeatures = @() - PasswordRequiredType = 'deviceDefault' - PasswordRequireUnlock = 'deviceDefault' - PersonalProfilePersonalApplications = @() - PersonalProfilePlayStoreMode = 'notConfigured' - ScreenCaptureBlocked = $True - SecurityRequireVerifyApps = $True - StayOnModes = @() - StorageBlockExternalMedia = $True - SystemUpdateFreezePeriods = @( - MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod { - startMonth = 12 - startDay = 23 - endMonth = 12 - endDay = 30 - }) - VpnAlwaysOnLockdownMode = $False - VpnAlwaysOnPackageIdentifier = '' - WorkProfilePasswordRequiredType = 'deviceDefault' - WorkProfilePasswordRequireUnlock = 'deviceDefault' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' - { - DisplayName = 'general confi - AndroidDeviceOwner' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' - { - DisplayName = 'aosp' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - CameraBlocked = $False - FactoryResetBlocked = $True - PasswordRequiredType = 'deviceDefault' - ScreenCaptureBlocked = $True - StorageBlockExternalMedia = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' - { - DisplayName = 'aosp' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - CameraBlocked = $True # Updated Property - FactoryResetBlocked = $True - PasswordRequiredType = 'deviceDefault' - ScreenCaptureBlocked = $True - StorageBlockExternalMedia = $True - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' - { - DisplayName = 'aosp' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' - { - DisplayName = 'Android Work Profile - Device Restrictions - Standard' - PasswordBlockFingerprintUnlock = $False - PasswordBlockTrustAgents = $False - PasswordMinimumLength = 6 - PasswordMinutesOfInactivityBeforeScreenTimeout = 15 - PasswordRequiredType = 'atLeastNumeric' - SecurityRequireVerifyApps = $True - WorkProfileBlockAddingAccounts = $True - WorkProfileBlockCamera = $False - WorkProfileBlockCrossProfileCallerId = $False - WorkProfileBlockCrossProfileContactsSearch = $False - WorkProfileBlockCrossProfileCopyPaste = $True - WorkProfileBlockNotificationsWhileDeviceLocked = $True - WorkProfileBlockScreenCapture = $True - WorkProfileBluetoothEnableContactSharing = $False - WorkProfileDataSharingType = 'allowPersonalToWork' - WorkProfileDefaultAppPermissionPolicy = 'deviceDefault' - WorkProfilePasswordBlockFingerprintUnlock = $False - WorkProfilePasswordBlockTrustAgents = $False - WorkProfilePasswordRequiredType = 'deviceDefault' - WorkProfileRequirePassword = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' - { - DisplayName = 'Android Work Profile - Device Restrictions - Standard' - PasswordBlockFingerprintUnlock = $False - PasswordBlockTrustAgents = $True # Updated Property - PasswordMinimumLength = 6 - PasswordMinutesOfInactivityBeforeScreenTimeout = 15 - PasswordRequiredType = 'atLeastNumeric' - SecurityRequireVerifyApps = $True - WorkProfileBlockAddingAccounts = $True - WorkProfileBlockCamera = $False - WorkProfileBlockCrossProfileCallerId = $False - WorkProfileBlockCrossProfileContactsSearch = $False - WorkProfileBlockCrossProfileCopyPaste = $True - WorkProfileBlockNotificationsWhileDeviceLocked = $True - WorkProfileBlockScreenCapture = $True - WorkProfileBluetoothEnableContactSharing = $False - WorkProfileDataSharingType = 'allowPersonalToWork' - WorkProfileDefaultAppPermissionPolicy = 'deviceDefault' - WorkProfilePasswordBlockFingerprintUnlock = $False - WorkProfilePasswordBlockTrustAgents = $False - WorkProfilePasswordRequiredType = 'deviceDefault' - WorkProfileRequirePassword = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' - { - DisplayName = 'Android Work Profile - Device Restrictions - Standard' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' - { - DisplayName = 'iOS DSC Policy' - AccountBlockModification = $False - ActivationLockAllowWhenSupervised = $False - AirDropBlocked = $False - AirDropForceUnmanagedDropTarget = $False - AirPlayForcePairingPasswordForOutgoingRequests = $False - AppleNewsBlocked = $False - AppleWatchBlockPairing = $False - AppleWatchForceWristDetection = $False - AppStoreBlockAutomaticDownloads = $False - AppStoreBlocked = $False - AppStoreBlockInAppPurchases = $False - AppStoreBlockUIAppInstallation = $False - AppStoreRequirePassword = $False - AppsVisibilityList = @() - AppsVisibilityListType = 'none' - BluetoothBlockModification = $True - CameraBlocked = $False - CellularBlockDataRoaming = $False - CellularBlockGlobalBackgroundFetchWhileRoaming = $False - CellularBlockPerAppDataModification = $False - CellularBlockVoiceRoaming = $False - CertificatesBlockUntrustedTlsCertificates = $False - ClassroomAppBlockRemoteScreenObservation = $False - CompliantAppListType = 'none' - CompliantAppsList = @() - ConfigurationProfileBlockChanges = $False - DefinitionLookupBlocked = $False - Description = 'iOS Device Restriction Policy' - DeviceBlockEnableRestrictions = $True - DeviceBlockEraseContentAndSettings = $False - DeviceBlockNameModification = $False - DiagnosticDataBlockSubmission = $False - DiagnosticDataBlockSubmissionModification = $False - DocumentsBlockManagedDocumentsInUnmanagedApps = $False - DocumentsBlockUnmanagedDocumentsInManagedApps = $False - EmailInDomainSuffixes = @() - EnterpriseAppBlockTrust = $False - EnterpriseAppBlockTrustModification = $False - FaceTimeBlocked = $False - FindMyFriendsBlocked = $False - GameCenterBlocked = $False - GamingBlockGameCenterFriends = $True - GamingBlockMultiplayer = $False - HostPairingBlocked = $False - iBooksStoreBlocked = $False - iBooksStoreBlockErotica = $False - iCloudBlockActivityContinuation = $False - iCloudBlockBackup = $True - iCloudBlockDocumentSync = $True - iCloudBlockManagedAppsSync = $False - iCloudBlockPhotoLibrary = $False - iCloudBlockPhotoStreamSync = $True - iCloudBlockSharedPhotoStream = $False - iCloudRequireEncryptedBackup = $False - iTunesBlockExplicitContent = $False - iTunesBlockMusicService = $False - iTunesBlockRadio = $False - KeyboardBlockAutoCorrect = $False - KeyboardBlockPredictive = $False - KeyboardBlockShortcuts = $False - KeyboardBlockSpellCheck = $False - KioskModeAllowAssistiveSpeak = $False - KioskModeAllowAssistiveTouchSettings = $False - KioskModeAllowAutoLock = $False - KioskModeAllowColorInversionSettings = $False - KioskModeAllowRingerSwitch = $False - KioskModeAllowScreenRotation = $False - KioskModeAllowSleepButton = $False - KioskModeAllowTouchscreen = $False - KioskModeAllowVoiceOverSettings = $False - KioskModeAllowVolumeButtons = $False - KioskModeAllowZoomSettings = $False - KioskModeRequireAssistiveTouch = $False - KioskModeRequireColorInversion = $False - KioskModeRequireMonoAudio = $False - KioskModeRequireVoiceOver = $False - KioskModeRequireZoom = $False - LockScreenBlockControlCenter = $False - LockScreenBlockNotificationView = $False - LockScreenBlockPassbook = $False - LockScreenBlockTodayView = $False - MediaContentRatingApps = 'allAllowed' - messagesBlocked = $False - NotificationsBlockSettingsModification = $False - PasscodeBlockFingerprintUnlock = $False - PasscodeBlockModification = $False - PasscodeBlockSimple = $True - PasscodeMinimumLength = 4 - PasscodeRequired = $True - PasscodeRequiredType = 'deviceDefault' - PodcastsBlocked = $False - SafariBlockAutofill = $False - SafariBlocked = $False - SafariBlockJavaScript = $False - SafariBlockPopups = $False - SafariCookieSettings = 'browserDefault' - SafariManagedDomains = @() - SafariPasswordAutoFillDomains = @() - SafariRequireFraudWarning = $False - ScreenCaptureBlocked = $False - SiriBlocked = $False - SiriBlockedWhenLocked = $False - SiriBlockUserGeneratedContent = $False - SiriRequireProfanityFilter = $False - SpotlightBlockInternetResults = $False - VoiceDialingBlocked = $False - WallpaperBlockModification = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' - { - DisplayName = 'iOS DSC Policy' - AccountBlockModification = $False - ActivationLockAllowWhenSupervised = $False - AirDropBlocked = $True # Updated Property - AirDropForceUnmanagedDropTarget = $False - AirPlayForcePairingPasswordForOutgoingRequests = $False - AppleNewsBlocked = $False - AppleWatchBlockPairing = $False - AppleWatchForceWristDetection = $False - AppStoreBlockAutomaticDownloads = $False - AppStoreBlocked = $False - AppStoreBlockInAppPurchases = $False - AppStoreBlockUIAppInstallation = $False - AppStoreRequirePassword = $False - AppsVisibilityList = @() - AppsVisibilityListType = 'none' - BluetoothBlockModification = $True - CameraBlocked = $False - CellularBlockDataRoaming = $False - CellularBlockGlobalBackgroundFetchWhileRoaming = $False - CellularBlockPerAppDataModification = $False - CellularBlockVoiceRoaming = $False - CertificatesBlockUntrustedTlsCertificates = $False - ClassroomAppBlockRemoteScreenObservation = $False - CompliantAppListType = 'none' - CompliantAppsList = @() - ConfigurationProfileBlockChanges = $False - DefinitionLookupBlocked = $False - Description = 'iOS Device Restriction Policy' - DeviceBlockEnableRestrictions = $True - DeviceBlockEraseContentAndSettings = $False - DeviceBlockNameModification = $False - DiagnosticDataBlockSubmission = $False - DiagnosticDataBlockSubmissionModification = $False - DocumentsBlockManagedDocumentsInUnmanagedApps = $False - DocumentsBlockUnmanagedDocumentsInManagedApps = $False - EmailInDomainSuffixes = @() - EnterpriseAppBlockTrust = $False - EnterpriseAppBlockTrustModification = $False - FaceTimeBlocked = $False - FindMyFriendsBlocked = $False - GameCenterBlocked = $False - GamingBlockGameCenterFriends = $True - GamingBlockMultiplayer = $False - HostPairingBlocked = $False - iBooksStoreBlocked = $False - iBooksStoreBlockErotica = $False - iCloudBlockActivityContinuation = $False - iCloudBlockBackup = $True - iCloudBlockDocumentSync = $True - iCloudBlockManagedAppsSync = $False - iCloudBlockPhotoLibrary = $False - iCloudBlockPhotoStreamSync = $True - iCloudBlockSharedPhotoStream = $False - iCloudRequireEncryptedBackup = $False - iTunesBlockExplicitContent = $False - iTunesBlockMusicService = $False - iTunesBlockRadio = $False - KeyboardBlockAutoCorrect = $False - KeyboardBlockPredictive = $False - KeyboardBlockShortcuts = $False - KeyboardBlockSpellCheck = $False - KioskModeAllowAssistiveSpeak = $False - KioskModeAllowAssistiveTouchSettings = $False - KioskModeAllowAutoLock = $False - KioskModeAllowColorInversionSettings = $False - KioskModeAllowRingerSwitch = $False - KioskModeAllowScreenRotation = $False - KioskModeAllowSleepButton = $False - KioskModeAllowTouchscreen = $False - KioskModeAllowVoiceOverSettings = $False - KioskModeAllowVolumeButtons = $False - KioskModeAllowZoomSettings = $False - KioskModeRequireAssistiveTouch = $False - KioskModeRequireColorInversion = $False - KioskModeRequireMonoAudio = $False - KioskModeRequireVoiceOver = $False - KioskModeRequireZoom = $False - LockScreenBlockControlCenter = $False - LockScreenBlockNotificationView = $False - LockScreenBlockPassbook = $False - LockScreenBlockTodayView = $False - MediaContentRatingApps = 'allAllowed' - messagesBlocked = $False - NotificationsBlockSettingsModification = $False - PasscodeBlockFingerprintUnlock = $False - PasscodeBlockModification = $False - PasscodeBlockSimple = $True - PasscodeMinimumLength = 4 - PasscodeRequired = $True - PasscodeRequiredType = 'deviceDefault' - PodcastsBlocked = $False - SafariBlockAutofill = $False - SafariBlocked = $False - SafariBlockJavaScript = $False - SafariBlockPopups = $False - SafariCookieSettings = 'browserDefault' - SafariManagedDomains = @() - SafariPasswordAutoFillDomains = @() - SafariRequireFraudWarning = $False - ScreenCaptureBlocked = $False - SiriBlocked = $False - SiriBlockedWhenLocked = $False - SiriBlockUserGeneratedContent = $False - SiriRequireProfanityFilter = $False - SpotlightBlockInternetResults = $False - VoiceDialingBlocked = $False - WallpaperBlockModification = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' - { - DisplayName = 'iOS DSC Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' - { - DisplayName = 'MacOS device restriction' - AddingGameCenterFriendsBlocked = $True - AirDropBlocked = $False - AppleWatchBlockAutoUnlock = $False - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.groupAssignmentTarget' - groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' - } - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.groupAssignmentTarget' - groupId = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20' - }) - CameraBlocked = $False - ClassroomAppBlockRemoteScreenObservation = $False - ClassroomAppForceUnpromptedScreenObservation = $False - ClassroomForceAutomaticallyJoinClasses = $False - ClassroomForceRequestPermissionToLeaveClasses = $False - ClassroomForceUnpromptedAppAndDeviceLock = $False - CompliantAppListType = 'appsNotInListCompliant' - CompliantAppsList = @( - MSFT_MicrosoftGraphapplistitemMacOS { - name = 'appname2' - publisher = 'publisher' - appId = 'bundle' - } - ) - ContentCachingBlocked = $False - DefinitionLookupBlocked = $True - EmailInDomainSuffixes = @() - EraseContentAndSettingsBlocked = $False - GameCenterBlocked = $False - ICloudBlockActivityContinuation = $False - ICloudBlockAddressBook = $False - ICloudBlockBookmarks = $False - ICloudBlockCalendar = $False - ICloudBlockDocumentSync = $False - ICloudBlockMail = $False - ICloudBlockNotes = $False - ICloudBlockPhotoLibrary = $False - ICloudBlockReminders = $False - ICloudDesktopAndDocumentsBlocked = $False - ICloudPrivateRelayBlocked = $False - ITunesBlockFileSharing = $False - ITunesBlockMusicService = $False - KeyboardBlockDictation = $False - KeychainBlockCloudSync = $False - MultiplayerGamingBlocked = $False - PasswordBlockAirDropSharing = $False - PasswordBlockAutoFill = $False - PasswordBlockFingerprintUnlock = $False - PasswordBlockModification = $False - PasswordBlockProximityRequests = $False - PasswordBlockSimple = $False - PasswordRequired = $False - PasswordRequiredType = 'deviceDefault' - PrivacyAccessControls = @( - MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { - displayName = 'test' - identifier = 'test45' - identifierType = 'path' - codeRequirement = 'test' - blockCamera = $True - speechRecognition = 'notConfigured' - accessibility = 'notConfigured' - addressBook = 'enabled' - calendar = 'notConfigured' - reminders = 'notConfigured' - photos = 'notConfigured' - mediaLibrary = 'notConfigured' - fileProviderPresence = 'notConfigured' - systemPolicyAllFiles = 'notConfigured' - systemPolicySystemAdminFiles = 'notConfigured' - systemPolicyDesktopFolder = 'notConfigured' - systemPolicyDocumentsFolder = 'notConfigured' - systemPolicyDownloadsFolder = 'notConfigured' - systemPolicyNetworkVolumes = 'notConfigured' - systemPolicyRemovableVolumes = 'notConfigured' - postEvent = 'notConfigured' - } - ) - SafariBlockAutofill = $False - ScreenCaptureBlocked = $False - SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30 - SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30 - SoftwareUpdateNonOSDeferredInstallDelayInDays = 30 - SoftwareUpdatesEnforcedDelayInDays = 30 - SpotlightBlockInternetResults = $False - UpdateDelayPolicy = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility') - WallpaperModificationBlocked = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' - { - DisplayName = 'MacOS device restriction' - AddingGameCenterFriendsBlocked = $True - AirDropBlocked = $True # Updated Property - AppleWatchBlockAutoUnlock = $False - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.groupAssignmentTarget' - groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' - } - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.groupAssignmentTarget' - groupId = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20' - }) - CameraBlocked = $False - ClassroomAppBlockRemoteScreenObservation = $False - ClassroomAppForceUnpromptedScreenObservation = $False - ClassroomForceAutomaticallyJoinClasses = $False - ClassroomForceRequestPermissionToLeaveClasses = $False - ClassroomForceUnpromptedAppAndDeviceLock = $False - CompliantAppListType = 'appsNotInListCompliant' - CompliantAppsList = @( - MSFT_MicrosoftGraphapplistitemMacOS { - name = 'appname2' - publisher = 'publisher' - appId = 'bundle' - } - ) - ContentCachingBlocked = $False - DefinitionLookupBlocked = $True - EmailInDomainSuffixes = @() - EraseContentAndSettingsBlocked = $False - GameCenterBlocked = $False - ICloudBlockActivityContinuation = $False - ICloudBlockAddressBook = $False - ICloudBlockBookmarks = $False - ICloudBlockCalendar = $False - ICloudBlockDocumentSync = $False - ICloudBlockMail = $False - ICloudBlockNotes = $False - ICloudBlockPhotoLibrary = $False - ICloudBlockReminders = $False - ICloudDesktopAndDocumentsBlocked = $False - ICloudPrivateRelayBlocked = $False - ITunesBlockFileSharing = $False - ITunesBlockMusicService = $False - KeyboardBlockDictation = $False - KeychainBlockCloudSync = $False - MultiplayerGamingBlocked = $False - PasswordBlockAirDropSharing = $False - PasswordBlockAutoFill = $False - PasswordBlockFingerprintUnlock = $False - PasswordBlockModification = $False - PasswordBlockProximityRequests = $False - PasswordBlockSimple = $False - PasswordRequired = $False - PasswordRequiredType = 'deviceDefault' - PrivacyAccessControls = @( - MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { - displayName = 'test' - identifier = 'test45' - identifierType = 'path' - codeRequirement = 'test' - blockCamera = $True - speechRecognition = 'notConfigured' - accessibility = 'notConfigured' - addressBook = 'enabled' - calendar = 'notConfigured' - reminders = 'notConfigured' - photos = 'notConfigured' - mediaLibrary = 'notConfigured' - fileProviderPresence = 'notConfigured' - systemPolicyAllFiles = 'notConfigured' - systemPolicySystemAdminFiles = 'notConfigured' - systemPolicyDesktopFolder = 'notConfigured' - systemPolicyDocumentsFolder = 'notConfigured' - systemPolicyDownloadsFolder = 'notConfigured' - systemPolicyNetworkVolumes = 'notConfigured' - systemPolicyRemovableVolumes = 'notConfigured' - postEvent = 'notConfigured' - } - ) - SafariBlockAutofill = $False - ScreenCaptureBlocked = $False - SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30 - SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30 - SoftwareUpdateNonOSDeferredInstallDelayInDays = 30 - SoftwareUpdatesEnforcedDelayInDays = 30 - SpotlightBlockInternetResults = $False - UpdateDelayPolicy = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility') - WallpaperModificationBlocked = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' - { - DisplayName = 'MacOS device restriction' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceConfigurationPolicyWindows10 'Example' - { - AccountsBlockAddingNonMicrosoftAccountEmail = $False; - ActivateAppsWithVoice = "notConfigured"; - AntiTheftModeBlocked = $False; - AppManagementMSIAllowUserControlOverInstall = $False; - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); - AppsAllowTrustedAppsSideloading = "notConfigured"; - AppsBlockWindowsStoreOriginatedApps = $False; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - AuthenticationAllowSecondaryDevice = $False; - AuthenticationWebSignIn = "notConfigured"; - BluetoothAllowedServices = @(); - BluetoothBlockAdvertising = $True; - BluetoothBlockDiscoverableMode = $False; - BluetoothBlocked = $True; - BluetoothBlockPrePairing = $True; - BluetoothBlockPromptedProximalConnections = $False; - CameraBlocked = $False; - CellularBlockDataWhenRoaming = $False; - CellularBlockVpn = $True; - CellularBlockVpnWhenRoaming = $True; - CellularData = "allowed"; - CertificatesBlockManualRootCertificateInstallation = $False; - ConnectedDevicesServiceBlocked = $False; - CopyPasteBlocked = $False; - CortanaBlocked = $False; - Credential = $Credscredential; - CryptographyAllowFipsAlgorithmPolicy = $False; - DefenderBlockEndUserAccess = $False; - DefenderBlockOnAccessProtection = $False; - DefenderCloudBlockLevel = "notConfigured"; - DefenderDisableCatchupFullScan = $False; - DefenderDisableCatchupQuickScan = $False; - DefenderFileExtensionsToExclude = @(); - DefenderFilesAndFoldersToExclude = @(); - DefenderMonitorFileActivity = "userDefined"; - DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; - DefenderProcessesToExclude = @(); - DefenderPromptForSampleSubmission = "userDefined"; - DefenderRequireBehaviorMonitoring = $False; - DefenderRequireCloudProtection = $False; - DefenderRequireNetworkInspectionSystem = $False; - DefenderRequireRealTimeMonitoring = $False; - DefenderScanArchiveFiles = $False; - DefenderScanDownloads = $False; - DefenderScanIncomingMail = $False; - DefenderScanMappedNetworkDrivesDuringFullScan = $False; - DefenderScanNetworkFiles = $False; - DefenderScanRemovableDrivesDuringFullScan = $False; - DefenderScanScriptsLoadedInInternetExplorer = $False; - DefenderScanType = "userDefined"; - DefenderScheduleScanEnableLowCpuPriority = $False; - DefenderSystemScanSchedule = "userDefined"; - DeveloperUnlockSetting = "notConfigured"; - DeviceManagementBlockFactoryResetOnMobile = $False; - DeviceManagementBlockManualUnenroll = $False; - DiagnosticsDataSubmissionMode = "userDefined"; - DisplayAppListWithGdiDPIScalingTurnedOff = @(); - DisplayAppListWithGdiDPIScalingTurnedOn = @(); - DisplayName = "device config"; - EdgeAllowStartPagesModification = $False; - EdgeBlockAccessToAboutFlags = $False; - EdgeBlockAddressBarDropdown = $False; - EdgeBlockAutofill = $False; - EdgeBlockCompatibilityList = $False; - EdgeBlockDeveloperTools = $False; - EdgeBlocked = $False; - EdgeBlockEditFavorites = $False; - EdgeBlockExtensions = $False; - EdgeBlockFullScreenMode = $False; - EdgeBlockInPrivateBrowsing = $False; - EdgeBlockJavaScript = $False; - EdgeBlockLiveTileDataCollection = $False; - EdgeBlockPasswordManager = $False; - EdgeBlockPopups = $False; - EdgeBlockPrelaunch = $False; - EdgeBlockPrinting = $False; - EdgeBlockSavingHistory = $False; - EdgeBlockSearchEngineCustomization = $False; - EdgeBlockSearchSuggestions = $False; - EdgeBlockSendingDoNotTrackHeader = $False; - EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; - EdgeBlockSideloadingExtensions = $False; - EdgeBlockTabPreloading = $False; - EdgeBlockWebContentOnNewTabPage = $False; - EdgeClearBrowsingDataOnExit = $False; - EdgeCookiePolicy = "userDefined"; - EdgeDisableFirstRunPage = $False; - EdgeFavoritesBarVisibility = "notConfigured"; - EdgeHomeButtonConfigurationEnabled = $False; - EdgeHomepageUrls = @(); - EdgeKioskModeRestriction = "notConfigured"; - EdgeOpensWith = "notConfigured"; - EdgePreventCertificateErrorOverride = $False; - EdgeRequiredExtensionPackageFamilyNames = @(); - EdgeRequireSmartScreen = $False; - EdgeSendIntranetTrafficToInternetExplorer = $False; - EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; - EdgeSyncFavoritesWithInternetExplorer = $False; - EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; - EnableAutomaticRedeployment = $False; - Ensure = "Present"; - ExperienceBlockDeviceDiscovery = $False; - ExperienceBlockErrorDialogWhenNoSIM = $False; - ExperienceBlockTaskSwitcher = $False; - ExperienceDoNotSyncBrowserSettings = "notConfigured"; - FindMyFiles = "notConfigured"; - GameDvrBlocked = $True; - InkWorkspaceAccess = "notConfigured"; - InkWorkspaceAccessState = "notConfigured"; - InkWorkspaceBlockSuggestedApps = $False; - InternetSharingBlocked = $False; - LocationServicesBlocked = $False; - LockScreenActivateAppsWithVoice = "notConfigured"; - LockScreenAllowTimeoutConfiguration = $False; - LockScreenBlockActionCenterNotifications = $False; - LockScreenBlockCortana = $False; - LockScreenBlockToastNotifications = $False; - LogonBlockFastUserSwitching = $False; - MessagingBlockMMS = $False; - MessagingBlockRichCommunicationServices = $False; - MessagingBlockSync = $False; - MicrosoftAccountBlocked = $False; - MicrosoftAccountBlockSettingsSync = $False; - MicrosoftAccountSignInAssistantSettings = "notConfigured"; - NetworkProxyApplySettingsDeviceWide = $False; - NetworkProxyDisableAutoDetect = $True; - NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ - UseForLocalAddresses = $True - Exceptions = @('*.domain2.com') - Address = 'proxy.domain.com:8080' - }; - NfcBlocked = $False; - OneDriveDisableFileSync = $False; - PasswordBlockSimple = $False; - PasswordRequired = $False; - PasswordRequiredType = "deviceDefault"; - PasswordRequireWhenResumeFromIdleState = $False; - PowerButtonActionOnBattery = "notConfigured"; - PowerButtonActionPluggedIn = "notConfigured"; - PowerHybridSleepOnBattery = "notConfigured"; - PowerHybridSleepPluggedIn = "notConfigured"; - PowerLidCloseActionOnBattery = "notConfigured"; - PowerLidCloseActionPluggedIn = "notConfigured"; - PowerSleepButtonActionOnBattery = "notConfigured"; - PowerSleepButtonActionPluggedIn = "notConfigured"; - PrinterBlockAddition = $False; - PrinterNames = @(); - PrivacyAdvertisingId = "notConfigured"; - PrivacyAutoAcceptPairingAndConsentPrompts = $False; - PrivacyBlockActivityFeed = $False; - PrivacyBlockInputPersonalization = $False; - PrivacyBlockPublishUserActivities = $False; - PrivacyDisableLaunchExperience = $False; - ResetProtectionModeBlocked = $False; - SafeSearchFilter = "userDefined"; - ScreenCaptureBlocked = $False; - SearchBlockDiacritics = $False; - SearchBlockWebResults = $False; - SearchDisableAutoLanguageDetection = $False; - SearchDisableIndexerBackoff = $False; - SearchDisableIndexingEncryptedItems = $False; - SearchDisableIndexingRemovableDrive = $False; - SearchDisableLocation = $False; - SearchDisableUseLocation = $False; - SearchEnableAutomaticIndexSizeManangement = $False; - SearchEnableRemoteQueries = $False; - SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; - SettingsBlockAccountsPage = $False; - SettingsBlockAddProvisioningPackage = $False; - SettingsBlockAppsPage = $False; - SettingsBlockChangeLanguage = $False; - SettingsBlockChangePowerSleep = $False; - SettingsBlockChangeRegion = $False; - SettingsBlockChangeSystemTime = $False; - SettingsBlockDevicesPage = $False; - SettingsBlockEaseOfAccessPage = $False; - SettingsBlockEditDeviceName = $False; - SettingsBlockGamingPage = $False; - SettingsBlockNetworkInternetPage = $False; - SettingsBlockPersonalizationPage = $False; - SettingsBlockPrivacyPage = $False; - SettingsBlockRemoveProvisioningPackage = $False; - SettingsBlockSettingsApp = $False; - SettingsBlockSystemPage = $False; - SettingsBlockTimeLanguagePage = $False; - SettingsBlockUpdateSecurityPage = $False; - SharedUserAppDataAllowed = $False; - SmartScreenAppInstallControl = "notConfigured"; - SmartScreenBlockPromptOverride = $False; - SmartScreenBlockPromptOverrideForFiles = $False; - SmartScreenEnableAppInstallControl = $False; - StartBlockUnpinningAppsFromTaskbar = $False; - StartMenuAppListVisibility = "userDefined"; - StartMenuHideChangeAccountSettings = $False; - StartMenuHideFrequentlyUsedApps = $False; - StartMenuHideHibernate = $False; - StartMenuHideLock = $False; - StartMenuHidePowerButton = $False; - StartMenuHideRecentJumpLists = $False; - StartMenuHideRecentlyAddedApps = $False; - StartMenuHideRestartOptions = $False; - StartMenuHideShutDown = $False; - StartMenuHideSignOut = $False; - StartMenuHideSleep = $False; - StartMenuHideSwitchAccount = $False; - StartMenuHideUserTile = $False; - StartMenuMode = "userDefined"; - StartMenuPinnedFolderDocuments = "notConfigured"; - StartMenuPinnedFolderDownloads = "notConfigured"; - StartMenuPinnedFolderFileExplorer = "notConfigured"; - StartMenuPinnedFolderHomeGroup = "notConfigured"; - StartMenuPinnedFolderMusic = "notConfigured"; - StartMenuPinnedFolderNetwork = "notConfigured"; - StartMenuPinnedFolderPersonalFolder = "notConfigured"; - StartMenuPinnedFolderPictures = "notConfigured"; - StartMenuPinnedFolderSettings = "notConfigured"; - StartMenuPinnedFolderVideos = "notConfigured"; - StorageBlockRemovableStorage = $False; - StorageRequireMobileDeviceEncryption = $False; - StorageRestrictAppDataToSystemVolume = $False; - StorageRestrictAppInstallToSystemVolume = $False; - SupportsScopeTags = $True; - TaskManagerBlockEndTask = $False; - TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; - UninstallBuiltInApps = $False; - UsbBlocked = $False; - VoiceRecordingBlocked = $False; - WebRtcBlockLocalhostIpAddress = $False; - WiFiBlockAutomaticConnectHotspots = $False; - WiFiBlocked = $True; - WiFiBlockManualConfiguration = $True; - WindowsSpotlightBlockConsumerSpecificFeatures = $False; - WindowsSpotlightBlocked = $False; - WindowsSpotlightBlockOnActionCenter = $False; - WindowsSpotlightBlockTailoredExperiences = $False; - WindowsSpotlightBlockThirdPartyNotifications = $False; - WindowsSpotlightBlockWelcomeExperience = $False; - WindowsSpotlightBlockWindowsTips = $False; - WindowsSpotlightConfigureOnLockScreen = "notConfigured"; - WindowsStoreBlockAutoUpdate = $False; - WindowsStoreBlocked = $False; - WindowsStoreEnablePrivateStoreOnly = $False; - WirelessDisplayBlockProjectionToThisDevice = $False; - WirelessDisplayBlockUserInputFromReceiver = $False; - WirelessDisplayRequirePinForPairing = $False; - } - IntuneDeviceConfigurationPolicyWindows10 'Example' - { - AccountsBlockAddingNonMicrosoftAccountEmail = $False; - ActivateAppsWithVoice = "notConfigured"; - AntiTheftModeBlocked = $True; # Updated Property - AppManagementMSIAllowUserControlOverInstall = $False; - AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; - AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); - AppsAllowTrustedAppsSideloading = "notConfigured"; - AppsBlockWindowsStoreOriginatedApps = $False; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - AuthenticationAllowSecondaryDevice = $False; - AuthenticationWebSignIn = "notConfigured"; - BluetoothAllowedServices = @(); - BluetoothBlockAdvertising = $True; - BluetoothBlockDiscoverableMode = $False; - BluetoothBlocked = $True; - BluetoothBlockPrePairing = $True; - BluetoothBlockPromptedProximalConnections = $False; - CameraBlocked = $False; - CellularBlockDataWhenRoaming = $False; - CellularBlockVpn = $True; - CellularBlockVpnWhenRoaming = $True; - CellularData = "allowed"; - CertificatesBlockManualRootCertificateInstallation = $False; - ConnectedDevicesServiceBlocked = $False; - CopyPasteBlocked = $False; - CortanaBlocked = $False; - Credential = $Credscredential; - CryptographyAllowFipsAlgorithmPolicy = $False; - DefenderBlockEndUserAccess = $False; - DefenderBlockOnAccessProtection = $False; - DefenderCloudBlockLevel = "notConfigured"; - DefenderDisableCatchupFullScan = $False; - DefenderDisableCatchupQuickScan = $False; - DefenderFileExtensionsToExclude = @(); - DefenderFilesAndFoldersToExclude = @(); - DefenderMonitorFileActivity = "userDefined"; - DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; - DefenderProcessesToExclude = @(); - DefenderPromptForSampleSubmission = "userDefined"; - DefenderRequireBehaviorMonitoring = $False; - DefenderRequireCloudProtection = $False; - DefenderRequireNetworkInspectionSystem = $False; - DefenderRequireRealTimeMonitoring = $False; - DefenderScanArchiveFiles = $False; - DefenderScanDownloads = $False; - DefenderScanIncomingMail = $False; - DefenderScanMappedNetworkDrivesDuringFullScan = $False; - DefenderScanNetworkFiles = $False; - DefenderScanRemovableDrivesDuringFullScan = $False; - DefenderScanScriptsLoadedInInternetExplorer = $False; - DefenderScanType = "userDefined"; - DefenderScheduleScanEnableLowCpuPriority = $False; - DefenderSystemScanSchedule = "userDefined"; - DeveloperUnlockSetting = "notConfigured"; - DeviceManagementBlockFactoryResetOnMobile = $False; - DeviceManagementBlockManualUnenroll = $False; - DiagnosticsDataSubmissionMode = "userDefined"; - DisplayAppListWithGdiDPIScalingTurnedOff = @(); - DisplayAppListWithGdiDPIScalingTurnedOn = @(); - DisplayName = "device config"; - EdgeAllowStartPagesModification = $False; - EdgeBlockAccessToAboutFlags = $False; - EdgeBlockAddressBarDropdown = $False; - EdgeBlockAutofill = $False; - EdgeBlockCompatibilityList = $False; - EdgeBlockDeveloperTools = $False; - EdgeBlocked = $False; - EdgeBlockEditFavorites = $False; - EdgeBlockExtensions = $False; - EdgeBlockFullScreenMode = $False; - EdgeBlockInPrivateBrowsing = $False; - EdgeBlockJavaScript = $False; - EdgeBlockLiveTileDataCollection = $False; - EdgeBlockPasswordManager = $False; - EdgeBlockPopups = $False; - EdgeBlockPrelaunch = $False; - EdgeBlockPrinting = $False; - EdgeBlockSavingHistory = $False; - EdgeBlockSearchEngineCustomization = $False; - EdgeBlockSearchSuggestions = $False; - EdgeBlockSendingDoNotTrackHeader = $False; - EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; - EdgeBlockSideloadingExtensions = $False; - EdgeBlockTabPreloading = $False; - EdgeBlockWebContentOnNewTabPage = $False; - EdgeClearBrowsingDataOnExit = $False; - EdgeCookiePolicy = "userDefined"; - EdgeDisableFirstRunPage = $False; - EdgeFavoritesBarVisibility = "notConfigured"; - EdgeHomeButtonConfigurationEnabled = $False; - EdgeHomepageUrls = @(); - EdgeKioskModeRestriction = "notConfigured"; - EdgeOpensWith = "notConfigured"; - EdgePreventCertificateErrorOverride = $False; - EdgeRequiredExtensionPackageFamilyNames = @(); - EdgeRequireSmartScreen = $False; - EdgeSendIntranetTrafficToInternetExplorer = $False; - EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; - EdgeSyncFavoritesWithInternetExplorer = $False; - EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; - EnableAutomaticRedeployment = $False; - Ensure = "Present"; - ExperienceBlockDeviceDiscovery = $False; - ExperienceBlockErrorDialogWhenNoSIM = $False; - ExperienceBlockTaskSwitcher = $False; - ExperienceDoNotSyncBrowserSettings = "notConfigured"; - FindMyFiles = "notConfigured"; - GameDvrBlocked = $True; - InkWorkspaceAccess = "notConfigured"; - InkWorkspaceAccessState = "notConfigured"; - InkWorkspaceBlockSuggestedApps = $False; - InternetSharingBlocked = $False; - LocationServicesBlocked = $False; - LockScreenActivateAppsWithVoice = "notConfigured"; - LockScreenAllowTimeoutConfiguration = $False; - LockScreenBlockActionCenterNotifications = $False; - LockScreenBlockCortana = $False; - LockScreenBlockToastNotifications = $False; - LogonBlockFastUserSwitching = $False; - MessagingBlockMMS = $False; - MessagingBlockRichCommunicationServices = $False; - MessagingBlockSync = $False; - MicrosoftAccountBlocked = $False; - MicrosoftAccountBlockSettingsSync = $False; - MicrosoftAccountSignInAssistantSettings = "notConfigured"; - NetworkProxyApplySettingsDeviceWide = $False; - NetworkProxyDisableAutoDetect = $True; - NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ - UseForLocalAddresses = $True - Exceptions = @('*.domain2.com') - Address = 'proxy.domain.com:8080' - }; - NfcBlocked = $False; - OneDriveDisableFileSync = $False; - PasswordBlockSimple = $False; - PasswordRequired = $False; - PasswordRequiredType = "deviceDefault"; - PasswordRequireWhenResumeFromIdleState = $False; - PowerButtonActionOnBattery = "notConfigured"; - PowerButtonActionPluggedIn = "notConfigured"; - PowerHybridSleepOnBattery = "notConfigured"; - PowerHybridSleepPluggedIn = "notConfigured"; - PowerLidCloseActionOnBattery = "notConfigured"; - PowerLidCloseActionPluggedIn = "notConfigured"; - PowerSleepButtonActionOnBattery = "notConfigured"; - PowerSleepButtonActionPluggedIn = "notConfigured"; - PrinterBlockAddition = $False; - PrinterNames = @(); - PrivacyAdvertisingId = "notConfigured"; - PrivacyAutoAcceptPairingAndConsentPrompts = $False; - PrivacyBlockActivityFeed = $False; - PrivacyBlockInputPersonalization = $False; - PrivacyBlockPublishUserActivities = $False; - PrivacyDisableLaunchExperience = $False; - ResetProtectionModeBlocked = $False; - SafeSearchFilter = "userDefined"; - ScreenCaptureBlocked = $False; - SearchBlockDiacritics = $False; - SearchBlockWebResults = $False; - SearchDisableAutoLanguageDetection = $False; - SearchDisableIndexerBackoff = $False; - SearchDisableIndexingEncryptedItems = $False; - SearchDisableIndexingRemovableDrive = $False; - SearchDisableLocation = $False; - SearchDisableUseLocation = $False; - SearchEnableAutomaticIndexSizeManangement = $False; - SearchEnableRemoteQueries = $False; - SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; - SettingsBlockAccountsPage = $False; - SettingsBlockAddProvisioningPackage = $False; - SettingsBlockAppsPage = $False; - SettingsBlockChangeLanguage = $False; - SettingsBlockChangePowerSleep = $False; - SettingsBlockChangeRegion = $False; - SettingsBlockChangeSystemTime = $False; - SettingsBlockDevicesPage = $False; - SettingsBlockEaseOfAccessPage = $False; - SettingsBlockEditDeviceName = $False; - SettingsBlockGamingPage = $False; - SettingsBlockNetworkInternetPage = $False; - SettingsBlockPersonalizationPage = $False; - SettingsBlockPrivacyPage = $False; - SettingsBlockRemoveProvisioningPackage = $False; - SettingsBlockSettingsApp = $False; - SettingsBlockSystemPage = $False; - SettingsBlockTimeLanguagePage = $False; - SettingsBlockUpdateSecurityPage = $False; - SharedUserAppDataAllowed = $False; - SmartScreenAppInstallControl = "notConfigured"; - SmartScreenBlockPromptOverride = $False; - SmartScreenBlockPromptOverrideForFiles = $False; - SmartScreenEnableAppInstallControl = $False; - StartBlockUnpinningAppsFromTaskbar = $False; - StartMenuAppListVisibility = "userDefined"; - StartMenuHideChangeAccountSettings = $False; - StartMenuHideFrequentlyUsedApps = $False; - StartMenuHideHibernate = $False; - StartMenuHideLock = $False; - StartMenuHidePowerButton = $False; - StartMenuHideRecentJumpLists = $False; - StartMenuHideRecentlyAddedApps = $False; - StartMenuHideRestartOptions = $False; - StartMenuHideShutDown = $False; - StartMenuHideSignOut = $False; - StartMenuHideSleep = $False; - StartMenuHideSwitchAccount = $False; - StartMenuHideUserTile = $False; - StartMenuMode = "userDefined"; - StartMenuPinnedFolderDocuments = "notConfigured"; - StartMenuPinnedFolderDownloads = "notConfigured"; - StartMenuPinnedFolderFileExplorer = "notConfigured"; - StartMenuPinnedFolderHomeGroup = "notConfigured"; - StartMenuPinnedFolderMusic = "notConfigured"; - StartMenuPinnedFolderNetwork = "notConfigured"; - StartMenuPinnedFolderPersonalFolder = "notConfigured"; - StartMenuPinnedFolderPictures = "notConfigured"; - StartMenuPinnedFolderSettings = "notConfigured"; - StartMenuPinnedFolderVideos = "notConfigured"; - StorageBlockRemovableStorage = $False; - StorageRequireMobileDeviceEncryption = $False; - StorageRestrictAppDataToSystemVolume = $False; - StorageRestrictAppInstallToSystemVolume = $False; - SupportsScopeTags = $True; - TaskManagerBlockEndTask = $False; - TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; - UninstallBuiltInApps = $False; - UsbBlocked = $False; - VoiceRecordingBlocked = $False; - WebRtcBlockLocalhostIpAddress = $False; - WiFiBlockAutomaticConnectHotspots = $False; - WiFiBlocked = $True; - WiFiBlockManualConfiguration = $True; - WindowsSpotlightBlockConsumerSpecificFeatures = $False; - WindowsSpotlightBlocked = $False; - WindowsSpotlightBlockOnActionCenter = $False; - WindowsSpotlightBlockTailoredExperiences = $False; - WindowsSpotlightBlockThirdPartyNotifications = $False; - WindowsSpotlightBlockWelcomeExperience = $False; - WindowsSpotlightBlockWindowsTips = $False; - WindowsSpotlightConfigureOnLockScreen = "notConfigured"; - WindowsStoreBlockAutoUpdate = $False; - WindowsStoreBlocked = $False; - WindowsStoreEnablePrivateStoreOnly = $False; - WirelessDisplayBlockProjectionToThisDevice = $False; - WirelessDisplayBlockUserInputFromReceiver = $False; - WirelessDisplayRequirePinForPairing = $False; - } - IntuneDeviceConfigurationPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "device config"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertificateStore = "user"; - CertificateValidityPeriodScale = "years"; - CertificateValidityPeriodValue = 5; - Credential = $Credscredential; - CustomSubjectAlternativeNames = @( - MSFT_MicrosoftGraphcustomSubjectAlternativeName{ - SanType = 'domainNameService' - Name = 'dns' - } - ); - DisplayName = "SCEP"; - Ensure = "Present"; - ExtendedKeyUsages = @( - MSFT_MicrosoftGraphextendedKeyUsage{ - ObjectIdentifier = '1.3.6.1.5.5.7.3.2' - Name = 'Client Authentication' - } - ); - HashAlgorithm = "sha2"; - KeySize = "size2048"; - KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; - KeyUsage = "digitalSignature"; - RenewalThresholdPercentage = 25; - ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); - SubjectAlternativeNameType = "none"; - SubjectNameFormat = "custom"; - SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; - RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; - } - IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertificateStore = "user"; - CertificateValidityPeriodScale = "years"; - CertificateValidityPeriodValue = 5; - Credential = $Credscredential; - CustomSubjectAlternativeNames = @( - MSFT_MicrosoftGraphcustomSubjectAlternativeName{ - SanType = 'domainNameService' - Name = 'dns' - } - ); - DisplayName = "SCEP"; - Ensure = "Present"; - ExtendedKeyUsages = @( - MSFT_MicrosoftGraphextendedKeyUsage{ - ObjectIdentifier = '1.3.6.1.5.5.7.3.2' - Name = 'Client Authentication' - } - ); - HashAlgorithm = "sha2"; - KeySize = "size2048"; - KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; - KeyUsage = "digitalSignature"; - RenewalThresholdPercentage = 30; # Updated Property - ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); - SubjectAlternativeNameType = "none"; - SubjectNameFormat = "custom"; - SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; - RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; - } - IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "SCEP"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' - { - AllowPrinting = $True; - AllowScreenCapture = $True; - AllowTextSuggestion = $True; - AssessmentAppUserModelId = ""; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - ConfigurationAccount = "user@domain.com"; - ConfigurationAccountType = "azureADAccount"; - Credential = $Credscredential; - DisplayName = "Secure Assessment"; - Ensure = "Present"; - LaunchUri = "https://assessment.domain.com"; - LocalGuestAccountName = ""; - } - IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' - { - AllowPrinting = $True; - AllowScreenCapture = $False; # Updated Property - AllowTextSuggestion = $True; - AssessmentAppUserModelId = ""; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - ConfigurationAccount = "user@domain.com"; - ConfigurationAccountType = "azureADAccount"; - Credential = $Credscredential; - DisplayName = "Secure Assessment"; - Ensure = "Present"; - LaunchUri = "https://assessment.domain.com"; - LocalGuestAccountName = ""; - } - IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "Secure Assessment"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' - { - AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ - CacheAccountsAboveDiskFreePercentage = 50 - AccountDeletionPolicy = 'diskSpaceThreshold' - RemoveAccountsBelowDiskFreePercentage = 20 - }; - AllowedAccounts = @("guest","domain"); - AllowLocalStorage = $True; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisableAccountManager = $False; - DisableEduPolicies = $False; - DisablePowerPolicies = $False; - DisableSignInOnResume = $False; - DisplayName = "Shared Multi device"; - Enabled = $True; - Ensure = "Present"; - FastFirstSignIn = "notConfigured"; - IdleTimeBeforeSleepInSeconds = 60; - LocalStorage = "enabled"; - MaintenanceStartTime = "00:03:00"; - SetAccountManager = "enabled"; - SetEduPolicies = "enabled"; - SetPowerPolicies = "enabled"; - SignInOnResume = "enabled"; - } - IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' - { - AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ - CacheAccountsAboveDiskFreePercentage = 60 # Updated Property - AccountDeletionPolicy = 'diskSpaceThreshold' - RemoveAccountsBelowDiskFreePercentage = 20 - }; - AllowedAccounts = @("guest","domain"); - AllowLocalStorage = $True; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - DisableAccountManager = $False; - DisableEduPolicies = $False; - DisablePowerPolicies = $False; - DisableSignInOnResume = $False; - DisplayName = "Shared Multi device"; - Enabled = $True; - Ensure = "Present"; - FastFirstSignIn = "notConfigured"; - IdleTimeBeforeSleepInSeconds = 60; - LocalStorage = "enabled"; - MaintenanceStartTime = "00:03:00"; - SetAccountManager = "enabled"; - SetEduPolicies = "enabled"; - SetPowerPolicies = "enabled"; - SignInOnResume = "enabled"; - } - IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "Shared Multi device"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertFileName = "RootCA.cer"; - Credential = $Credscredential; - DestinationStore = "computerCertStoreRoot"; - DisplayName = "Trusted Cert"; - Ensure = "Present"; - TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; - } - IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - CertFileName = "RootNew.cer"; # Updated Property - Credential = $Credscredential; - DestinationStore = "computerCertStoreRoot"; - DisplayName = "Trusted Cert"; - Ensure = "Present"; - TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; - } - IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "Trusted Cert"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationVpnPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - AuthenticationMethod = "usernameAndPassword"; - ConnectionName = "Cisco VPN"; - ConnectionType = "ciscoAnyConnect"; - Credential = $Credscredential; - CustomXml = ""; - DisplayName = "VPN"; - DnsRules = @( - MSFT_MicrosoftGraphvpnDnsRule{ - Servers = @('10.0.1.10') - Name = 'NRPT rule' - Persistent = $True - AutoTrigger = $True - } - ); - DnsSuffixes = @("mydomain.com"); - EnableAlwaysOn = $True; - EnableConditionalAccess = $True; - EnableDnsRegistration = $True; - EnableSingleSignOnWithAlternateCertificate = $False; - EnableSplitTunneling = $False; - Ensure = "Present"; - ProfileTarget = "user"; - ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ - Port = 8081 - BypassProxyServerForLocalAddress = $True - AutomaticConfigurationScriptUrl = '' - Address = '10.0.10.100' - }; - RememberUserCredentials = $True; - ServerCollection = @( - MSFT_MicrosoftGraphvpnServer{ - IsDefaultServer = $True - Description = 'gateway1' - Address = '10.0.1.10' - } - ); - TrafficRules = @( - MSFT_MicrosoftGraphvpnTrafficRule{ - Name = 'VPN rule' - AppType = 'none' - LocalAddressRanges = @( - MSFT_MicrosoftGraphIPv4Range{ - UpperAddress = '10.0.2.240' - LowerAddress = '10.0.2.0' - } - ) - RoutingPolicyType = 'forceTunnel' - VpnTrafficDirection = 'outbound' - } - ); - TrustedNetworkDomains = @(); - } - IntuneDeviceConfigurationVpnPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - AuthenticationMethod = "usernameAndPassword"; - ConnectionName = "Cisco VPN"; - ConnectionType = "ciscoAnyConnect"; - Credential = $Credscredential; - CustomXml = ""; - DisplayName = "VPN"; - DnsRules = @( - MSFT_MicrosoftGraphvpnDnsRule{ - Servers = @('10.0.1.10') - Name = 'NRPT rule' - Persistent = $True - AutoTrigger = $True - } - ); - DnsSuffixes = @("mydomain.com"); - EnableAlwaysOn = $True; - EnableConditionalAccess = $True; - EnableDnsRegistration = $True; - EnableSingleSignOnWithAlternateCertificate = $True; # Updated Property - EnableSplitTunneling = $False; - Ensure = "Present"; - ProfileTarget = "user"; - ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ - Port = 8081 - BypassProxyServerForLocalAddress = $True - AutomaticConfigurationScriptUrl = '' - Address = '10.0.10.100' - }; - RememberUserCredentials = $True; - ServerCollection = @( - MSFT_MicrosoftGraphvpnServer{ - IsDefaultServer = $True - Description = 'gateway1' - Address = '10.0.1.10' - } - ); - TrafficRules = @( - MSFT_MicrosoftGraphvpnTrafficRule{ - Name = 'VPN rule' - AppType = 'none' - LocalAddressRanges = @( - MSFT_MicrosoftGraphIPv4Range{ - UpperAddress = '10.0.2.240' - LowerAddress = '10.0.2.0' - } - ) - RoutingPolicyType = 'forceTunnel' - VpnTrafficDirection = 'outbound' - } - ); - TrustedNetworkDomains = @(); - } - IntuneDeviceConfigurationVpnPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "VPN"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - AzureOperationalInsightsBlockTelemetry = $True; - ConnectAppBlockAutoLaunch = $True; - Credential = $Credscredential; - DisplayName = "Device restrictions (Windows 10 Team)"; - Ensure = "Present"; - MaintenanceWindowBlocked = $False; - MaintenanceWindowDurationInHours = 1; - MaintenanceWindowStartTime = "00:00:00"; - MiracastBlocked = $True; - MiracastChannel = "oneHundredFortyNine"; - MiracastRequirePin = $True; - SettingsBlockMyMeetingsAndFiles = $True; - SettingsBlockSessionResume = $True; - SettingsBlockSigninSuggestions = $True; - SupportsScopeTags = $True; - WelcomeScreenBlockAutomaticWakeUp = $True; - WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; - } - IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ); - AzureOperationalInsightsBlockTelemetry = $False; # Updated Property - ConnectAppBlockAutoLaunch = $True; - Credential = $Credscredential; - DisplayName = "Device restrictions (Windows 10 Team)"; - Ensure = "Present"; - MaintenanceWindowBlocked = $False; - MaintenanceWindowDurationInHours = 1; - MaintenanceWindowStartTime = "00:00:00"; - MiracastBlocked = $True; - MiracastChannel = "oneHundredFortyNine"; - MiracastRequirePin = $True; - SettingsBlockMyMeetingsAndFiles = $True; - SettingsBlockSessionResume = $True; - SettingsBlockSigninSuggestions = $True; - SupportsScopeTags = $True; - WelcomeScreenBlockAutomaticWakeUp = $True; - WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; - } - IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' - { - Credential = $Credscredential; - DisplayName = "Device restrictions (Windows 10 Team)"; - Ensure = "Absent"; - } - IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - AuthenticationBlockPeriodInMinutes = 5 - AuthenticationMethod = 'usernameAndPassword' - AuthenticationPeriodInSeconds = 60 - AuthenticationRetryDelayPeriodInSeconds = 5 - AuthenticationType = 'machine' - CacheCredentials = $True - Credential = $Credscredential - DisplayName = 'Wired Network' - EapolStartPeriodInSeconds = 5 - EapType = 'teap' - Enforce8021X = $True - Ensure = 'Present' - MaximumAuthenticationFailures = 5 - MaximumEAPOLStartMessages = 5 - SecondaryAuthenticationMethod = 'certificate' - TrustedServerCertificateNames = @('srv.domain.com') - RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') - SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' - } - IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - AuthenticationBlockPeriodInMinutes = 5 - AuthenticationMethod = 'usernameAndPassword' - AuthenticationPeriodInSeconds = 55 # Updated Property - AuthenticationRetryDelayPeriodInSeconds = 5 - AuthenticationType = 'machine' - CacheCredentials = $True - Credential = $Credscredential - DisplayName = 'Wired Network' - EapolStartPeriodInSeconds = 5 - EapType = 'teap' - Enforce8021X = $True - Ensure = 'Present' - MaximumAuthenticationFailures = 5 - MaximumEAPOLStartMessages = 5 - SecondaryAuthenticationMethod = 'certificate' - TrustedServerCertificateNames = @('srv.domain.com') - RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') - SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' - } - IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' - { - Credential = $Credscredential - DisplayName = 'Wired Network' - Ensure = 'Present' - } - IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' - { - DisplayName = 'My DSC Limit' - Description = 'My Restriction' - Limit = 12 - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' - { - DisplayName = 'My DSC Limit' - Description = 'My Restriction' - Limit = 11 # Updated Property - Ensure = 'Present' - Credential = $Credscredential - } - IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' - { - DisplayName = 'My DSC Limit' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' - { - AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - }); - Credential = $Credscredential - Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; - DeviceEnrollmentConfigurationType = "platformRestrictions"; - DisplayName = "All users and all devices"; - Ensure = "Present"; - IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $True - personalDeviceEnrollmentBlocked = $False - }; - WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - } - IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' - { - AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - }); - Credential = $Credscredential - Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; - DeviceEnrollmentConfigurationType = "platformRestrictions"; - DisplayName = "All users and all devices"; - Ensure = "Present"; - IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $True # Updated Property - personalDeviceEnrollmentBlocked = $False - }; - MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $True - personalDeviceEnrollmentBlocked = $False - }; - WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ - platformBlocked = $False - personalDeviceEnrollmentBlocked = $False - }; - } - IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' - { - Credential = $Credscredential - DisplayName = "All users and all devices"; - Ensure = "Absent"; - } - IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' - { - AllowDeviceResetOnInstallFailure = $True; - AllowDeviceUseOnInstallFailure = $True; - AllowLogCollectionOnInstallFailure = $True; - AllowNonBlockingAppInstallation = $False; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - BlockDeviceSetupRetryByUser = $False; - CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; - Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; - DisableUserStatusTrackingAfterFirstUser = $True; - DisplayName = "All users and all devices"; - Ensure = "Present"; - InstallProgressTimeoutInMinutes = 60; - InstallQualityUpdates = $False; - Priority = 0; - SelectedMobileAppIds = @(); - ShowInstallationProgress = $True; - TrackInstallProgressForAutopilotOnly = $True; - Credential = $Credscredential - } - IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' - { - AllowDeviceResetOnInstallFailure = $True; - AllowDeviceUseOnInstallFailure = $False; # Updated Property - AllowLogCollectionOnInstallFailure = $True; - AllowNonBlockingAppInstallation = $False; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - BlockDeviceSetupRetryByUser = $False; - CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; - Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; - DisableUserStatusTrackingAfterFirstUser = $True; - DisplayName = "All users and all devices"; - Ensure = "Present"; - InstallProgressTimeoutInMinutes = 60; - InstallQualityUpdates = $False; - Priority = 0; - SelectedMobileAppIds = @(); - ShowInstallationProgress = $True; - TrackInstallProgressForAutopilotOnly = $True; - Credential = $Credscredential - } - IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' - { - DisplayName = "All users and all devices"; - Ensure = "Absent"; - Credential = $Credscredential - } - IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' - { - DisplayName = 'Edr Policy' - Assignments = @() - Description = 'My revised description' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' - { - DisplayName = 'Edr Policy' - Assignments = @() - Description = 'My updated description' # Updated Property - Ensure = 'Present' - Credential = $Credscredential - } - IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' - { - DisplayName = 'Edr Policy' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' - { - DisplayName = 'exploit Protection policy with assignments' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' - }) - Description = '' - disallowexploitprotectionoverride = '1' - exploitprotectionsettings = " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " - Ensure = 'Present' - Credential = $Credscredential - } - IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' - { - DisplayName = 'exploit Protection policy with assignments' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' - }) - Description = '' - disallowexploitprotectionoverride = '1' - exploitprotectionsettings = " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - " # Updated Property - Ensure = 'Present' - Credential = $Credscredential - } - IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' - { - DisplayName = 'exploit Protection policy with assignments' - Ensure = 'Absent' - Credential = $Credscredential - } - IntunePolicySets 'Example' - { - Credential = $Credscredential; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.groupAssignmentTarget' - groupId = '12345678-1234-1234-1234-1234567890ab' - } - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - groupId = '12345678-4321-4321-4321-1234567890ab' - } - ); - Description = "Example"; - DisplayName = "Example"; - Ensure = "Present"; - GuidedDeploymentTags = @(); - Items = @( - MSFT_DeviceManagementConfigurationPolicyItems{ - guidedDeploymentTags = @() - payloadId = 'T_12345678-90ab-90ab-90ab-1234567890ab' - displayName = 'Example-Policy' - dataType = '#microsoft.graph.managedAppProtectionPolicySetItem' - itemType = '#microsoft.graph.androidManagedAppProtection' - } - ); - RoleScopeTags = @("0","1"); - } - IntunePolicySets 'Example' - { - Credential = $Credscredential; - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.groupAssignmentTarget' - groupId = '12345678-1234-1234-1234-1234567890ab' - } - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' - groupId = '12345678-4321-4321-4321-1234567890ab' - } - ); - Description = "Example"; - DisplayName = "Example"; - Ensure = "Present"; - GuidedDeploymentTags = @(); - Items = @( - MSFT_DeviceManagementConfigurationPolicyItems{ - guidedDeploymentTags = @() - payloadId = 'T_12345678-90ab-90ab-90ab-1234567890ab' - displayName = 'Example-Policy' - dataType = '#microsoft.graph.managedAppProtectionPolicySetItem' - itemType = '#microsoft.graph.androidManagedAppProtection' - } - ); - RoleScopeTags = @("0","1","2"); # Updated Property - } - IntunePolicySets 'Example' - { - Credential = $Credscredential; - DisplayName = "Example"; - Ensure = "Absent"; - } - IntuneRoleAssignment 'IntuneRoleAssignment' - { - DisplayName = 'test2' - Description = 'test2' - Members = @('') - MembersDisplayNames = @('SecGroup2') - ResourceScopes = @('6eb76881-f56f-470f-be0d-672145d3dcb1') - ResourceScopesDisplayNames = @('') - ScopeType = 'resourceScope' - RoleDefinition = '2d00d0fd-45e9-4166-904f-b76ac5eed2c7' - RoleDefinitionDisplayName = 'This is my role' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneRoleAssignment 'IntuneRoleAssignment' - { - DisplayName = 'test2' - Description = 'test Updated' # Updated Property - Members = @('') - MembersDisplayNames = @('SecGroup2') - ResourceScopes = @('6eb76881-f56f-470f-be0d-672145d3dcb1') - ResourceScopesDisplayNames = @('') - ScopeType = 'resourceScope' - RoleDefinition = '2d00d0fd-45e9-4166-904f-b76ac5eed2c7' - RoleDefinitionDisplayName = 'This is my role' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneRoleAssignment 'IntuneRoleAssignment' - { - DisplayName = 'test2' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneRoleDefinition 'IntuneRoleDefinition' - { - DisplayName = 'This is my role' - allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') - Description = 'My role defined by me.' - IsBuiltIn = $False - notallowedResourceActions = @() - roleScopeTagIds = @('0', '1') - Ensure = 'Present' - Credential = $Credscredential - } - IntuneRoleDefinition 'IntuneRoleDefinition' - { - DisplayName = 'This is my role' - allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') - Description = 'My role defined by me.' - IsBuiltIn = $True # Updated Property - notallowedResourceActions = @() - roleScopeTagIds = @('0', '1') - Ensure = 'Present' - Credential = $Credscredential - } - IntuneRoleDefinition 'IntuneRoleDefinition' - { - DisplayName = 'This is my role' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' - { - DisplayName = 'asr 2' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - }) - attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') - blockabuseofexploitedvulnerablesigneddrivers = 'block' - blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' - Description = 'Post' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' - { - DisplayName = 'asr 2' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - }) - attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') - blockabuseofexploitedvulnerablesigneddrivers = 'audit' # Updated Property - blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' - Description = 'Post' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' - { - DisplayName = 'asr 2' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneSettingCatalogCustomPolicyWindows10 'Example' - { - Credential = $Credscredential - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Description = ""; - Ensure = "Present"; - Name = "Setting Catalog Raw - DSC"; - Platforms = "windows10"; - Settings = @( - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration' - simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{ - odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - StringValue = '' - } - odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - ); - Technologies = "mdm"; - } - IntuneSettingCatalogCustomPolicyWindows10 'Example' - { - Credential = $Credscredential - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Description = "Updated Description"; # Updated Property - Ensure = "Present"; - Name = "Setting Catalog Raw - DSC"; - Platforms = "windows10"; - Settings = @( - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration' - simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{ - odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' - StringValue = '' - } - odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ - SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ - choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ - Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1' - } - SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection' - odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' - } - } - ); - Technologies = "mdm"; - } - IntuneSettingCatalogCustomPolicyWindows10 'Example' - { - Credential = $Credscredential - Ensure = "Absent"; - Name = "Setting Catalog Raw - DSC"; - } - IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $False - ConnectWhenNetworkNameIsHidden = $True - DisplayName = 'Wifi Configuration Androind Device' - NetworkName = 'b71f8c63-8140-4c7e-b818-f9b4aa98b79b' - Ssid = 'sf' - WiFiSecurityType = 'wpaEnterprise' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True # Updated Property - ConnectWhenNetworkNameIsHidden = $True - DisplayName = 'Wifi Configuration Androind Device' - NetworkName = 'b71f8c63-8140-4c7e-b818-f9b4aa98b79b' - Ssid = 'sf' - WiFiSecurityType = 'wpaEnterprise' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' - { - DisplayName = 'Wifi Configuration Androind Device' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' - { - DisplayName = 'Wifi - androidForWork' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ) - ConnectAutomatically = $False - ConnectWhenNetworkNameIsHidden = $False - NetworkName = 'myNetwork' - PreSharedKeyIsSet = $True - ProxySettings = 'none' - Ssid = 'MySSID - 3' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' - { - DisplayName = 'Wifi - androidForWork' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ) - ConnectAutomatically = $True # Updated Property - ConnectWhenNetworkNameIsHidden = $False - NetworkName = 'myNetwork' - PreSharedKeyIsSet = $True - ProxySettings = 'none' - Ssid = 'MySSID - 3' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' - { - DisplayName = 'Wifi - androidForWork' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' - { - DisplayName = 'wifi - android BYOD' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ) - ConnectAutomatically = $False - ConnectWhenNetworkNameIsHidden = $False - NetworkName = 'f8b79489-84fc-4434-b964-2a18dfe08f88' - Ssid = 'MySSID' - WiFiSecurityType = 'open' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' - { - DisplayName = 'wifi - android BYOD' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ) - ConnectAutomatically = $True # Updated Property - ConnectWhenNetworkNameIsHidden = $False - NetworkName = 'f8b79489-84fc-4434-b964-2a18dfe08f88' - Ssid = 'MySSID' - WiFiSecurityType = 'open' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' - { - DisplayName = 'wifi - android BYOD' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidForWork 'Example' - { - DisplayName = 'AndroindForWork' - Description = 'DSC' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - deviceAndAppManagementAssignmentFilterType = 'include' - deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' - groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' - collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' - } - ) - ConnectAutomatically = $true - ConnectWhenNetworkNameIsHidden = $true - NetworkName = 'CorpNet' - Ssid = 'WiFi' - WiFiSecurityType = 'wpa2Enterprise' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidForWork 'Example' - { - DisplayName = 'AndroindForWork' - Description = 'DSC' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - deviceAndAppManagementAssignmentFilterType = 'include' - deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' - groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' - collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' - } - ) - ConnectAutomatically = $true # Updated Property - ConnectWhenNetworkNameIsHidden = $true - NetworkName = 'CorpNet' - Ssid = 'WiFi' - WiFiSecurityType = 'wpa2Enterprise' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidForWork 'Example' - { - DisplayName = 'AndroindForWork' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' - { - DisplayName = 'wifi aosp' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $False - ConnectWhenNetworkNameIsHidden = $True - NetworkName = 'aaaa' - PreSharedKeyIsSet = $True - Ssid = 'aaaaa' - WiFiSecurityType = 'wpaPersonal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' - { - DisplayName = 'wifi aosp' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $False - ConnectWhenNetworkNameIsHidden = $True - NetworkName = 'Updated Network' # Updated Property - PreSharedKeyIsSet = $True - Ssid = 'aaaaa' - WiFiSecurityType = 'wpaPersonal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' - { - DisplayName = 'wifi aosp' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' - { - DisplayName = 'ios wifi' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True - ConnectWhenNetworkNameIsHidden = $True - DisableMacAddressRandomization = $True - NetworkName = 'aaaaa' - ProxyAutomaticConfigurationUrl = 'THSCP.local' - ProxySettings = 'automatic' - Ssid = 'aaaaa' - WiFiSecurityType = 'wpaPersonal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' - { - DisplayName = 'ios wifi' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True - ConnectWhenNetworkNameIsHidden = $True - DisableMacAddressRandomization = $True - NetworkName = 'Updated Network' # Updated Property - ProxyAutomaticConfigurationUrl = 'THSCP.local' - ProxySettings = 'automatic' - Ssid = 'aaaaa' - WiFiSecurityType = 'wpaPersonal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' - { - DisplayName = 'ios wifi' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' - { - DisplayName = 'macos wifi' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True - ConnectWhenNetworkNameIsHidden = $True - NetworkName = 'ea1cf5d7-8d3e-40ca-9cb8-b8c8a4c6170b' - ProxyAutomaticConfigurationUrl = 'AZ500PrivateEndpoint22' - ProxySettings = 'automatic' - Ssid = 'aaaaaaaaaaaaa' - WiFiSecurityType = 'wpaPersonal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' - { - DisplayName = 'macos wifi' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True - ConnectWhenNetworkNameIsHidden = $False # Updated Property - NetworkName = 'ea1cf5d7-8d3e-40ca-9cb8-b8c8a4c6170b' - ProxyAutomaticConfigurationUrl = 'AZ500PrivateEndpoint22' - ProxySettings = 'automatic' - Ssid = 'aaaaaaaaaaaaa' - WiFiSecurityType = 'wpaPersonal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' - { - DisplayName = 'macos wifi' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' - { - DisplayName = 'win10 wifi - revised' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True - ConnectToPreferredNetwork = $True - ConnectWhenNetworkNameIsHidden = $True - ForceFIPSCompliance = $True - MeteredConnectionLimit = 'fixed' - NetworkName = 'MyWifi' - ProxyAutomaticConfigurationUrl = 'https://proxy.contoso.com' - ProxySetting = 'automatic' - Ssid = 'ssid' - WifiSecurityType = 'wpa2Personal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' - { - DisplayName = 'win10 wifi - revised' - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ) - ConnectAutomatically = $True - ConnectToPreferredNetwork = $False # Updated Property - ConnectWhenNetworkNameIsHidden = $True - ForceFIPSCompliance = $True - MeteredConnectionLimit = 'fixed' - NetworkName = 'MyWifi' - ProxyAutomaticConfigurationUrl = 'https://proxy.contoso.com' - ProxySetting = 'automatic' - Ssid = 'ssid' - WifiSecurityType = 'wpa2Personal' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' - { - DisplayName = 'win10 wifi - revised' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' - { - Assignments = @(); - Credential = $Credscredential; - Description = ""; - DeviceNameTemplate = ""; - DeviceType = "windowsPc"; - DisplayName = "hybrid"; - EnableWhiteGlove = $True; - Ensure = "Present"; - ExtractHardwareHash = $False; - HybridAzureADJoinSkipConnectivityCheck = $True; - Language = "os-default"; - OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = 'singleUser' - SkipKeyboardSelectionPage = $False - UserType = 'standard' - }; - } - IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' - { - Assignments = @(); - Credential = $Credscredential; - Description = ""; - DeviceNameTemplate = ""; - DeviceType = "windowsPc"; - DisplayName = "hybrid"; - EnableWhiteGlove = $False; # Updated Property - Ensure = "Present"; - ExtractHardwareHash = $False; - HybridAzureADJoinSkipConnectivityCheck = $True; - Language = "os-default"; - OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ - HideEULA = $True - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = 'singleUser' - SkipKeyboardSelectionPage = $False - UserType = 'standard' - }; - } - IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' - { - Credential = $Credscredential; - DisplayName = "hybrid"; - Ensure = "Absent"; - } - IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - Description = ""; - DeviceNameTemplate = "test"; - DeviceType = "windowsPc"; - DisplayName = "AAD"; - EnableWhiteGlove = $True; - Ensure = "Present"; - ExtractHardwareHash = $True; - Language = ""; - OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ - HideEULA = $False - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = 'singleUser' - SkipKeyboardSelectionPage = $True - UserType = 'administrator' - }; - } - IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' - { - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments{ - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allDevicesAssignmentTarget' - } - ); - Credential = $Credscredential; - Description = ""; - DeviceNameTemplate = "test"; - DeviceType = "windowsPc"; - DisplayName = "AAD"; - EnableWhiteGlove = $False; # Updated Property - Ensure = "Present"; - ExtractHardwareHash = $True; - Language = ""; - OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ - HideEULA = $False - HideEscapeLink = $True - HidePrivacySettings = $True - DeviceUsageType = 'singleUser' - SkipKeyboardSelectionPage = $True - UserType = 'administrator' - }; - } - IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' - { - Credential = $Credscredential; - DisplayName = "AAD"; - Ensure = "Absent"; - } - IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' - { - DisplayName = 'WIP' - AzureRightsManagementServicesAllowed = $False - Description = 'DSC' - EnforcementLevel = 'encryptAndAuditOnly' - EnterpriseDomain = 'domain.co.uk' - EnterpriseIPRanges = @( - MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection { - DisplayName = 'ipv4 range' - Ranges = @( - MSFT_MicrosoftGraphIpRange { - UpperAddress = '1.1.1.3' - LowerAddress = '1.1.1.1' - odataType = '#microsoft.graph.iPv4Range' - } - ) - } - ) - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseProxyServersAreAuthoritative = $True - IconsVisible = $False - IndexingEncryptedStoresOrItemsBlocked = $False - ProtectedApps = @( - MSFT_MicrosoftGraphwindowsInformationProtectionApp { - Description = 'Microsoft.MicrosoftEdge' - odataType = '#microsoft.graph.windowsInformationProtectionStoreApp' - Denied = $False - PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' - ProductName = 'Microsoft.MicrosoftEdge' - DisplayName = 'Microsoft Edge' - } - ) - ProtectionUnderLockConfigRequired = $False - RevokeOnUnenrollDisabled = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' - { - DisplayName = 'WIP' - AzureRightsManagementServicesAllowed = $False - Description = 'DSC' - EnforcementLevel = 'encryptAndAuditOnly' - EnterpriseDomain = 'domain.com' # Updated Property - EnterpriseIPRanges = @( - MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection { - DisplayName = 'ipv4 range' - Ranges = @( - MSFT_MicrosoftGraphIpRange { - UpperAddress = '1.1.1.3' - LowerAddress = '1.1.1.1' - odataType = '#microsoft.graph.iPv4Range' - } - ) - } - ) - EnterpriseIPRangesAreAuthoritative = $True - EnterpriseProxyServersAreAuthoritative = $True - IconsVisible = $False - IndexingEncryptedStoresOrItemsBlocked = $False - ProtectedApps = @( - MSFT_MicrosoftGraphwindowsInformationProtectionApp { - Description = 'Microsoft.MicrosoftEdge' - odataType = '#microsoft.graph.windowsInformationProtectionStoreApp' - Denied = $False - PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' - ProductName = 'Microsoft.MicrosoftEdge' - DisplayName = 'Microsoft Edge' - } - ) - ProtectionUnderLockConfigRequired = $False - RevokeOnUnenrollDisabled = $False - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' - { - DisplayName = 'WIP' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' - { - DisplayName = 'WUfB Feature -dsc' - Assignments = @() - Description = 'test 2' - FeatureUpdateVersion = 'Windows 10, version 22H2' - RolloutSettings = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings { - OfferStartDateTimeInUTC = '2023-02-03T16:00:00.0000000+00:00' - } - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' - { - DisplayName = 'WUfB Feature -dsc' - Assignments = @() - Description = 'test 2' - FeatureUpdateVersion = 'Windows 10, version 22H2' - RolloutSettings = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings { - OfferStartDateTimeInUTC = '2023-02-05T16:00:00.0000000+00:00' # Updated Property - } - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' - { - DisplayName = 'WUfB Feature -dsc' - Ensure = 'Absent' - Credential = $Credscredential - } - IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' - { - DisplayName = 'WUfB Ring' - AllowWindows11Upgrade = $False - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ) - AutomaticUpdateMode = 'autoInstallAtMaintenanceTime' - AutoRestartNotificationDismissal = 'notConfigured' - BusinessReadyUpdatesOnly = 'userDefined' - DeadlineForFeatureUpdatesInDays = 1 - DeadlineForQualityUpdatesInDays = 2 - DeadlineGracePeriodInDays = 3 - DeliveryOptimizationMode = 'userDefined' - Description = '' - DriversExcluded = $False - FeatureUpdatesDeferralPeriodInDays = 0 - FeatureUpdatesPaused = $False - FeatureUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' - FeatureUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' - FeatureUpdatesRollbackWindowInDays = 10 - InstallationSchedule = MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType { - ActiveHoursStart = '08:00:00' - ActiveHoursEnd = '17:00:00' - odataType = '#microsoft.graph.windowsUpdateActiveHoursInstall' - } - MicrosoftUpdateServiceAllowed = $True - PostponeRebootUntilAfterDeadline = $False - PrereleaseFeatures = 'userDefined' - QualityUpdatesDeferralPeriodInDays = 0 - QualityUpdatesPaused = $False - QualityUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' - QualityUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' - SkipChecksBeforeRestart = $False - UpdateNotificationLevel = 'defaultNotifications' - UserPauseAccess = 'enabled' - UserWindowsUpdateScanAccess = 'enabled' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' - { - DisplayName = 'WUfB Ring' - AllowWindows11Upgrade = $True # Updated Property - Assignments = @( - MSFT_DeviceManagementConfigurationPolicyAssignments - { - deviceAndAppManagementAssignmentFilterType = 'none' - dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' - } - ) - AutomaticUpdateMode = 'autoInstallAtMaintenanceTime' - AutoRestartNotificationDismissal = 'notConfigured' - BusinessReadyUpdatesOnly = 'userDefined' - DeadlineForFeatureUpdatesInDays = 1 - DeadlineForQualityUpdatesInDays = 2 - DeadlineGracePeriodInDays = 3 - DeliveryOptimizationMode = 'userDefined' - Description = '' - DriversExcluded = $False - FeatureUpdatesDeferralPeriodInDays = 0 - FeatureUpdatesPaused = $False - FeatureUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' - FeatureUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' - FeatureUpdatesRollbackWindowInDays = 10 - InstallationSchedule = MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType { - ActiveHoursStart = '08:00:00' - ActiveHoursEnd = '17:00:00' - odataType = '#microsoft.graph.windowsUpdateActiveHoursInstall' - } - MicrosoftUpdateServiceAllowed = $True - PostponeRebootUntilAfterDeadline = $False - PrereleaseFeatures = 'userDefined' - QualityUpdatesDeferralPeriodInDays = 0 - QualityUpdatesPaused = $False - QualityUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' - QualityUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' - SkipChecksBeforeRestart = $False - UpdateNotificationLevel = 'defaultNotifications' - UserPauseAccess = 'enabled' - UserWindowsUpdateScanAccess = 'enabled' - Ensure = 'Present' - Credential = $Credscredential - } - IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' - { - DisplayName = 'WUfB Ring' - Ensure = 'Absent' - Credential = $Credscredential - } - } - } - - $ConfigurationData = @{ - AllNodes = @( - @{ - NodeName = "Localhost" - PSDSCAllowPlaintextPassword = $true - } - ) - } - - # Compile and deploy configuration - try - { - Master -ConfigurationData $ConfigurationData -Credscredential $Credential - Start-DscConfiguration Master -Wait -Force -Verbose - } - catch - { - throw $_ - } From 4c151558e63160dd0265129c667776cbd3fd04af Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 15 Dec 2023 08:44:41 -0500 Subject: [PATCH 12/58] Create M365DSCIntegration.INTUNE.Create.Tests.ps1 --- .../Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 | 1 + 1 file changed, 1 insertion(+) create mode 100644 Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 new file mode 100644 index 0000000000..a0990367ef --- /dev/null +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -0,0 +1 @@ +TBD From 8636f43bbb225012505482b9c093f719697b1a07 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 15 Dec 2023 13:47:32 +0000 Subject: [PATCH 13/58] Updated {Create} Intune Integration Tests --- ...M365DSCIntegration.INTUNE.Create.Tests.ps1 | 2595 ++++++++++++++++- 1 file changed, 2594 insertions(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index a0990367ef..50109f3ff3 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -1 +1,2594 @@ -TBD + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Configuration Master + { + param + ( + [Parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] + Node Localhost + { + IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy 'My Account Protection LAPS Policy' + { + DisplayName = "Account Protection LAPS Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @( + MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackupDirectory = "1"; + PasswordAgeDays_AAD = 10; + AdministratorAccountName = "Administrator"; + PasswordAgeDays = 20; + } + IntuneAccountProtectionLocalUserGroupMembershipPolicy 'My Account Protection Local User Group Membership Policy' + { + DisplayName = "Account Protection LUGM Policy"; + Description = "My revised description"; + Ensure = "Present"; + Credential = $Credscredential + Assignments = @( + MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + LocalUserGroupCollection = @( + MSFT_IntuneAccountProtectionLocalUserGroupCollection{ + LocalGroups = @('administrators', 'users') + Members = @('S-1-12-1-1167842105-1150511762-402702254-1917434032') + Action = 'add_update' + UserSelectionType = 'users' + } + ); + } + IntuneAccountProtectionPolicy 'myAccountProtectionPolicy' + { + DisplayName = 'test' + deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" + WindowsHelloForBusinessBlocked = $true + PinMinimumLength = 5 + PinSpecialCharactersUsage = 'required' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAntivirusPolicyWindows10SettingCatalog 'myAVWindows10Policy' + { + DisplayName = 'av exclusions' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }) + Description = '' + excludedextensions = @('.exe') + excludedpaths = @('c:\folders\', 'c:\folders2\') + excludedprocesses = @('processes.exe', 'process2.exe') + templateId = '45fea5e9-280d-4da1-9792-fb5736da0ca9_1' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAppConfigurationPolicy 'AddAppConfigPolicy' + { + DisplayName = 'ContosoNew' + Description = 'New Contoso Policy' + Credential = $Credscredential; + CustomSettings = @( + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.BlockListURLs' + value = 'https://www.aol.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'com.microsoft.intune.mam.managedbrowser.bookmarks' + value = 'Outlook Web|https://outlook.office.com||Bing|https://www.bing.com' + } + MSFT_IntuneAppConfigurationPolicyCustomSetting { + name = 'Test' + value = 'TestValue' + }); + Ensure = 'Present' + } + IntuneApplicationControlPolicyWindows10 'ConfigureApplicationControlPolicyWindows10' + { + DisplayName = 'Windows 10 Desktops' + Description = 'All windows 10 Desktops' + AppLockerApplicationControl = 'enforceComponentsAndStoreApps' + SmartScreenBlockOverrideForFiles = $True + SmartScreenEnableInShell = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAppProtectionPolicyAndroid 'ConfigureAppProtectionPolicyAndroid' + { + DisplayName = 'My DSC Android App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $false + DataBackupBlocked = $false + Description = '' + DeviceComplianceRequired = $True + DisableAppPinIfDevicePinIsSet = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $false + PinRequired = $True + PrintBlocked = $True + SaveAsBlocked = $True + SimplePinBlocked = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAppProtectionPolicyiOS 'MyCustomiOSPolicy' + { + DisplayName = 'My DSC iOS App Protection Policy' + AllowedDataStorageLocations = @('sharePoint') + AllowedInboundDataTransferSources = 'managedApps' + AllowedOutboundClipboardSharingLevel = 'managedAppsWithPasteIn' + AllowedOutboundDataTransferDestinations = 'managedApps' + AppDataEncryptionType = 'whenDeviceLocked' + Apps = @('com.cisco.jabberimintune.ios', 'com.pervasent.boardpapers.ios', 'com.sharefile.mobile.intune.ios') + ContactSyncBlocked = $False + DataBackupBlocked = $False + Description = '' + DeviceComplianceRequired = $True + FingerprintBlocked = $False + ManagedBrowserToOpenLinksRequired = $True + MaximumPinRetries = 5 + MinimumPinLength = 4 + OrganizationalCredentialsRequired = $False + PeriodOfflineBeforeAccessCheck = 'PT12H' + PeriodOfflineBeforeWipeIsEnforced = 'P90D' + PeriodOnlineBeforeAccessCheck = 'PT30M' + PinCharacterSet = 'alphanumericAndSymbol' + PinRequired = $True + PrintBlocked = $False + SaveAsBlocked = $True + SimplePinBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'test' + AdditionalGuardedFolders = @() + AdobeReaderLaunchChildProcess = 'auditMode' + AdvancedRansomewareProtectionType = 'enable' + Assignments = @() + AttackSurfaceReductionExcludedPaths = @('c:\Novo') + BlockPersistenceThroughWmiType = 'auditMode' + Description = '' + EmailContentExecutionType = 'auditMode' + GuardedFoldersAllowedAppPaths = @() + GuardMyFoldersType = 'enable' + OfficeAppsExecutableContentCreationOrLaunchType = 'block' + OfficeAppsLaunchChildProcessType = 'auditMode' + OfficeAppsOtherProcessInjectionType = 'block' + OfficeCommunicationAppsLaunchChildProcess = 'auditMode' + OfficeMacroCodeAllowWin32ImportsType = 'block' + PreventCredentialStealingType = 'enable' + ProcessCreationType = 'block' + ScriptDownloadedPayloadExecutionType = 'block' + ScriptObfuscatedMacroCodeType = 'block' + UntrustedExecutableType = 'block' + UntrustedUSBProcessType = 'block' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager 'myASRReductionRules' + { + DisplayName = 'asr ConfigMgr' + blockadobereaderfromcreatingchildprocesses = "block"; + Description = 'My revised description' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' + { + DisplayName = 'Test Device Filter' + Description = 'This is a new Filter' + Platform = 'windows10AndLater' + Rule = "(device.manufacturer -ne `"Microsoft Corporation`")" + Ensure = 'Present' + Credential = $intuneAdmin + } + IntuneDeviceCategory 'ConfigureDeviceCategory' + { + DisplayName = 'Contoso' + Description = 'Contoso Category' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroid 'AddDeviceCompliancePolicy' + { + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + osMinimumVersion = '7' + PasswordExpirationDays = 90 + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 10 + PasswordRequired = $True + PasswordRequiredType = 'deviceDefault' + SecurityBlockJailbrokenDevices = $False + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroidDeviceOwner 'ConfigureAndroidDeviceCompliancePolicyOwner' + { + DisplayName = 'DeviceOwner' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + AdvancedThreatProtectionRequiredSecurityLevel = 'unavailable' + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + OsMinimumVersion = '10' + OsMaximumVersion = '11' + PasswordRequired = $True + PasswordMinimumLength = 6 + PasswordRequiredType = 'numericComplex' + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordExpirationDays = 90 + PasswordPreviousPasswordCountToBlock = 13 + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyAndroidWorkProfile 'ConfigureAndroidDeviceCompliancePolicyWorkProfile' + { + DisplayName = 'Test Policy' + Description = '' + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'unavailable' + PasswordExpirationDays = 90 + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordRequired = $True + PasswordRequiredType = 'numericComplex' + SecurityBlockJailbrokenDevices = $True + SecurityDisableUsbDebugging = $False + SecurityPreventInstallAppsFromUnknownSources = $False + SecurityRequireCompanyPortalAppIntegrity = $False + SecurityRequireGooglePlayServices = $False + SecurityRequireSafetyNetAttestationBasicIntegrity = $False + SecurityRequireSafetyNetAttestationCertifiedDevice = $False + SecurityRequireUpToDateSecurityProviders = $False + SecurityRequireVerifyApps = $False + StorageRequireEncryption = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyiOs 'ConfigureDeviceCompliancePolicyiOS' + { + DisplayName = 'Test iOS Device Compliance Policy' + Description = 'Test iOS Device Compliance Policy Description' + PasscodeBlockSimple = $True + PasscodeExpirationDays = 365 + PasscodeMinimumLength = 6 + PasscodeMinutesOfInactivityBeforeLock = 5 + PasscodePreviousPasscodeBlockCount = 3 + PasscodeMinimumCharacterSetCount = 2 + PasscodeRequiredType = 'numeric' + PasscodeRequired = $True + OsMinimumVersion = 10 + OsMaximumVersion = 12 + SecurityBlockJailbrokenDevices = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'medium' + ManagedEmailProfileRequired = $True + Ensure = 'Present' + Credential = $Credscredential + + } + IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' + { + DisplayName = 'MacOS DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordExpirationDays = 365 + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeLock = 5 + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'DeviceDefault' + OsMinimumVersion = 10 + OsMaximumVersion = 13 + SystemIntegrityProtectionEnabled = $False + DeviceThreatProtectionEnabled = $False + DeviceThreatProtectionRequiredSecurityLevel = 'Unavailable' + StorageRequireEncryption = $False + FirewallEnabled = $False + FirewallBlockAllIncoming = $False + FirewallEnableStealthMode = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceCompliancePolicyWindows10 'ConfigureDeviceCompliancePolicyWindows10' + { + DisplayName = 'Windows 10 DSC Policy' + Description = 'Test policy' + PasswordRequired = $False + PasswordBlockSimple = $False + PasswordRequiredToUnlockFromIdle = $True + PasswordMinutesOfInactivityBeforeLock = 15 + PasswordExpirationDays = 365 + PasswordMinimumLength = 6 + PasswordPreviousPasswordBlockCount = 13 + PasswordMinimumCharacterSetCount = 1 + PasswordRequiredType = 'Devicedefault' + RequireHealthyDeviceReport = $True + OsMinimumVersion = 10 + OsMaximumVersion = 10.19 + MobileOsMinimumVersion = 10 + MobileOsMaximumVersion = 10.19 + EarlyLaunchAntiMalwareDriverEnabled = $False + BitLockerEnabled = $False + SecureBootEnabled = $True + CodeIntegrityEnabled = $True + StorageRequireEncryption = $True + ActiveFirewallRequired = $True + DefenderEnabled = $True + DefenderVersion = '' + SignatureOutOfDate = $True + RtpEnabled = $True + AntivirusRequired = $True + AntiSpywareRequired = $True + DeviceThreatProtectionEnabled = $True + DeviceThreatProtectionRequiredSecurityLevel = 'Medium' + ConfigurationManagerComplianceRequired = $False + TPMRequired = $False + deviceCompliancePolicyScript = $null + ValidOperatingSystemBuildRanges = @() + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + DefinitionValues = @( + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'f41bbbec-0807-4ae3-8a61-5580a2f310f0' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '50b2626d-f092-4e71-8983-12a5c741ebe0' + DisplayName = 'Do not display the lock screen' + CategoryPath = '\Control Panel\Personalization' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows Server 2012, Windows 8 or Windows RT' + ClassType = 'machine' + } + Enabled = $False + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98210829-af9b-4020-8d96-3e4108557a95' + presentationDefinitionLabel = 'Types of extensions/apps that are allowed to be installed' + KeyValuePairValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'hosted_app' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair + { + Name = 'user_script' + } + ) + Id = '7312a452-e087-4290-9b9f-3f14a304c18d' + odataType = '#microsoft.graph.groupPolicyPresentationValueList' + } + ) + Id = 'f3047f6a-550e-4b5e-b3da-48fc951b72fc' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '37ab8b81-47d7-46d8-8b99-81d9cecdcce9' + DisplayName = 'Configure allowed app/extension types' + CategoryPath = '\Google\Google Chrome\Extensions' + PolicyType = 'admxIngested' + SupportedOn = 'Microsoft Windows 7 or later' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + PresentationValues = @( + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = 'a8a0ae11-58d9-41d5-b258-1c16d9f1e328' + presentationDefinitionLabel = 'Password Length' + DecimalValue = 15 + Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' + presentationDefinitionLabel = 'Password Age (Days)' + DecimalValue = 30 + Id = '4d654df9-6826-470f-af4e-d37491663c76' + odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' + } + + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue + { + presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' + presentationDefinitionLabel = 'Password Complexity' + StringValue = '4' + Id = '17e2ff15-8573-4e7e-a6f9-64baebcb5312' + odataType = '#microsoft.graph.groupPolicyPresentationValueText' + } + ) + Id = '426c9e99-0084-443a-ae07-b8f40c11910f' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = 'c4df131a-d415-44fc-9254-a717ff7dbee3' + DisplayName = 'Password Settings' + CategoryPath = '\LAPS' + PolicyType = 'admxBacked' + SupportedOn = 'At least Microsoft Windows Vista or Windows Server 2003 family' + ClassType = 'machine' + } + Enabled = $True + } + MSFT_IntuneGroupPolicyDefinitionValue + { + ConfigurationType = 'policy' + Id = 'a3577119-b240-4093-842c-d8e959dfe317' + Definition = MSFT_IntuneGroupPolicyDefinitionValueDefinition + { + Id = '986073b6-e149-495f-a131-aa0e3c697225' + DisplayName = 'Ability to change properties of an all user remote access connection' + CategoryPath = '\Network\Network Connections' + PolicyType = 'admxBacked' + SupportedOn = 'At least Windows 2000 Service Pack 1' + ClassType = 'user' + } + Enabled = $True + } + ) + Description = '' + DisplayName = 'admin template' + Ensure = 'Present' + PolicyConfigurationIngestionType = 'unknown' + } + IntuneDeviceConfigurationCustomPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "custom"; + Ensure = "Present"; + OmaSettings = @( + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom' + OmaUri = '/oma/custom' + odataType = '#microsoft.graph.omaSettingString' + SecretReferenceValueId = '5b0e1dba-4523-455e-9fdd-e36c833b57bf_e072d616-12bc-4ea3-9171-ab080e4c120d_1f958162-15d4-42ba-92c4-17c2544b2179' + Value = '****' + IsEncrypted = $True + DisplayName = 'oma' + } + MSFT_MicrosoftGraphomaSetting{ + Description = 'custom 2' + OmaUri = '/oma/custom2' + odataType = '#microsoft.graph.omaSettingInteger' + Value = 2 + IsReadOnly = $False + IsEncrypted = $False + DisplayName = 'custom 2' + } + ); + SupportsScopeTags = $True; + } + IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10 'Example' + { + AdvancedThreatProtectionAutoPopulateOnboardingBlob = $False; + AdvancedThreatProtectionOnboardingBlob = "MIId0wYJKoZIhvcNAQcDoIIdxDCCHcACAQIxggEwMIIBLAIBAoAUZuvH4bMiLMrmE7+vlIg3N42bKKgwDQYJKoZIhvcNAQEBBQAEggEAxqk1HWqA/PwA6Pq5Yxjp/PGI+XZQMqmwJ47ipnmoDJT/6juZVohVUmnadMbwG/lMPSsCayUR82ZutwziB7dgq5Bkw0XoastlaRQVlnJYcMa+rp1cPmfJxH3XfiWkvtyOfls2OvGot8ACtpOPpHAgHswUC8CQozwtbiGbv2d+GKOqbDyKuDUmguZ1IjgHXSK4QdT7CHyxsqvkF7th3BfzQDYP4RkHt7MdcguhlneSiM12yYWZPZWEq8DR8qgJmhxUt12QzWMNATcuVGbITMzhFSKzsQC+rYY+JHxF4KLtleDIsZagvAJryqYp8UCIKz4RjXfNdUobkqMBHl/FLlzvNTCCHIUGCSqGSIb3DQEHATAUBggqhkiG9w0DBwQIYD8sl4f+5/KAghxgyl2DMt2B0VwAzMrCjltr8GLeCDx7yQemqhWCw5a2kPowKAtY7Iu60QKiR+F0AknYBwXesbGhYp5NU89ztByHizxh/q/puoBMuN1yHWWYKKu+hqxH40DXxiAi060JA06HoD6mSrLQCz1SXprnLNyiC8rHnVTaJ9alUJOT+FLYH09WOLYZMKKNsTEd8gIjQpXwUVY/zzOBpYS0L3SL28Kk858o5OzowQ9XX/JtyRStcLEZJhQ1u2UkhFCyioNQzS4gOW4/a4rw6vZsxFk+ZBHUEy1aYjmXXuYXPTazCZS1nhj7cpPGTqhxiqoSTMxbBHaKiM7HrQcezFD6oPrloti9PFSCahMLmb6OBpsh4vkMh8WzDE3JyPK8A43iTG+qw+ykfi1CUscTBoaLALmryI3csrmjWpgzwH1+UjpK/7vkjzCXNgazxP9/OysCjRsygSWDKVgcoeZtLPzHwvED9sMns4Sw/vfREOqt9n072ZTt8FjrjEsa2yZCfubeBSuiG1V/wUoDel01jKZ+ZtvpP7EwPuGOQT2Zdl6d/J8fw3PrbahWWyUStmihDq5plQg6moZ31Mtn0QiWkRdbYuoY3s6cBhlBeRUy9oX9mWe165MI1LbwZZRkqf+PtAbFgVQDXDToRsqAmqIFzdWI39HH3xnUdv8z8to8fiprhm6exurrrWkQw8Ss6zloBlzte3QqJbagGS/QXObxDMvXCCSXnckrzfFUtYd+wHZ4T8Mswm40wdKqhQtED7GHP8olrk/VmmRi3I6Ezj1/iK6hc28fH7CJT2CadNOEusM9Xsnzw/AfIJAFWojc05niavd0UC3orL7jlUv9Kay+SDGsAyuE9EDS7Y4bhixkZWUoEuftlH/3W7Jq6kESzFoXrzfS4Ssj81riYXUlXwlAd9AG3hnndJU3Z4aND/cWVYEvJdDHNdRWO+MqxbNNodOYr3R/6ZUewGBBxOeIh2+KNKaouHRwnSVq227NbnzMLATAENwsey/Q4NxBM+8aivmhR/O7cfNuObb+4AFvyzZJoUsdbcGVubdc8qvzqJFeALbM8iMOqIwDPflPhsNuHEHZljg/d20v4D9ZeogzJp5qW2w86gXgBTi8OS8KR2nm0+5I1mIU8ChyMJUEQNlddcxNRlq6QzOsSE+gqwvDTcKXCvQx0Acu5gVJSp4USGca4SPUsPKa+Uhef1e8gMpzXa4c6xGEptp7wY/7yaEzATnLQ8qC3ozGzOBpatgi8amkEOleo4EtSqUBAxYPq+TNo9COd7/u9gnBEXHLVuul26gsFA7K37VXBO2Qty2yOruy+2e0f+WpctBc1bbGgsLC0X30QAgG6ZRRwGedteVeVr9zjq6sIOjhkftcegetkVQhTj0acTCIy8NBLd9I+t9oEecvQgCTJVOU4G6IIoWZYn8/entxn41V8ThLS8Z20ekgBcZf/4r+huiQZZDyk+gVIStokJehtUb9qfg60aogSOn9Cmha9EzY+NtllPBTbIyBnklC89/sJPFiLBbtDihjm96NCECkl0DNL3o0BFHdjceuscs/MBbVCiGiy74+bKbpigXG80rKFfsOSY6OIFgVuQuW8ETQFxBwXRR3h72BorojOghfHGNMAIadJRVEcyPI7Vnjk+ii0YZEw5AuzJtnpQ8gNbudQzy5PvNdMwEwOo2AT1IIjDvGXqHcEW8hCEZkD2GqcQNBrJ/vYBQloCzmzuakYQhGVQuqTUHnKWPfcPeKOm8mcG+vqGMlw6iPlFM3omfmMXHIgehxxPOnusaxvPTNgcVBEvCR+tn2Z3Xim1riDj2ILSIAKylS4Bndu4VJI4+zA0yjNm/udXhMoH21HiTF7mohpSBReLxjmMbBWpMelXj5jHKgI+Ik8IRxNzIvYQD9eG2zqkEixZfgyhiZUfkLC5+J/M7rYSrEonL+Yx4OEm/9TfpEzVTW7DBM8d/pZy7rIJ4+Tx7YpJXMPnPZfsK7DZycujUlkIKxe10vG29BS/hi5ioyPBRz1qx+ez9QpoajWJ0mOSyAwBk47kD8y3KvKwn+woyk3/Tvj7QUW+Apw7b1L2dfR7T7MWF9u0bBD97fGAMA7kyghIV3W2eBRCG495ut5OjQBzOhtWSOvWGQefDdBtbzd1cLg0vrEk0jTedk90lNyr/ODcN7Ejr4fFlp2WIjS6yl3+iepRafpmW4iIxz4JfGHlGrOKkY1LMd1NtctU3W23iYu6fQJxws+Q67LeGJR1i1ai/indtu+xtjto0avT1UtOl3mS5Odl4W+nuqKnAf8Rhch+0ozcywpaOJiPNpls1RYlEJIXmGh1ANYzrrz5MbhyKjIRiAaZQ7sl9Pk5ijuL+4vDK+qUeWmBHU6Jd5xYbRMtmpFQs2mb7EZDDG9pWP5k30IPfMy3Ma2Bt6B3Nq/nI8JirjMGp0WF0wiuK8G1Z5u2K4QemzIyRPGzIqWg+RwjTykmZwwT/Njn7UL6tk1OSB9cSIiJ8mws5z2hf5rqmi6WbgBQ1V0s52w9elfgTeurUBMsXOWT+XTTEI/nvSa4BEMlALQnef0k+Ap32vgnzN7ZVcIY4ZI2pKhCFVLV3nUhuSZQKZwtA+N7IObxDLCnZD1OIaLcacQl8pXN4O0WeJ9/KhdAidPNoM3N/Ak/toEW5eD6tmEqHleUPnHT1MzeyM8SgSJmGql5flGYTzx22RTUe23JcbaY2wmY6tiDvYxfw5XYJUdUyhUOSik6Ttqz1y8E8nnlFtq+4PwJPdbWrMV0oWcjgVAiaq9ALX5GwPGoLo5QxRHZ/tg5LEnIOtZJdmNfaeDO6GSjwhiiW63kvBMjPDZ+R2SQdm1UAyIYg9AD1GY1eOuZ3Qs5/KHUmcBBy48bIcGFaaK0kdlwWdlWtJUP+4UMv8vlxXt05o9NVIHZ+YD6KBOgE+NPMoI4Y+ht7hzSf6cSIxz8AfEZHWnC7Co2tFkBF6SkqQse0uLL9Wf+CWzMy+JLXqo9tBKxsnxXq07a5HF9+WNiuLGnQoz5PlKjzgwWOOJ1yGdQhlWc1cYYHEnXMkrFoc0tdCvCAYL5+dm9lhc5MXR3hqpOSByWfz14oaBx4fCqPZqSvE09DYNkJB2Abo+WIqmW8vnb1aFyqMWj0nK/lT0rpfaiXww7vMMuN6TYp1JAubZ9ijx+Yq1TObi409aRYRmJkH3quBD3HExAS0bRIavExQaM8zP+gqxxsEG71gtFUK0jI/6Q71OIfh9Tf3uSB/NLl/HyDegsRyxMCqqowC6mBa8TLM/gDp7yOyrQ7Cs2HnWWYrNfZd6n5F0OB9ProL0Tykg1cci1bcteO4gKadhRZtOYhLXJMcLcy/fUbBdooxGak2c9i7XBGUbD4vklR66yACKETi0Ou3RVrVxJvkRDuU2seU9PW3Y6leYHbgpZdzkoDshflbxkXvWnxRAV/moH8RxBusT7yx81fytRieumN12QJjdMNQRRvRbe9vhCR9uj7lSaXHcYCQvNX4jMbYgYW401NlFFAsSGdy3XkgXfCvKZQDcf2oaWoc3R5MjDdMod9R1/z3vlx22RRzahCDZdOfFysq2rkzJDGZW9WWnKJHKXEA8lGWA62WSxjeUUOt+Gnjjww1RD8yK0uQtcGlcN+OeH2WtZDiN3gTNBmAkyU7EgWvSKstSS+/fCwt39o1ldG7ZNoIsAqdESgXFPfToaEs2E+pmunn8iF5Vly4BSce+jBok8zES+wopGpQr3NB7ai/lCKQZ4yH9cb5Aj0jYv0Bp91KEHrZU09pcg5foLb/NMFNNb0h91UsHZpJlx4r2zj7hJ5GKXTGX1xfJ8Fettpht+2mgxSiSuG1CNKncIAHWIicMwcFMea+H7fSGZwqRu0Q+iRmc0rZBXIE7sGm4TnKSXU35HZBw9M5vpzCnUxT2wPAbDDAdGIwguD0vzS3AhHMJdcIQ+WNALfvxgSReI57Hk4BlP2SZRJAeSejCMkOe6x1CZWLPxMbGQORdtXadCEfCQ2r0COrppMPIhI0sLuBPRSqt5+l4LgCN+n52U5PzWD8L2r6gVxItI3uRuV8+TWI8noDKvSB3nZIM6XVwlcCPgsa8rwsf+wdrNLOEY2aqYg7h9ieEvAk3GttwqomDkZfZdEMNShlD2xX+Ub3tu0cUr7ntISzvR6y5MkKyaNWOW0wO8LeBxRHBQqUs63KFz7wrFu006X6CJgkcD902IzWam3DlI9+ivtz+eIG1ZKo+2NA2piyXuGhFEbSf+lEERVnNmBkYbCl0TWCglkd4ajsbaGwsFizeVGEPPdy5ePuvosxssLpk+qSPLdY1qJeCFTT9qww1D3/tjL6p1LDMtaGFaDQ2JvU+51AmNt0ca65rtaGHIGRCdNSLfaaKsXqgekd61qBIqlv2zArbN7fJtwH7BYH3FpoEUw2eWR7Xc7JqYVYE1P/ggF8x9mWDUuujCHp8awxJzAhPUu43hSOd0O30Lr79jWoBi/BIHzs+P5IZxnq/cTGdYVEWxMeQF6vmRnFjo3UtKSQNQR7Xwec0bpmByJx6v5YcL9xG/OwQ8D/Qcmof8INwNLePVckvM+jbkJ+iLvgpZL9xDU9qsYjYbKpp0VhuZqtAPzIdgzWv4mWVp0kI1F9q2DOAAZS7xcIeohBBXE1gEwzlr3r23WYNjcX+KXfQuY3zxb7dNtBLOOMqvbgYtKEoHT731GL0mINkDCTKaoxlLIoUyjycMNEKKhyzLHG1ELqtzR1Mi2bFy7Edj4VvjS+owFOg5sTrbtaf55w/RburfZzYpavIyl9q60+kcoLfKtwva5bGfJKbOhF3cMKDCDEmKxgLSIYH7swCM6Gv/D8p38Bkd7qs6Q4wp13hspmoq1d9SZtHU/DV0/KHKy9/ef18dXNa/I7unMGcETbc+GE/yGfTue/Sv9l8Beq2H2eMfrpkTVOMGxnIwRTf6FBNyhpQsaeN52qz9kqFcScziZlRyvq57kz22USWW3oLrC4LWHiu4QJzBMJeeZO3E7SrBdGMyOcXpXXBHEbJHqb2zOSefObjagX2Ld5pGWS3zIyaJPV73yS7FhaKwA50Syw+nbeG5ysEicbdUOKLZCPKTDi+jBjVpd7B/SokzxbnkojQdDF50453YUlTx2KuAMONaw7sf3lVzbGalZ1O6RcGp3s2BJsFDwEJErPh6zbFEM8VCttNFU2sT89P+wKMUX8Wt8qU+Q/wg0vwLReoTfqqmNbmD/4FRLbgpfP6NJ7IbUisR8a7PCKMWIz7sX7iTk1OQsUptgkNSWGPe2bKQ/ln593n6q7CD5oKgN+d1099lJokSEa4hvlFkHRI248ITqMxaXjuRD8pyTpx+k7TzXSjzb3oAsDfBsI7IJEEp5O2Rrg0bE/vBLPWVXubSfSYd/RqKoos8Ril46Q43L05uJfiixkEvJiZo21+qQsK+/MUnOUl2lmB7uscPSZWUGQbs+BecxEhYXpjgaCPfVClyJHwBAwk+PqOOqGrNEz4fQppnR4wgCYhxCbJHKQTSGnmrTeHXRWNs74+RXaDZarvPRg/DronoiMozAJv0YIg9VjTkZhxdw4pFUPm2PChsM+iVy0Fia1uyTy1+SsTPTfHFArZNdWPyiezISJIicDPSCQGUREt2VVgN5dFmsbHytmMPlGnk9fSJfAgRQqQLxEIFy629aFR4MsuLvez7RFOjxhcxx4HEmKQ52RlZz4yzwHj1pip+UVgj+Kcb87P3BJX6eW8G2OAyvePmA77dGWoSVdFLeTaj+L6ZgHvBqHBEico1HnlR8aSnPJtYuNR7CKB2AWvaZvY2t1RkA3Efrga8acgxi3h3o6DjfcYHS5xdSTS9aYsJNPo3p3/bhhSfYCHDQeZfotHzaHe9b/d9CH8cZsvCqH0zUHjwR3BgpkWHfd4c0XQdrH7HyfOU6XEVs5h7DmWGof0msy1Esn6qLk6NrKfgMZOqxs0lEW26bjoerUOLxb7UxCLuwpthTBU9qHdMQ3fxCK2mkn3KCeE8VeSb2KskTeTxnUnJXan9eURKVzf3LYwouQtB0jkoYzPY27GLLWBp5coYZScODE3lk0oZGGPxa42DqNvVBbyvIyw5o7AZsICnnNv3wCxXZenncFqVu2lG6pgQV5RleU9zgGaz0uKNJAN66jKxlxcmsYi2ugVwGjPf45tnJcTDtdV46Nep4n4Cko+y5lMYRTpSz5hB1zodBykfALCE1daqD+dHrgPFfKFIlMElZjNmVdIoY9UEnsBYbZji1dxKvlwVvcKFH9RQDHY5l74H4UNXGbtrxesZHWc5EUxf48CtV9+DHwOkm30ZDjt6MVsEU/69aOi1L153tAKBY3I2icwL337y2Zez8Fbpq8nHGipFZB+9ygejNRCXAmVmn4QjkgqFLZgTU1nX1/rw6CTPyO8dz5ad94EKvHn/iUIrlH3A3bGGqjCNV+4hH90xdpBStvagg+NIRHKlTY2T0UWUZWG1nHeivCFxKJbwn7wOVAlvSVqAFDmlewryH7MHTOVXkOqbNpi5P6GBqrOYGxndwzfr0QW00gGHmVO7G5W+PcX7EGXPzfR4td8kBlZOE5XoXm/AbwAxw7pn048iMxCyR5vY6uA4WqZLOoYMNwYi5N11apYbc4A8sl/JCY7qaFmWzCKG7h261gCz7gcFV7m6fqnuDsBsZuPCMJlVUKTY0hu4lWYNCy4y63i7dBO/4Fwhl1Gl8lcZmQvTcXvQSUUTFhoZJ0DLHLOpv0eJ9D7iXrxztIIo5143CGuNJf7A2e86FsGv5L/7znkRcC72eC1LV1hxi6NEJZdQDCiZPM3i0pSk11NTpMBpqn9HX4cN5rrdBlXynB44GxC9rMFrTdVTsLa8+6hx3LcMfqyRocBvk+jbTv2ahiX4afCyF+qKoyhlz69/NnWXiw+ZhsE/0pakEOre/UxBfX3L6u1YUxCX4S2Mn2COlpur9ypOmxahQ8ogAP+dLIkBd4QsSnB4Kwkfd9bQLoR87nv64lvx0T/Mt1PuMgsMamGvmnp5Zl437JEWSLQxQeG/8/1/ybAEkr5Vjws72hqLp6zZe3TSv0P9IKkuhU0Bq/jSrpcIQsVhAMj4miitmhe44sKnpqVuLo0qVHwEa9/TIA22xg7crZmkdzkyllrsWv38W89S5nWX/OkOM1ha37bdfbyDnEnysOmLKdMUv9nCTIFHwX0hoVCsvgiS/6Alo3OT8k7NDv3XNkZn05nba1kV+wEMvVMfZNyEPzkYleLtCEZTLG6LwvL7y45OBZ57qx+a0vlHpIrG1uEY9TK09Qsp1nn/CG25+hJvSrcaod8P6M2u5OVU71lhQzQX0dkMpzzhm7f4SaBYN8eOfCDen+nJ8gqz559Mbnri8XqcTI7XPXknmRGbPLR9M692jyQ35hywUCDvlD/FDk+tDNtb7oTbNNhrlqZH+w1uXe8lk+Ply4iMB0EouglBvIDLoiWrIqwxoL5VRqj+EEHe7/iXwZpHkPZGizB63bbBiZ+8FbXZP+yU/LaB72EJAWFF/o/fROT+BQKDjPp3ZXCSKsgt2ate/aBbSyjJpOe+56CQb2bJczRrUnXOp2gYuXSzWwKaTJEa/l45cELEtCcWT44EukOXYz1qKP9gYnKw80v5BmExemIDSjYKCAnYsyvggVDl8k4E5HFoxzcl7L/X3ramNTV/ibhslXR+/MOGfV9SUNB1LCLJfD2N0LJGIheR3tyuDRs0z5LH3fSckCVVZWsDHVT4VyK2ljzsR8DJ06fTs15G9B9cwWvLGkds7pHHNt7nylWkyVwtm8KA1FQoiKxLizrGFFcjyf47WYZ8bkUhW5HgO7VedOdvsNVod72hqo1e8gcPpCJszlPAeKVyALIiL9HC19OgBUj/ZLBEUUjWn31dzbPGqPh00Sq0t6J+XNcNmHSyoRhBn8qKPtni3WoxYDPiW+vaQl9u9qIwpPrCz80o4Y5ppBgHIw0V3PFk1qzSuXM8VN+Fbhc4F7tPJv8wYe84q4v7BX7BRbAHirbd3TXAGcjB6SQITx9IPpdTxzyBD64S3Mk16NBxobI/o1Y3Pmhb2qA4h6vImV8nHvRStm+HDMzWKiZ9eSm8O7ll/mXjeiW5SgJRd9iLqU1vk2QC0ZqpFkd4zEZP5E9cPtPDs8MMkLyw2kl1NuDEWaGM3uRXEG5VjcF07ynOLVgpxfW8XkH+R84+JAr3g4wYwzRDv/5hHRLIONwLARvhQ1QU5tX2HphS3oVzA8uazJnEW+HMwzkw2+YRX8rLNoWLqpQFF7igwmCMddAaPCIWB7yvimhgDGm7jM6XjFj/DBxIMtHk8IWnTrj4ouZRt4NJTzzLKl8Um6wctlRy4BEkQhxEP6qZDewTYrcdZXf3+82r746d7iuSqlK2eV5sGmARU0pht4FRSCs83ofQszqbXAIAzYA7/POn9Y33aD0T1Uo5f6W0p/fGqPew/JKEiWYsvGYJBEc4xMA3/APASHkvyow371AMy5EtG6hQEBYjZ8Ou8ao7QF0ERhLEzBo2+vAW1OI8uo6UeKJyySpcseSHNyJ9LjnGMg+2XfBNuVHJ+Q1Fzm+9+zuzD9KDiv1AClu9XWWF083Wcn9Otjl1vNYe0rREnJ82KW/ZXmX4c9YWRS+plbzZ654PLbeN+A64qbxbbO6LvYwAETclyCeuVYE6ffgtSvFuxsvaZVYHvzsOukdHU0Y0zy05tiO5gCDgDuntATZ7E/AjJNOod+RS2QoY7ttEuinfNorQ1x78Jot+u6bInT+NjNTV87jmaHSgP2GM0yaDWgPB2Q4YSPId9KT3O7/jV6A6AV/dnJMk/H+Xkgy9e5fdd2rry966S9ZqC6+jYJBo64av8oP72DxJDDbADt931hcZGoQHpPKLS4oE2fhTh6nnNdqhr2vxnCa2rF3afswOUYFaTU73S6E6E8sBwaXP4YCkRGl19VlfJWL+FykYboxvrUGnrRRBFV5V8LKIuXpOaakZakgJJQI4OqD1+G++pSFZsD2EyRn7iYQOsqa+VZ1jz7/5FNE2fRX2AmNDRcT42ZwRJeV/uCA9dS/zpUQU9JzDYrM+9f3+L4XD2auxm4qw20X+rU4V4MLteEqevcp8AZTmui3KQMHnRU8HPRpAIJcp8rMeBY5Q4g+UYzAUf3/8PTBv022N/cEifii/Yln/I+yRWx2mfeCAIBk14aBkb2+h3SOsBJPYvBF+s2l91jGlmtkOWIlSuCmEn2ChkQZ8HveX2oTrLq/Fpj+iIDyvmSJrLYB51y0Sd7R49Gi3LEpHdYMLes/0dcwtXab0ZTIMuiAoSJJMWzRTCx8P+NqxOeqfGXr6WiG6SOWOw+RPHlIYo74Ob18cl6s5SIwGGaBajPbyHlhm/nbtoSRg05po3ABO/Jgd9CnskRIei6fMGdUdV2Bwl6Uph4Iut8z6SeZ1Cag8/GM299Rwu2FYnqTj+B1TEyfxZTFIYhZk2oVSUQkAJecR9Sx7eOmzW0Vv2mMj6hROyirlHRbh17xdSiaqwf4IhOETvvFMqcqiqhk3Gh70UBZ4rwNq2RTjTkSaAZk7PL49PnNp5L31E4yiNdN7cVNS184ODATfHs6VpatgiczCSn3O5WUwB7IJuINt9o9y5SQerXjL1FsLKIAQ2ojID2BPznqp7lkEyg+PjD2hOmLAN2KpYHKXJQm0pV9jP9lX7kvfyJhISJaiWwhhiHDQ2cTGPW0rw+a4ve3pg1HQ==D97F84CD027F883C2A6A7B4F1B8A194EF3042369"; + AdvancedThreatProtectionOnboardingFilename = "WindowsDefenderATP.onboarding"; + AllowSampleSharing = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "MDE onboarding Legacy"; + EnableExpeditedTelemetryReporting = $True; + Ensure = "Present"; + } + IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BackgroundDownloadFromHttpDelayInSeconds = 4; + BandwidthMode = MSFT_MicrosoftGraphdeliveryOptimizationBandwidth{ + MaximumDownloadBandwidthInKilobytesPerSecond = 22 + MaximumUploadBandwidthInKilobytesPerSecond = 33 + odataType = '#microsoft.graph.deliveryOptimizationBandwidthAbsolute' + }; + CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 3; + CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 3; + CacheServerHostNames = @("domain.com"); + Credential = $Credscredential; + DeliveryOptimizationMode = "httpWithPeeringPrivateGroup"; + DisplayName = "delivery optimisation"; + Ensure = "Present"; + ForegroundDownloadFromHttpDelayInSeconds = 234; + GroupIdSource = MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource{ + GroupIdSourceOption = 'adSite' + odataType = '#microsoft.graph.deliveryOptimizationGroupIdSourceOptions' + }; + MaximumCacheAgeInDays = 3; + MaximumCacheSize = MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize{ + MaximumCacheSizeInGigabytes = 4 + odataType = '#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute' + }; + MinimumBatteryPercentageAllowedToUpload = 4; + MinimumDiskSizeAllowedToPeerInGigabytes = 3; + MinimumFileSizeToCacheInMegabytes = 3; + MinimumRamAllowedToPeerInGigabytes = 3; + ModifyCacheLocation = "%systemdrive%"; + RestrictPeerSelectionBy = "subnetMask"; + SupportsScopeTags = $True; + VpnPeerCaching = "enabled"; + } + IntuneDeviceConfigurationDomainJoinPolicyWindows10 'Example' + { + ActiveDirectoryDomainName = "domain.com"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ComputerNameStaticPrefix = "WK-"; + ComputerNameSuffixRandomCharCount = 12; + Credential = $Credscredential; + DisplayName = "Domain Join"; + Ensure = "Present"; + OrganizationalUnit = "OU=workstation,CN=domain,CN=com"; + SupportsScopeTags = $True; + } + IntuneDeviceConfigurationEmailProfilePolicyWindows10 'Example' + { + AccountName = "Corp email2"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "email"; + DurationOfEmailToSync = "unlimited"; + EmailAddressSource = "primarySmtpAddress"; + EmailSyncSchedule = "fifteenMinutes"; + Ensure = "Present"; + HostName = "outlook.office365.com"; + RequireSsl = $True; + SyncCalendar = $True; + SyncContacts = $True; + SyncTasks = $True; + } + IntuneDeviceConfigurationEndpointProtectionPolicyWindows10 'Example' + { + ApplicationGuardAllowFileSaveOnHost = $True; + ApplicationGuardAllowPersistence = $True; + ApplicationGuardAllowPrintToLocalPrinters = $True; + ApplicationGuardAllowPrintToNetworkPrinters = $True; + ApplicationGuardAllowPrintToPDF = $True; + ApplicationGuardAllowPrintToXPS = $True; + ApplicationGuardAllowVirtualGPU = $True; + ApplicationGuardBlockClipboardSharing = "blockContainerToHost"; + ApplicationGuardBlockFileTransfer = "blockImageFile"; + ApplicationGuardBlockNonEnterpriseContent = $True; + ApplicationGuardCertificateThumbprints = @(); + ApplicationGuardEnabled = $True; + ApplicationGuardEnabledOptions = "enabledForEdge"; + ApplicationGuardForceAuditing = $True; + AppLockerApplicationControl = "enforceComponentsStoreAppsAndSmartlocker"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + BitLockerAllowStandardUserEncryption = $True; + BitLockerDisableWarningForOtherDiskEncryption = $True; + BitLockerEnableStorageCardEncryptionOnMobile = $True; + BitLockerEncryptDevice = $True; + BitLockerFixedDrivePolicy = MSFT_MicrosoftGraphbitLockerFixedDrivePolicy{ + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $True + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $True + RecoveryPasswordUsage = 'allowed' + } + RequireEncryptionForWriteAccess = $True + EncryptionMethod = 'xtsAes128' + }; + BitLockerRecoveryPasswordRotation = "notConfigured"; + BitLockerRemovableDrivePolicy = MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy{ + RequireEncryptionForWriteAccess = $True + BlockCrossOrganizationWriteAccess = $True + EncryptionMethod = 'aesCbc128' + }; + BitLockerSystemDrivePolicy = MSFT_MicrosoftGraphbitLockerSystemDrivePolicy{ + PrebootRecoveryEnableMessageAndUrl = $True + StartupAuthenticationTpmPinUsage = 'allowed' + EncryptionMethod = 'xtsAes128' + StartupAuthenticationTpmPinAndKeyUsage = 'allowed' + StartupAuthenticationRequired = $True + RecoveryOptions = MSFT_MicrosoftGraphBitLockerRecoveryOptions{ + RecoveryInformationToStore = 'passwordAndKey' + HideRecoveryOptions = $False + BlockDataRecoveryAgent = $True + RecoveryKeyUsage = 'allowed' + EnableBitLockerAfterRecoveryInformationToStore = $True + EnableRecoveryInformationSaveToStore = $False + RecoveryPasswordUsage = 'allowed' + } + StartupAuthenticationTpmUsage = 'allowed' + StartupAuthenticationTpmKeyUsage = 'allowed' + StartupAuthenticationBlockWithoutTpmChip = $False + }; + Credential = $Credscredential; + DefenderAdditionalGuardedFolders = @(); + DefenderAdobeReaderLaunchChildProcess = "notConfigured"; + DefenderAdvancedRansomewareProtectionType = "notConfigured"; + DefenderAttackSurfaceReductionExcludedPaths = @(); + DefenderBlockPersistenceThroughWmiType = "userDefined"; + DefenderEmailContentExecution = "userDefined"; + DefenderEmailContentExecutionType = "userDefined"; + DefenderExploitProtectionXml = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxNaXRpZ2F0aW9uUG9saWN5Pg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IkFjcm9SZDMyLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJBY3JvUmQzMkluZm8uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImNsdmlldy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iY25mbm90MzIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImV4Y2VsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJleGNlbGNudi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iRXh0RXhwb3J0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJncmFwaC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iaWU0dWluaXQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllaW5zdGFsLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJpZWxvd3V0aWwuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImllVW5hdHQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9ImlleHBsb3JlLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJseW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2FjY2Vzcy5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNjb3JzdncuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zZmVlZHNzeW5jLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc2h0YS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvYWRmc2IuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb2FzYi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNvaHRtZWQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3NyZWMuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im1zb3htbGVkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJtc3B1Yi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ibXNxcnkzMi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iTXNTZW5zZS5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgICA8SW1hZ2VMb2FkIFByZWZlclN5c3RlbTMyPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VuLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJuZ2VudGFzay5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZS5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ib25lbm90ZW0uZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9Im9yZ2NoYXJ0LmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJvdXRsb29rLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJwb3dlcnBudC5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUHJlc2VudGF0aW9uSG9zdC5leGUiPg0KICAgIDxERVAgRW5hYmxlPSJ0cnVlIiBFbXVsYXRlQXRsVGh1bmtzPSJmYWxzZSIgLz4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIEJvdHRvbVVwPSJ0cnVlIiBIaWdoRW50cm9weT0idHJ1ZSIgLz4NCiAgICA8U0VIT1AgRW5hYmxlPSJ0cnVlIiBUZWxlbWV0cnlPbmx5PSJmYWxzZSIgLz4NCiAgICA8SGVhcCBUZXJtaW5hdGVPbkVycm9yPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJQcmludERpYWxvZy5leGUiPg0KICAgIDxFeHRlbnNpb25Qb2ludHMgRGlzYWJsZUV4dGVuc2lvblBvaW50cz0idHJ1ZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0iUmRyQ0VGLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJSZHJTZXJ2aWNlc1VwZGF0ZXIuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InJ1bnRpbWVicm9rZXIuZXhlIj4NCiAgICA8RXh0ZW5zaW9uUG9pbnRzIERpc2FibGVFeHRlbnNpb25Qb2ludHM9InRydWUiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5vc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNjYW5wc3QuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNkeGhlbHBlci5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQogIDxBcHBDb25maWcgRXhlY3V0YWJsZT0ic2VsZmNlcnQuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9InNldGxhbmcuZXhlIj4NCiAgICA8QVNMUiBGb3JjZVJlbG9jYXRlSW1hZ2VzPSJ0cnVlIiBSZXF1aXJlSW5mbz0iZmFsc2UiIC8+DQogIDwvQXBwQ29uZmlnPg0KICA8QXBwQ29uZmlnIEV4ZWN1dGFibGU9IlN5c3RlbVNldHRpbmdzLmV4ZSI+DQogICAgPEV4dGVuc2lvblBvaW50cyBEaXNhYmxlRXh0ZW5zaW9uUG9pbnRzPSJ0cnVlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3aW53b3JkLmV4ZSI+DQogICAgPEFTTFIgRm9yY2VSZWxvY2F0ZUltYWdlcz0idHJ1ZSIgUmVxdWlyZUluZm89ImZhbHNlIiAvPg0KICA8L0FwcENvbmZpZz4NCiAgPEFwcENvbmZpZyBFeGVjdXRhYmxlPSJ3b3JkY29udi5leGUiPg0KICAgIDxBU0xSIEZvcmNlUmVsb2NhdGVJbWFnZXM9InRydWUiIFJlcXVpcmVJbmZvPSJmYWxzZSIgLz4NCiAgPC9BcHBDb25maWc+DQo8L01pdGlnYXRpb25Qb2xpY3k+"; + DefenderExploitProtectionXmlFileName = "Settings.xml"; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderGuardedFoldersAllowedAppPaths = @(); + DefenderGuardMyFoldersType = "auditMode"; + DefenderNetworkProtectionType = "enable"; + DefenderOfficeAppsExecutableContentCreationOrLaunch = "userDefined"; + DefenderOfficeAppsExecutableContentCreationOrLaunchType = "userDefined"; + DefenderOfficeAppsLaunchChildProcess = "userDefined"; + DefenderOfficeAppsLaunchChildProcessType = "userDefined"; + DefenderOfficeAppsOtherProcessInjection = "userDefined"; + DefenderOfficeAppsOtherProcessInjectionType = "userDefined"; + DefenderOfficeCommunicationAppsLaunchChildProcess = "notConfigured"; + DefenderOfficeMacroCodeAllowWin32Imports = "userDefined"; + DefenderOfficeMacroCodeAllowWin32ImportsType = "userDefined"; + DefenderPreventCredentialStealingType = "enable"; + DefenderProcessCreation = "userDefined"; + DefenderProcessCreationType = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderScriptDownloadedPayloadExecution = "userDefined"; + DefenderScriptDownloadedPayloadExecutionType = "userDefined"; + DefenderScriptObfuscatedMacroCode = "userDefined"; + DefenderScriptObfuscatedMacroCodeType = "userDefined"; + DefenderSecurityCenterBlockExploitProtectionOverride = $False; + DefenderSecurityCenterDisableAccountUI = $False; + DefenderSecurityCenterDisableClearTpmUI = $True; + DefenderSecurityCenterDisableFamilyUI = $False; + DefenderSecurityCenterDisableHardwareUI = $True; + DefenderSecurityCenterDisableHealthUI = $False; + DefenderSecurityCenterDisableNetworkUI = $False; + DefenderSecurityCenterDisableNotificationAreaUI = $False; + DefenderSecurityCenterDisableRansomwareUI = $False; + DefenderSecurityCenterDisableVirusUI = $False; + DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $True; + DefenderSecurityCenterHelpEmail = "me@domain.com"; + DefenderSecurityCenterHelpPhone = "yes"; + DefenderSecurityCenterITContactDisplay = "displayInAppAndInNotifications"; + DefenderSecurityCenterNotificationsFromApp = "blockNoncriticalNotifications"; + DefenderSecurityCenterOrganizationDisplayName = "processes.exe"; + DefenderUntrustedExecutable = "userDefined"; + DefenderUntrustedExecutableType = "userDefined"; + DefenderUntrustedUSBProcess = "userDefined"; + DefenderUntrustedUSBProcessType = "userDefined"; + DeviceGuardEnableSecureBootWithDMA = $True; + DeviceGuardEnableVirtualizationBasedSecurity = $True; + DeviceGuardLaunchSystemGuard = "notConfigured"; + DeviceGuardLocalSystemAuthorityCredentialGuardSettings = "enableWithoutUEFILock"; + DeviceGuardSecureBootWithDMA = "notConfigured"; + DisplayName = "endpoint protection legacy - dsc v2.0"; + DmaGuardDeviceEnumerationPolicy = "deviceDefault"; + Ensure = "Present"; + FirewallCertificateRevocationListCheckMethod = "deviceDefault"; + FirewallIPSecExemptionsAllowDHCP = $False; + FirewallIPSecExemptionsAllowICMP = $False; + FirewallIPSecExemptionsAllowNeighborDiscovery = $False; + FirewallIPSecExemptionsAllowRouterDiscovery = $False; + FirewallIPSecExemptionsNone = $False; + FirewallPacketQueueingMethod = "deviceDefault"; + FirewallPreSharedKeyEncodingMethod = "deviceDefault"; + FirewallProfileDomain = MSFT_MicrosoftGraphwindowsFirewallNetworkProfile{ + PolicyRulesFromGroupPolicyNotMerged = $False + InboundNotificationsBlocked = $True + OutboundConnectionsRequired = $True + GlobalPortRulesFromGroupPolicyNotMerged = $True + ConnectionSecurityRulesFromGroupPolicyNotMerged = $True + UnicastResponsesToMulticastBroadcastsRequired = $True + PolicyRulesFromGroupPolicyMerged = $False + UnicastResponsesToMulticastBroadcastsBlocked = $False + IncomingTrafficRequired = $False + IncomingTrafficBlocked = $True + ConnectionSecurityRulesFromGroupPolicyMerged = $False + StealthModeRequired = $False + InboundNotificationsRequired = $False + AuthorizedApplicationRulesFromGroupPolicyMerged = $False + InboundConnectionsBlocked = $True + OutboundConnectionsBlocked = $False + StealthModeBlocked = $True + GlobalPortRulesFromGroupPolicyMerged = $False + SecuredPacketExemptionBlocked = $False + SecuredPacketExemptionAllowed = $False + InboundConnectionsRequired = $False + FirewallEnabled = 'allowed' + AuthorizedApplicationRulesFromGroupPolicyNotMerged = $True + }; + FirewallRules = @( + MSFT_MicrosoftGraphwindowsFirewallRule{ + Action = 'allowed' + InterfaceTypes = 'notConfigured' + DisplayName = 'ICMP' + TrafficDirection = 'in' + ProfileTypes = 'domain' + EdgeTraversal = 'notConfigured' + } + ); + LanManagerAuthenticationLevel = "lmNtlmAndNtlmV2"; + LanManagerWorkstationDisableInsecureGuestLogons = $False; + LocalSecurityOptionsAdministratorElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $False; + LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $False; + LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $False; + LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $True; + LocalSecurityOptionsAllowUIAccessApplicationElevation = $False; + LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $False; + LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $True; + LocalSecurityOptionsBlockMicrosoftAccounts = $True; + LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $True; + LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $True; + LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $True; + LocalSecurityOptionsClearVirtualMemoryPageFile = $True; + LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $False; + LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $False; + LocalSecurityOptionsDisableAdministratorAccount = $True; + LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $False; + LocalSecurityOptionsDisableGuestAccount = $True; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $False; + LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $False; + LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $True; + LocalSecurityOptionsDoNotRequireCtrlAltDel = $True; + LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $False; + LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = "administrators"; + LocalSecurityOptionsHideLastSignedInUser = $False; + LocalSecurityOptionsHideUsernameAtSignIn = $False; + LocalSecurityOptionsInformationDisplayedOnLockScreen = "notConfigured"; + LocalSecurityOptionsInformationShownOnLockScreen = "notConfigured"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = "none"; + LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = "none"; + LocalSecurityOptionsOnlyElevateSignedExecutables = $False; + LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $True; + LocalSecurityOptionsSmartCardRemovalBehavior = "lockWorkstation"; + LocalSecurityOptionsStandardUserElevationPromptBehavior = "notConfigured"; + LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $False; + LocalSecurityOptionsUseAdminApprovalMode = $False; + LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $False; + LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $False; + SmartScreenBlockOverrideForFiles = $True; + SmartScreenEnableInShell = $True; + SupportsScopeTags = $True; + UserRightsAccessCredentialManagerAsTrustedCaller = MSFT_MicrosoftGraphdeviceManagementUserRightsSetting{ + State = 'allowed' + LocalUsersOrGroups = @( + MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup{ + Name = 'NT AUTHORITY\Local service' + SecurityIdentifier = '*S-1-5-19' + } + ) + }; + WindowsDefenderTamperProtection = "enable"; + XboxServicesAccessoryManagementServiceStartupMode = "manual"; + XboxServicesEnableXboxGameSaveTask = $True; + XboxServicesLiveAuthManagerServiceStartupMode = "manual"; + XboxServicesLiveGameSaveServiceStartupMode = "manual"; + XboxServicesLiveNetworkingServiceStartupMode = "manual"; + } + IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Bluetooth = "notConfigured"; + BootFromBuiltInNetworkAdapters = "notConfigured"; + BootFromExternalMedia = "notConfigured"; + Cameras = "enabled"; + ChangeUefiSettingsPermission = "notConfiguredOnly"; + Credential = $Credscredential; + DisplayName = "firmware"; + Ensure = "Present"; + FrontCamera = "enabled"; + InfraredCamera = "enabled"; + Microphone = "notConfigured"; + MicrophonesAndSpeakers = "enabled"; + NearFieldCommunication = "notConfigured"; + Radios = "enabled"; + RearCamera = "enabled"; + SdCard = "notConfigured"; + SimultaneousMultiThreading = "enabled"; + SupportsScopeTags = $True; + UsbTypeAPort = "notConfigured"; + VirtualizationOfCpuAndIO = "enabled"; + WakeOnLAN = "notConfigured"; + WakeOnPower = "notConfigured"; + WiFi = "notConfigured"; + WindowsPlatformBinaryTable = "enabled"; + WirelessWideAreaNetwork = "notConfigured"; + } + IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10 'Example' + { + AllowDeviceHealthMonitoring = "enabled"; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigDeviceHealthMonitoringScope = @("bootPerformance","windowsUpdates"); + Credential = $Credscredential; + DisplayName = "Health Monitoring Configuration"; + Ensure = "Present"; + SupportsScopeTags = $True; + } + IntuneDeviceConfigurationIdentityProtectionPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "identity protection"; + EnhancedAntiSpoofingForFacialFeaturesEnabled = $True; + Ensure = "Present"; + PinExpirationInDays = 5; + PinLowercaseCharactersUsage = "allowed"; + PinMaximumLength = 4; + PinMinimumLength = 4; + PinPreviousBlockCount = 3; + PinRecoveryEnabled = $True; + PinSpecialCharactersUsage = "allowed"; + PinUppercaseCharactersUsage = "allowed"; + SecurityDeviceRequired = $True; + SupportsScopeTags = $True; + UnlockWithBiometricsEnabled = $True; + UseCertificatesForOnPremisesAuthEnabled = $True; + UseSecurityKeyForSignin = $True; + WindowsHelloForBusinessBlocked = $False; + } + IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + Credential = $Credscredential; + DisplayName = "PKCS Imported"; + Ensure = "Present"; + IntendedPurpose = "unassigned"; + KeyStorageProvider = "useSoftwareKsp"; + RenewalThresholdPercentage = 50; + SubjectAlternativeNameType = "emailAddress"; + SubjectNameFormat = "commonName"; + } + IntuneDeviceConfigurationKioskPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "kiosk"; + EdgeKioskEnablePublicBrowsing = $False; + Ensure = "Present"; + KioskBrowserBlockedUrlExceptions = @(); + KioskBrowserBlockedURLs = @(); + KioskBrowserDefaultUrl = "http://bing.com"; + KioskBrowserEnableEndSessionButton = $False; + KioskBrowserEnableHomeButton = $True; + KioskBrowserEnableNavigationButtons = $False; + KioskProfiles = @( + MSFT_MicrosoftGraphwindowsKioskProfile{ + ProfileId = '17f9e980-3435-4bd5-a7a1-ca3c06d0bf2c' + UserAccountsConfiguration = @( + MSFT_MicrosoftGraphWindowsKioskUser{ + odataType = '#microsoft.graph.windowsKioskAutologon' + } + ) + ProfileName = 'profile' + AppConfiguration = MSFT_MicrosoftGraphWindowsKioskAppConfiguration{ + Win32App = MSFT_MicrosoftGraphWindowsKioskWin32App{ + EdgeNoFirstRun = $True + EdgeKiosk = 'https://domain.com' + ClassicAppPath = 'msedge.exe' + AutoLaunch = $False + StartLayoutTileSize = 'hidden' + AppType = 'unknown' + EdgeKioskType = 'publicBrowsing' + } + odataType = '#microsoft.graph.windowsKioskSingleWin32App' + } + } + ); + WindowsKioskForceUpdateSchedule = MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule{ + RunImmediatelyIfAfterStartDateTime = $False + StartDateTime = '2023-04-15T23:00:00.0000000+00:00' + DayofMonth = 1 + Recurrence = 'daily' + DayofWeek = 'sunday' + }; + } + IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisplayName = "network boundary"; + Ensure = "Present"; + SupportsScopeTags = $True; + WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{ + EnterpriseProxyServers = @() + EnterpriseInternalProxyServers = @() + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + EnterpriseNetworkDomainNames = @('domain.com') + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphIpRange1{ + UpperAddress = '1.1.1.255' + LowerAddress = '1.1.1.0' + odataType = '#microsoft.graph.iPv4Range' + } + ) + NeutralDomainResources = @() + }; + } + IntuneDeviceConfigurationPkcsCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateTemplateName = "Template DSC"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 1; + CertificationAuthority = "CA=Name"; + CertificationAuthorityName = "Test"; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'certificate.com' + } + ); + DisplayName = "PKCS"; + Ensure = "Present"; + KeyStorageProvider = "usePassportForWorkKspOtherwiseFail"; + RenewalThresholdPercentage = 20; + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + } + IntuneDeviceConfigurationPolicyAndroidDeviceAdministrator 'myAndroidDeviceAdmin' + { + DisplayName = 'Android device admin' + AppsBlockClipboardSharing = $True + AppsBlockCopyPaste = $True + AppsBlockYouTube = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + BluetoothBlocked = $True + CameraBlocked = $True + CellularBlockDataRoaming = $False + CellularBlockMessaging = $False + CellularBlockVoiceRoaming = $False + CellularBlockWiFiTethering = $False + CompliantAppListType = 'appsInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphAppListitem { + name = 'customApp' + publisher = 'google2' + appStoreUrl = 'https://appUrl.com' + appId = 'com.custom.google.com' + } + ) + DateAndTimeBlockChanges = $True + DeviceSharingAllowed = $False + DiagnosticDataBlockSubmission = $False + FactoryResetBlocked = $False + GoogleAccountBlockAutoSync = $False + GooglePlayStoreBlocked = $False + KioskModeBlockSleepButton = $False + KioskModeBlockVolumeButtons = $True + LocationServicesBlocked = $False + NfcBlocked = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $False + PasswordRequired = $True + PasswordRequiredType = 'numeric' + PowerOffBlocked = $False + RequiredPasswordComplexity = 'low' + ScreenCaptureBlocked = $False + SecurityRequireVerifyApps = $False + StorageBlockGoogleBackup = $False + StorageBlockRemovableStorage = $False + StorageRequireDeviceEncryption = $False + StorageRequireRemovableStorageEncryption = $True + VoiceAssistantBlocked = $False + VoiceDialingBlocked = $False + WebBrowserBlockAutofill = $False + WebBrowserBlocked = $False + WebBrowserBlockJavaScript = $False + WebBrowserBlockPopups = $False + WebBrowserCookieSettings = 'allowAlways' + WiFiBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidDeviceOwner 'myAndroidDeviceOwnerPolicy' + { + DisplayName = 'general confi - AndroidDeviceOwner' + Assignments = @() + AzureAdSharedDeviceDataClearApps = @() + CameraBlocked = $True + CrossProfilePoliciesAllowDataSharing = 'notConfigured' + EnrollmentProfile = 'notConfigured' + FactoryResetDeviceAdministratorEmails = @() + GlobalProxy = MSFT_MicrosoftGraphandroiddeviceownerglobalproxy { + odataType = '#microsoft.graph.androidDeviceOwnerGlobalProxyDirect' + host = 'myproxy.com' + port = 8083 + } + KioskCustomizationStatusBar = 'notConfigured' + KioskCustomizationSystemNavigation = 'notConfigured' + KioskModeAppPositions = @() + KioskModeApps = @() + KioskModeManagedFolders = @() + KioskModeUseManagedHomeScreenApp = 'notConfigured' + KioskModeWifiAllowedSsids = @() + MicrophoneForceMute = $True + NfcBlockOutgoingBeam = $True + PasswordBlockKeyguardFeatures = @() + PasswordRequiredType = 'deviceDefault' + PasswordRequireUnlock = 'deviceDefault' + PersonalProfilePersonalApplications = @() + PersonalProfilePlayStoreMode = 'notConfigured' + ScreenCaptureBlocked = $True + SecurityRequireVerifyApps = $True + StayOnModes = @() + StorageBlockExternalMedia = $True + SystemUpdateFreezePeriods = @( + MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod { + startMonth = 12 + startDay = 23 + endMonth = 12 + endDay = 30 + }) + VpnAlwaysOnLockdownMode = $False + VpnAlwaysOnPackageIdentifier = '' + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfilePasswordRequireUnlock = 'deviceDefault' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidOpenSourceProject 'myAndroidOpenSourceProjectPolicy' + { + DisplayName = 'aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + CameraBlocked = $False + FactoryResetBlocked = $True + PasswordRequiredType = 'deviceDefault' + ScreenCaptureBlocked = $True + StorageBlockExternalMedia = $True + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyAndroidWorkProfile '97ed22e9-1429-40dc-ab3c-0055e538383b' + { + DisplayName = 'Android Work Profile - Device Restrictions - Standard' + PasswordBlockFingerprintUnlock = $False + PasswordBlockTrustAgents = $False + PasswordMinimumLength = 6 + PasswordMinutesOfInactivityBeforeScreenTimeout = 15 + PasswordRequiredType = 'atLeastNumeric' + SecurityRequireVerifyApps = $True + WorkProfileBlockAddingAccounts = $True + WorkProfileBlockCamera = $False + WorkProfileBlockCrossProfileCallerId = $False + WorkProfileBlockCrossProfileContactsSearch = $False + WorkProfileBlockCrossProfileCopyPaste = $True + WorkProfileBlockNotificationsWhileDeviceLocked = $True + WorkProfileBlockScreenCapture = $True + WorkProfileBluetoothEnableContactSharing = $False + WorkProfileDataSharingType = 'allowPersonalToWork' + WorkProfileDefaultAppPermissionPolicy = 'deviceDefault' + WorkProfilePasswordBlockFingerprintUnlock = $False + WorkProfilePasswordBlockTrustAgents = $False + WorkProfilePasswordRequiredType = 'deviceDefault' + WorkProfileRequirePassword = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyiOS 'ConfigureDeviceConfigurationPolicyiOS' + { + DisplayName = 'iOS DSC Policy' + AccountBlockModification = $False + ActivationLockAllowWhenSupervised = $False + AirDropBlocked = $False + AirDropForceUnmanagedDropTarget = $False + AirPlayForcePairingPasswordForOutgoingRequests = $False + AppleNewsBlocked = $False + AppleWatchBlockPairing = $False + AppleWatchForceWristDetection = $False + AppStoreBlockAutomaticDownloads = $False + AppStoreBlocked = $False + AppStoreBlockInAppPurchases = $False + AppStoreBlockUIAppInstallation = $False + AppStoreRequirePassword = $False + AppsVisibilityList = @() + AppsVisibilityListType = 'none' + BluetoothBlockModification = $True + CameraBlocked = $False + CellularBlockDataRoaming = $False + CellularBlockGlobalBackgroundFetchWhileRoaming = $False + CellularBlockPerAppDataModification = $False + CellularBlockVoiceRoaming = $False + CertificatesBlockUntrustedTlsCertificates = $False + ClassroomAppBlockRemoteScreenObservation = $False + CompliantAppListType = 'none' + CompliantAppsList = @() + ConfigurationProfileBlockChanges = $False + DefinitionLookupBlocked = $False + Description = 'iOS Device Restriction Policy' + DeviceBlockEnableRestrictions = $True + DeviceBlockEraseContentAndSettings = $False + DeviceBlockNameModification = $False + DiagnosticDataBlockSubmission = $False + DiagnosticDataBlockSubmissionModification = $False + DocumentsBlockManagedDocumentsInUnmanagedApps = $False + DocumentsBlockUnmanagedDocumentsInManagedApps = $False + EmailInDomainSuffixes = @() + EnterpriseAppBlockTrust = $False + EnterpriseAppBlockTrustModification = $False + FaceTimeBlocked = $False + FindMyFriendsBlocked = $False + GameCenterBlocked = $False + GamingBlockGameCenterFriends = $True + GamingBlockMultiplayer = $False + HostPairingBlocked = $False + iBooksStoreBlocked = $False + iBooksStoreBlockErotica = $False + iCloudBlockActivityContinuation = $False + iCloudBlockBackup = $True + iCloudBlockDocumentSync = $True + iCloudBlockManagedAppsSync = $False + iCloudBlockPhotoLibrary = $False + iCloudBlockPhotoStreamSync = $True + iCloudBlockSharedPhotoStream = $False + iCloudRequireEncryptedBackup = $False + iTunesBlockExplicitContent = $False + iTunesBlockMusicService = $False + iTunesBlockRadio = $False + KeyboardBlockAutoCorrect = $False + KeyboardBlockPredictive = $False + KeyboardBlockShortcuts = $False + KeyboardBlockSpellCheck = $False + KioskModeAllowAssistiveSpeak = $False + KioskModeAllowAssistiveTouchSettings = $False + KioskModeAllowAutoLock = $False + KioskModeAllowColorInversionSettings = $False + KioskModeAllowRingerSwitch = $False + KioskModeAllowScreenRotation = $False + KioskModeAllowSleepButton = $False + KioskModeAllowTouchscreen = $False + KioskModeAllowVoiceOverSettings = $False + KioskModeAllowVolumeButtons = $False + KioskModeAllowZoomSettings = $False + KioskModeRequireAssistiveTouch = $False + KioskModeRequireColorInversion = $False + KioskModeRequireMonoAudio = $False + KioskModeRequireVoiceOver = $False + KioskModeRequireZoom = $False + LockScreenBlockControlCenter = $False + LockScreenBlockNotificationView = $False + LockScreenBlockPassbook = $False + LockScreenBlockTodayView = $False + MediaContentRatingApps = 'allAllowed' + messagesBlocked = $False + NotificationsBlockSettingsModification = $False + PasscodeBlockFingerprintUnlock = $False + PasscodeBlockModification = $False + PasscodeBlockSimple = $True + PasscodeMinimumLength = 4 + PasscodeRequired = $True + PasscodeRequiredType = 'deviceDefault' + PodcastsBlocked = $False + SafariBlockAutofill = $False + SafariBlocked = $False + SafariBlockJavaScript = $False + SafariBlockPopups = $False + SafariCookieSettings = 'browserDefault' + SafariManagedDomains = @() + SafariPasswordAutoFillDomains = @() + SafariRequireFraudWarning = $False + ScreenCaptureBlocked = $False + SiriBlocked = $False + SiriBlockedWhenLocked = $False + SiriBlockUserGeneratedContent = $False + SiriRequireProfanityFilter = $False + SpotlightBlockInternetResults = $False + VoiceDialingBlocked = $False + WallpaperBlockModification = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyMacOS 'myMacOSDevicePolicy' + { + DisplayName = 'MacOS device restriction' + AddingGameCenterFriendsBlocked = $True + AirDropBlocked = $False + AppleWatchBlockAutoUnlock = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + } + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = 'ea9199b8-3e6e-407b-afdc-e0943e0d3c20' + }) + CameraBlocked = $False + ClassroomAppBlockRemoteScreenObservation = $False + ClassroomAppForceUnpromptedScreenObservation = $False + ClassroomForceAutomaticallyJoinClasses = $False + ClassroomForceRequestPermissionToLeaveClasses = $False + ClassroomForceUnpromptedAppAndDeviceLock = $False + CompliantAppListType = 'appsNotInListCompliant' + CompliantAppsList = @( + MSFT_MicrosoftGraphapplistitemMacOS { + name = 'appname2' + publisher = 'publisher' + appId = 'bundle' + } + ) + ContentCachingBlocked = $False + DefinitionLookupBlocked = $True + EmailInDomainSuffixes = @() + EraseContentAndSettingsBlocked = $False + GameCenterBlocked = $False + ICloudBlockActivityContinuation = $False + ICloudBlockAddressBook = $False + ICloudBlockBookmarks = $False + ICloudBlockCalendar = $False + ICloudBlockDocumentSync = $False + ICloudBlockMail = $False + ICloudBlockNotes = $False + ICloudBlockPhotoLibrary = $False + ICloudBlockReminders = $False + ICloudDesktopAndDocumentsBlocked = $False + ICloudPrivateRelayBlocked = $False + ITunesBlockFileSharing = $False + ITunesBlockMusicService = $False + KeyboardBlockDictation = $False + KeychainBlockCloudSync = $False + MultiplayerGamingBlocked = $False + PasswordBlockAirDropSharing = $False + PasswordBlockAutoFill = $False + PasswordBlockFingerprintUnlock = $False + PasswordBlockModification = $False + PasswordBlockProximityRequests = $False + PasswordBlockSimple = $False + PasswordRequired = $False + PasswordRequiredType = 'deviceDefault' + PrivacyAccessControls = @( + MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem { + displayName = 'test' + identifier = 'test45' + identifierType = 'path' + codeRequirement = 'test' + blockCamera = $True + speechRecognition = 'notConfigured' + accessibility = 'notConfigured' + addressBook = 'enabled' + calendar = 'notConfigured' + reminders = 'notConfigured' + photos = 'notConfigured' + mediaLibrary = 'notConfigured' + fileProviderPresence = 'notConfigured' + systemPolicyAllFiles = 'notConfigured' + systemPolicySystemAdminFiles = 'notConfigured' + systemPolicyDesktopFolder = 'notConfigured' + systemPolicyDocumentsFolder = 'notConfigured' + systemPolicyDownloadsFolder = 'notConfigured' + systemPolicyNetworkVolumes = 'notConfigured' + systemPolicyRemovableVolumes = 'notConfigured' + postEvent = 'notConfigured' + } + ) + SafariBlockAutofill = $False + ScreenCaptureBlocked = $False + SoftwareUpdateMajorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateMinorOSDeferredInstallDelayInDays = 30 + SoftwareUpdateNonOSDeferredInstallDelayInDays = 30 + SoftwareUpdatesEnforcedDelayInDays = 30 + SpotlightBlockInternetResults = $False + UpdateDelayPolicy = @('delayOSUpdateVisibility', 'delayAppUpdateVisibility', 'delayMajorOsUpdateVisibility') + WallpaperModificationBlocked = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $False; + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } + IntuneDeviceConfigurationScepCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertificateStore = "user"; + CertificateValidityPeriodScale = "years"; + CertificateValidityPeriodValue = 5; + Credential = $Credscredential; + CustomSubjectAlternativeNames = @( + MSFT_MicrosoftGraphcustomSubjectAlternativeName{ + SanType = 'domainNameService' + Name = 'dns' + } + ); + DisplayName = "SCEP"; + Ensure = "Present"; + ExtendedKeyUsages = @( + MSFT_MicrosoftGraphextendedKeyUsage{ + ObjectIdentifier = '1.3.6.1.5.5.7.3.2' + Name = 'Client Authentication' + } + ); + HashAlgorithm = "sha2"; + KeySize = "size2048"; + KeyStorageProvider = "useTpmKspOtherwiseUseSoftwareKsp"; + KeyUsage = "digitalSignature"; + RenewalThresholdPercentage = 25; + ScepServerUrls = @("https://mydomain.com/certsrv/mscep/mscep.dll"); + SubjectAlternativeNameType = "none"; + SubjectNameFormat = "custom"; + SubjectNameFormatString = "CN={{UserName}},E={{EmailAddress}}"; + RootCertificateId = "169bf4fc-5914-40f4-ad33-48c225396183"; + } + IntuneDeviceConfigurationSecureAssessmentPolicyWindows10 'Example' + { + AllowPrinting = $True; + AllowScreenCapture = $True; + AllowTextSuggestion = $True; + AssessmentAppUserModelId = ""; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + ConfigurationAccount = "user@domain.com"; + ConfigurationAccountType = "azureADAccount"; + Credential = $Credscredential; + DisplayName = "Secure Assessment"; + Ensure = "Present"; + LaunchUri = "https://assessment.domain.com"; + LocalGuestAccountName = ""; + } + IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10 'Example' + { + AccountManagerPolicy = MSFT_MicrosoftGraphsharedPCAccountManagerPolicy{ + CacheAccountsAboveDiskFreePercentage = 50 + AccountDeletionPolicy = 'diskSpaceThreshold' + RemoveAccountsBelowDiskFreePercentage = 20 + }; + AllowedAccounts = @("guest","domain"); + AllowLocalStorage = $True; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + DisableAccountManager = $False; + DisableEduPolicies = $False; + DisablePowerPolicies = $False; + DisableSignInOnResume = $False; + DisplayName = "Shared Multi device"; + Enabled = $True; + Ensure = "Present"; + FastFirstSignIn = "notConfigured"; + IdleTimeBeforeSleepInSeconds = 60; + LocalStorage = "enabled"; + MaintenanceStartTime = "00:03:00"; + SetAccountManager = "enabled"; + SetEduPolicies = "enabled"; + SetPowerPolicies = "enabled"; + SignInOnResume = "enabled"; + } + IntuneDeviceConfigurationTrustedCertificatePolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + CertFileName = "RootCA.cer"; + Credential = $Credscredential; + DestinationStore = "computerCertStoreRoot"; + DisplayName = "Trusted Cert"; + Ensure = "Present"; + TrustedRootCertificate = "MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFowcDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEeMBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR57qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbBRucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55ErGOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgkoIQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJcPMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4FkYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdSVLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQcBOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA="; + } + IntuneDeviceConfigurationVpnPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AuthenticationMethod = "usernameAndPassword"; + ConnectionName = "Cisco VPN"; + ConnectionType = "ciscoAnyConnect"; + Credential = $Credscredential; + CustomXml = ""; + DisplayName = "VPN"; + DnsRules = @( + MSFT_MicrosoftGraphvpnDnsRule{ + Servers = @('10.0.1.10') + Name = 'NRPT rule' + Persistent = $True + AutoTrigger = $True + } + ); + DnsSuffixes = @("mydomain.com"); + EnableAlwaysOn = $True; + EnableConditionalAccess = $True; + EnableDnsRegistration = $True; + EnableSingleSignOnWithAlternateCertificate = $False; + EnableSplitTunneling = $False; + Ensure = "Present"; + ProfileTarget = "user"; + ProxyServer = MSFT_MicrosoftGraphwindows10VpnProxyServer{ + Port = 8081 + BypassProxyServerForLocalAddress = $True + AutomaticConfigurationScriptUrl = '' + Address = '10.0.10.100' + }; + RememberUserCredentials = $True; + ServerCollection = @( + MSFT_MicrosoftGraphvpnServer{ + IsDefaultServer = $True + Description = 'gateway1' + Address = '10.0.1.10' + } + ); + TrafficRules = @( + MSFT_MicrosoftGraphvpnTrafficRule{ + Name = 'VPN rule' + AppType = 'none' + LocalAddressRanges = @( + MSFT_MicrosoftGraphIPv4Range{ + UpperAddress = '10.0.2.240' + LowerAddress = '10.0.2.0' + } + ) + RoutingPolicyType = 'forceTunnel' + VpnTrafficDirection = 'outbound' + } + ); + TrustedNetworkDomains = @(); + } + IntuneDeviceConfigurationWindowsTeamPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ); + AzureOperationalInsightsBlockTelemetry = $True; + ConnectAppBlockAutoLaunch = $True; + Credential = $Credscredential; + DisplayName = "Device restrictions (Windows 10 Team)"; + Ensure = "Present"; + MaintenanceWindowBlocked = $False; + MaintenanceWindowDurationInHours = 1; + MaintenanceWindowStartTime = "00:00:00"; + MiracastBlocked = $True; + MiracastChannel = "oneHundredFortyNine"; + MiracastRequirePin = $True; + SettingsBlockMyMeetingsAndFiles = $True; + SettingsBlockSessionResume = $True; + SettingsBlockSigninSuggestions = $True; + SupportsScopeTags = $True; + WelcomeScreenBlockAutomaticWakeUp = $True; + WelcomeScreenMeetingInformation = "showOrganizerAndTimeOnly"; + } + IntuneDeviceConfigurationWiredNetworkPolicyWindows10 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + AuthenticationBlockPeriodInMinutes = 5 + AuthenticationMethod = 'usernameAndPassword' + AuthenticationPeriodInSeconds = 60 + AuthenticationRetryDelayPeriodInSeconds = 5 + AuthenticationType = 'machine' + CacheCredentials = $True + Credential = $Credscredential + DisplayName = 'Wired Network' + EapolStartPeriodInSeconds = 5 + EapType = 'teap' + Enforce8021X = $True + Ensure = 'Present' + MaximumAuthenticationFailures = 5 + MaximumEAPOLStartMessages = 5 + SecondaryAuthenticationMethod = 'certificate' + TrustedServerCertificateNames = @('srv.domain.com') + RootCertificatesForServerValidationIds = @('a485d322-13cd-43ef-beda-733f656f48ea', '169bf4fc-5914-40f4-ad33-48c225396183') + SecondaryIdentityCertificateForClientAuthenticationId = '0b9aef2f-1671-4260-8eb9-3ab3138e176a' + } + IntuneDeviceEnrollmentLimitRestriction 'DeviceEnrollmentLimitRestriction' + { + DisplayName = 'My DSC Limit' + Description = 'My Restriction' + Limit = 12 + Ensure = 'Present' + Credential = $Credscredential + } + IntuneDeviceEnrollmentPlatformRestriction 'DeviceEnrollmentPlatformRestriction' + { + AndroidForWorkRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + AndroidRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + }); + Credential = $Credscredential + Description = "This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership."; + DeviceEnrollmentConfigurationType = "platformRestrictions"; + DisplayName = "All users and all devices"; + Ensure = "Present"; + IosRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacOSRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + MacRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsHomeSkuRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + WindowsMobileRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $True + personalDeviceEnrollmentBlocked = $False + }; + WindowsRestriction = MSFT_DeviceEnrollmentPlatformRestriction{ + platformBlocked = $False + personalDeviceEnrollmentBlocked = $False + }; + } + IntuneDeviceEnrollmentStatusPageWindows10 '6b43c039-c1d0-4a9f-aab9-48c5531acbd6' + { + AllowDeviceResetOnInstallFailure = $True; + AllowDeviceUseOnInstallFailure = $True; + AllowLogCollectionOnInstallFailure = $True; + AllowNonBlockingAppInstallation = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + BlockDeviceSetupRetryByUser = $False; + CustomErrorMessage = "Setup could not be completed. Please try again or contact your support person for help."; + Description = "This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership."; + DisableUserStatusTrackingAfterFirstUser = $True; + DisplayName = "All users and all devices"; + Ensure = "Present"; + InstallProgressTimeoutInMinutes = 60; + InstallQualityUpdates = $False; + Priority = 0; + SelectedMobileAppIds = @(); + ShowInstallationProgress = $True; + TrackInstallProgressForAutopilotOnly = $True; + Credential = $Credscredential + } + IntuneEndpointDetectionAndResponsePolicyWindows10 'myEDRPolicy' + { + DisplayName = 'Edr Policy' + Assignments = @() + Description = 'My revised description' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneExploitProtectionPolicyWindows10SettingCatalog 'myWindows10ExploitProtectionPolicy' + { + DisplayName = 'exploit Protection policy with assignments' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = 'e8cbd84d-be6a-4b72-87f0-0e677541fda0' + }) + Description = '' + disallowexploitprotectionoverride = '1' + exploitprotectionsettings = " + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + " + Ensure = 'Present' + Credential = $Credscredential + } + IntunePolicySets 'Example' + { + Credential = $Credscredential; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.groupAssignmentTarget' + groupId = '12345678-1234-1234-1234-1234567890ab' + } + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '12345678-4321-4321-4321-1234567890ab' + } + ); + Description = "Example"; + DisplayName = "Example"; + Ensure = "Present"; + GuidedDeploymentTags = @(); + Items = @( + MSFT_DeviceManagementConfigurationPolicyItems{ + guidedDeploymentTags = @() + payloadId = 'T_12345678-90ab-90ab-90ab-1234567890ab' + displayName = 'Example-Policy' + dataType = '#microsoft.graph.managedAppProtectionPolicySetItem' + itemType = '#microsoft.graph.androidManagedAppProtection' + } + ); + RoleScopeTags = @("0","1"); + } + IntuneRoleAssignment 'IntuneRoleAssignment' + { + DisplayName = 'test2' + Description = 'test2' + Members = @('') + MembersDisplayNames = @('SecGroup2') + ResourceScopes = @('6eb76881-f56f-470f-be0d-672145d3dcb1') + ResourceScopesDisplayNames = @('') + ScopeType = 'resourceScope' + RoleDefinition = '2d00d0fd-45e9-4166-904f-b76ac5eed2c7' + RoleDefinitionDisplayName = 'This is my role' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneRoleDefinition 'IntuneRoleDefinition' + { + DisplayName = 'This is my role' + allowedResourceActions = @('Microsoft.Intune_Organization_Read', 'Microsoft.Intune_Roles_Create', 'Microsoft.Intune_Roles_Read', 'Microsoft.Intune_Roles_Update') + Description = 'My role defined by me.' + IsBuiltIn = $False + notallowedResourceActions = @() + roleScopeTagIds = @('0', '1') + Ensure = 'Present' + Credential = $Credscredential + } + IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' + { + DisplayName = 'asr 2' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + }) + attacksurfacereductiononlyexclusions = @('Test 10', 'Test2', 'Test3') + blockabuseofexploitedvulnerablesigneddrivers = 'block' + blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion = 'audit' + Description = 'Post' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneSettingCatalogCustomPolicyWindows10 'Example' + { + Credential = $Credscredential + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Description = ""; + Ensure = "Present"; + Name = "Setting Catalog Raw - DSC"; + Platforms = "windows10"; + Settings = @( + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration' + simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{ + odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + StringValue = '' + } + odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{ + SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{ + choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{ + Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1' + } + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection' + odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + } + } + ); + Technologies = "mdm"; + } + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator 'myWifiConfigAndroidDevicePolicy' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $True + DisplayName = 'Wifi Configuration Androind Device' + NetworkName = 'b71f8c63-8140-4c7e-b818-f9b4aa98b79b' + Ssid = 'sf' + WiFiSecurityType = 'wpaEnterprise' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner 'myWifiConfigAndroidDeviceOwnerPolicy' + { + DisplayName = 'Wifi - androidForWork' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'myNetwork' + PreSharedKeyIsSet = $True + ProxySettings = 'none' + Ssid = 'MySSID - 3' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile 'myWifiConfigAndroidWorkProfilePolicy' + { + DisplayName = 'wifi - android BYOD' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $False + NetworkName = 'f8b79489-84fc-4434-b964-2a18dfe08f88' + Ssid = 'MySSID' + WiFiSecurityType = 'open' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidForWork 'Example' + { + DisplayName = 'AndroindForWork' + Description = 'DSC' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + deviceAndAppManagementAssignmentFilterType = 'include' + deviceAndAppManagementAssignmentFilterId = '17cb2318-cd4f-4a66-b742-6b79d4966ac7' + groupId = 'b9b732df-9f18-4c5f-99d1-682e151ec62b' + collectionId = '2a8ea71f-039a-4ec8-8e41-5fba3ef9efba' + } + ) + ConnectAutomatically = $true + ConnectWhenNetworkNameIsHidden = $true + NetworkName = 'CorpNet' + Ssid = 'WiFi' + WiFiSecurityType = 'wpa2Enterprise' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyAndroidOpenSourceProject 'myWifiConfigAndroidOpensourcePolicy' + { + DisplayName = 'wifi aosp' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $False + ConnectWhenNetworkNameIsHidden = $True + NetworkName = 'aaaa' + PreSharedKeyIsSet = $True + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyIOS 'myWifiConfigIOSPolicy' + { + DisplayName = 'ios wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $True + DisableMacAddressRandomization = $True + NetworkName = 'aaaaa' + ProxyAutomaticConfigurationUrl = 'THSCP.local' + ProxySettings = 'automatic' + Ssid = 'aaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyMacOS 'myWifiConfigMacOSPolicy' + { + DisplayName = 'macos wifi' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectWhenNetworkNameIsHidden = $True + NetworkName = 'ea1cf5d7-8d3e-40ca-9cb8-b8c8a4c6170b' + ProxyAutomaticConfigurationUrl = 'AZ500PrivateEndpoint22' + ProxySettings = 'automatic' + Ssid = 'aaaaaaaaaaaaa' + WiFiSecurityType = 'wpaPersonal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWifiConfigurationPolicyWindows10 'myWifiConfigWindows10Policy' + { + DisplayName = 'win10 wifi - revised' + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ) + ConnectAutomatically = $True + ConnectToPreferredNetwork = $True + ConnectWhenNetworkNameIsHidden = $True + ForceFIPSCompliance = $True + MeteredConnectionLimit = 'fixed' + NetworkName = 'MyWifi' + ProxyAutomaticConfigurationUrl = 'https://proxy.contoso.com' + ProxySetting = 'automatic' + Ssid = 'ssid' + WifiSecurityType = 'wpa2Personal' + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example' + { + Assignments = @(); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = ""; + DeviceType = "windowsPc"; + DisplayName = "hybrid"; + EnableWhiteGlove = $True; + Ensure = "Present"; + ExtractHardwareHash = $False; + HybridAzureADJoinSkipConnectivityCheck = $True; + Language = "os-default"; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{ + HideEULA = $True + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $False + UserType = 'standard' + }; + } + IntuneWindowsAutopilotDeploymentProfileAzureADJoined 'Example' + { + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + Credential = $Credscredential; + Description = ""; + DeviceNameTemplate = "test"; + DeviceType = "windowsPc"; + DisplayName = "AAD"; + EnableWhiteGlove = $True; + Ensure = "Present"; + ExtractHardwareHash = $True; + Language = ""; + OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings1{ + HideEULA = $False + HideEscapeLink = $True + HidePrivacySettings = $True + DeviceUsageType = 'singleUser' + SkipKeyboardSelectionPage = $True + UserType = 'administrator' + }; + } + IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled 'Example' + { + DisplayName = 'WIP' + AzureRightsManagementServicesAllowed = $False + Description = 'DSC' + EnforcementLevel = 'encryptAndAuditOnly' + EnterpriseDomain = 'domain.co.uk' + EnterpriseIPRanges = @( + MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection { + DisplayName = 'ipv4 range' + Ranges = @( + MSFT_MicrosoftGraphIpRange { + UpperAddress = '1.1.1.3' + LowerAddress = '1.1.1.1' + odataType = '#microsoft.graph.iPv4Range' + } + ) + } + ) + EnterpriseIPRangesAreAuthoritative = $True + EnterpriseProxyServersAreAuthoritative = $True + IconsVisible = $False + IndexingEncryptedStoresOrItemsBlocked = $False + ProtectedApps = @( + MSFT_MicrosoftGraphwindowsInformationProtectionApp { + Description = 'Microsoft.MicrosoftEdge' + odataType = '#microsoft.graph.windowsInformationProtectionStoreApp' + Denied = $False + PublisherName = 'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' + ProductName = 'Microsoft.MicrosoftEdge' + DisplayName = 'Microsoft Edge' + } + ) + ProtectionUnderLockConfigRequired = $False + RevokeOnUnenrollDisabled = $False + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Feature -dsc' + Assignments = @() + Description = 'test 2' + FeatureUpdateVersion = 'Windows 10, version 22H2' + RolloutSettings = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings { + OfferStartDateTimeInUTC = '2023-02-03T16:00:00.0000000+00:00' + } + Ensure = 'Present' + Credential = $Credscredential + } + IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10 'Example' + { + DisplayName = 'WUfB Ring' + AllowWindows11Upgrade = $False + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments + { + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' + } + ) + AutomaticUpdateMode = 'autoInstallAtMaintenanceTime' + AutoRestartNotificationDismissal = 'notConfigured' + BusinessReadyUpdatesOnly = 'userDefined' + DeadlineForFeatureUpdatesInDays = 1 + DeadlineForQualityUpdatesInDays = 2 + DeadlineGracePeriodInDays = 3 + DeliveryOptimizationMode = 'userDefined' + Description = '' + DriversExcluded = $False + FeatureUpdatesDeferralPeriodInDays = 0 + FeatureUpdatesPaused = $False + FeatureUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + FeatureUpdatesRollbackWindowInDays = 10 + InstallationSchedule = MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType { + ActiveHoursStart = '08:00:00' + ActiveHoursEnd = '17:00:00' + odataType = '#microsoft.graph.windowsUpdateActiveHoursInstall' + } + MicrosoftUpdateServiceAllowed = $True + PostponeRebootUntilAfterDeadline = $False + PrereleaseFeatures = 'userDefined' + QualityUpdatesDeferralPeriodInDays = 0 + QualityUpdatesPaused = $False + QualityUpdatesPauseExpiryDateTime = '0001-01-01T00:00:00.0000000+00:00' + QualityUpdatesRollbackStartDateTime = '0001-01-01T00:00:00.0000000+00:00' + SkipChecksBeforeRestart = $False + UpdateNotificationLevel = 'defaultNotifications' + UserPauseAccess = 'enabled' + UserWindowsUpdateScanAccess = 'enabled' + Ensure = 'Present' + Credential = $Credscredential + } + } + } + + $ConfigurationData = @{ + AllNodes = @( + @{ + NodeName = "Localhost" + PSDSCAllowPlaintextPassword = $true + } + ) + } + + # Compile and deploy configuration + try + { + Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Start-DscConfiguration Master -Wait -Force -Verbose + } + catch + { + throw $_ + } From de4ed9f2d4b9b2c7c692c54b3a5f2f2a19701318 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Fri, 15 Dec 2023 14:04:38 +0000 Subject: [PATCH 14/58] Fix code coverage workflow --- .github/workflows/CodeCoverage.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/CodeCoverage.yml b/.github/workflows/CodeCoverage.yml index 12de9e7d3b..e636034445 100644 --- a/.github/workflows/CodeCoverage.yml +++ b/.github/workflows/CodeCoverage.yml @@ -18,6 +18,7 @@ jobs: shell: pwsh run: | Install-Module ReverseDSC -Force -Scope AllUsers + Install-Module DSCParser -Force -Scope AllUsers Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers Install-Module Pester -Force -SkipPublisherCheck -Scope AllUsers [System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine); From 711a8710cb9c94784a50d46d528087290a2599a7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 15 Dec 2023 09:41:48 -0500 Subject: [PATCH 15/58] Update Global - Integration - INTUNE.yml --- .github/workflows/Global - Integration - INTUNE.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Global - Integration - INTUNE.yml b/.github/workflows/Global - Integration - INTUNE.yml index f7f4b103c4..0c0a29fe94 100644 --- a/.github/workflows/Global - Integration - INTUNE.yml +++ b/.github/workflows/Global - Integration - INTUNE.yml @@ -47,8 +47,8 @@ jobs: - name: Run {Create} Integration Tests shell: powershell env: - PUBLIC_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} - PUBLIC_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} + INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} + INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} run: | $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword) From c6b809945b316b29ea93008a1de652ada0d69756 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 15 Dec 2023 09:50:03 -0500 Subject: [PATCH 16/58] Update Global - Integration - INTUNE.yml --- .github/workflows/Global - Integration - INTUNE.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Global - Integration - INTUNE.yml b/.github/workflows/Global - Integration - INTUNE.yml index 0c0a29fe94..42a0867527 100644 --- a/.github/workflows/Global - Integration - INTUNE.yml +++ b/.github/workflows/Global - Integration - INTUNE.yml @@ -14,7 +14,7 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v3 - name: Install Microsoft365DSC - shell: pwsh + shell: powershell run: | winrm quickconfig -force $source = "./Modules/Microsoft365DSC/" @@ -29,7 +29,7 @@ jobs: Set-M365DSCTelemetryOption -Enabled $false Set-Item -Path WSMan:\localhost\MaxEnvelopeSizekb -Value 99999 - name: Generate {Create} Integration Tests from Examples - shell: pwsh + shell: powershell run: | Import-Module './Tests/Integration/M365DSCTestEngine.psm1' New-M365DSCIntegrationTest -Workload INTUNE -Step '1-Create' @@ -45,7 +45,7 @@ jobs: $SHA = git rev-parse HEAD echo "commitid=$SHA" >> $env:GITHUB_OUTPUT - name: Run {Create} Integration Tests - shell: powershell + shell: pwsh env: INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} From c0cc049de200eeaa6c2913a40f2a0de95d387afe Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 15 Dec 2023 09:54:55 -0500 Subject: [PATCH 17/58] Update Global - Integration - INTUNE.yml --- .github/workflows/Global - Integration - INTUNE.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Global - Integration - INTUNE.yml b/.github/workflows/Global - Integration - INTUNE.yml index 42a0867527..5da21e227c 100644 --- a/.github/workflows/Global - Integration - INTUNE.yml +++ b/.github/workflows/Global - Integration - INTUNE.yml @@ -22,7 +22,7 @@ jobs: Copy-Item -Path $source -Recurse -Destination $destination -Container -Force Update-M365DSCDependencies - name: Configure Environment - shell: pwsh + shell: powershell run: | Set-ExecutionPolicy Unrestricted -Force Get-ChildItem "C:\Program Files\WindowsPowerShell\Modules" -Recurse | Unblock-File @@ -34,7 +34,7 @@ jobs: Import-Module './Tests/Integration/M365DSCTestEngine.psm1' New-M365DSCIntegrationTest -Workload INTUNE -Step '1-Create' - name: Commit {Create} Integration Tests - shell: pwsh + shell: powershell run: | git config --local user.email "nicharl@microsoft.com" git config --local user.name "NikCharlebois" @@ -45,7 +45,7 @@ jobs: $SHA = git rev-parse HEAD echo "commitid=$SHA" >> $env:GITHUB_OUTPUT - name: Run {Create} Integration Tests - shell: pwsh + shell: powershell env: INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} From 2b39cb45d58cbd9d5362b5e501c17822d34cae6c Mon Sep 17 00:00:00 2001 From: William-francillette Date: Fri, 15 Dec 2023 18:27:18 +0000 Subject: [PATCH 18/58] PR:IntuneDeviceEnrollmentPlatformRestriction - Fixes 3730 --- CHANGELOG.md | 6 ++++++ .../MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..1713271049 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceEnrollmentPlatformRestriction + * Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly + FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 40e5fe25fe..3091ac55e8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -326,10 +326,10 @@ function Set-TargetResource } $PSBoundParameters.add('@odata.type', $policyType) - Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) + #Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) $policy = New-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` - -BodyParameter $PSBoundParameters + -BodyParameter ([hashtable]$PSBoundParameters) #Assignments from DefaultPolicy are not editable and will raise an alert if ($policy.Id -notlike '*_DefaultPlatformRestrictions') @@ -384,9 +384,9 @@ function Set-TargetResource $policyType = '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } $PSBoundParameters.add('@odata.type', $policyType) - Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) + #Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` - -BodyParameter $PSBoundParameters ` + -BodyParameter ([hashtable]$PSBoundParameters) ` -DeviceEnrollmentConfigurationId $Identity #Assignments from DefaultPolicy are not editable and will raise an alert From 28e30df61e8ea6db9080cb349d40f1ddae411e18 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Fri, 15 Dec 2023 20:52:49 +0000 Subject: [PATCH 19/58] PR:IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled - Fixes 2932 --- CHANGELOG.md | 6 ++ ...nProtectionPolicyWindows10MdmEnrolled.psm1 | 82 ++++++++++++++++++- ...ctionPolicyWindows10MdmEnrolled.schema.mof | 11 +++ ...ectionPolicyWindows10MdmEnrolled.Tests.ps1 | 3 +- 4 files changed, 97 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..337a262fd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + * Added Assignments + FIXES [#2932](https://github.com/microsoft/Microsoft365DSC/issues/2932) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 1880045ecd..6658126546 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -101,6 +101,10 @@ function Get-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, #endregion [Parameter()] @@ -153,9 +157,15 @@ function Get-TargetResource $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' - $getValue = $null #region resource generator code - $getValue = Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ErrorAction SilentlyContinue + try + { + $getValue = Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $Id -ExpandProperty assignments -ErrorAction Stop + } + catch + { + $getValue = $null + } if ($null -eq $getValue) { @@ -166,11 +176,19 @@ function Get-TargetResource $getValue = Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy ` -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue + if ($getValue.count -gt 1) + { + throw ("Error: Ensure the displayName {$displayName} is unique.") + } + if (-not [String]::IsNullOrEmpty($getValue.Id)) + { + $getValue = Get-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -MdmWindowsInformationProtectionPolicyId $getValue.id -ExpandProperty assignments + } } } #endregion - if ($null -eq $getValue) + if ([String]::IsNullOrEmpty($getValue.Id)) { Write-Verbose -Message "Could not find an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with DisplayName {$DisplayName}" return $nullResult @@ -403,6 +421,10 @@ function Get-TargetResource Managedidentity = $ManagedIdentity.IsPresent #endregion } + if ($getValue.assignments.count -gt 0) + { + $results.Add('Assignments', (ConvertFrom-IntunePolicyAssignment -Assignments $getValue.assignments -IncludeDeviceFilter $false)) + } return [System.Collections.Hashtable] $results } @@ -520,6 +542,10 @@ function Set-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, #endregion [Parameter(Mandatory)] @@ -579,6 +605,7 @@ function Set-TargetResource { Write-Verbose -Message "Creating an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with DisplayName {$DisplayName}" + $PSBoundParameters.remove('Assignments') $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null @@ -595,11 +622,25 @@ function Set-TargetResource #region resource generator code $policy = New-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -BodyParameter $CreateParameters #endregion + + $assignmentsHash=@() + foreach($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mdmWindowsInformationProtectionPolicies' + } } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$($currentInstance.Id)}" + $PSBoundParameters.remove('Assignments') $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -620,6 +661,15 @@ function Set-TargetResource -MdmWindowsInformationProtectionPolicyId $currentInstance.Id ` -BodyParameter $UpdateParameters #endregion + + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceAppManagement/mdmWindowsInformationProtectionPolicies' } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { @@ -733,6 +783,10 @@ function Test-TargetResource [Parameter()] [System.String] $Description, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, #endregion [Parameter()] @@ -802,6 +856,11 @@ function Test-TargetResource -Source ($source) ` -Target ($target) + if($key -eq 'Assignments') + { + $testResult = Compare-M365DSCIntunePolicyAssignment -source $source -Target $target + } + if (-Not $testResult) { $testResult = $false @@ -1105,7 +1164,18 @@ function Export-TargetResource $Results.Remove('SmbAutoEncryptedFileExtensions') | Out-Null } } - + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` @@ -1155,6 +1225,10 @@ function Export-TargetResource { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'SmbAutoEncryptedFileExtensions' -IsCIMArray:$True } + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true + } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof index a2d1f0cfd6..d8eded9e60 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof @@ -1,3 +1,13 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate { @@ -79,6 +89,7 @@ class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_Ba [Write, Description("TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access")] String RightsManagementServicesTemplateId; [Write, Description("Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String SmbAutoEncryptedFileExtensions[]; [Write, Description("The policy's description.")] String Description; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 index 2d3dbfa363..d44aaa166d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.Tests.ps1 @@ -41,7 +41,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Remove-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -MockWith { } - + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } Mock -CommandName New-M365DSCConnection -MockWith { return 'Credentials' } From e64b1dcf9e518e56e7b9fb6c9f1fe0e305c40b7e Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 16 Dec 2023 12:25:14 +0000 Subject: [PATCH 20/58] format code --- ...tionProtectionPolicyWindows10MdmEnrolled.psm1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 6658126546..830b6cf864 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -605,7 +605,7 @@ function Set-TargetResource { Write-Verbose -Message "Creating an Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with DisplayName {$DisplayName}" - $PSBoundParameters.remove('Assignments') + $PSBoundParameters.remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null @@ -623,8 +623,8 @@ function Set-TargetResource $policy = New-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy -BodyParameter $CreateParameters #endregion - $assignmentsHash=@() - foreach($assignment in $Assignments) + $assignmentsHash = @() + foreach ($assignment in $Assignments) { $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } @@ -640,7 +640,7 @@ function Set-TargetResource { Write-Verbose -Message "Updating the Intune Windows Information Protection Policy for Windows10 Mdm Enrolled with Id {$($currentInstance.Id)}" - $PSBoundParameters.remove('Assignments') + $PSBoundParameters.remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters @@ -656,8 +656,8 @@ function Set-TargetResource } #region resource generator code - $UpdateParameters.Add("@odata.type", "#microsoft.graph.MdmWindowsInformationProtectionPolicy") - Update-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy ` + $UpdateParameters.Add('@odata.type', '#microsoft.graph.MdmWindowsInformationProtectionPolicy') + Update-MgBetaDeviceAppManagementMdmWindowsInformationProtectionPolicy ` -MdmWindowsInformationProtectionPolicyId $currentInstance.Id ` -BodyParameter $UpdateParameters #endregion @@ -856,9 +856,9 @@ function Test-TargetResource -Source ($source) ` -Target ($target) - if($key -eq 'Assignments') + if ($key -eq 'Assignments') { - $testResult = Compare-M365DSCIntunePolicyAssignment -source $source -Target $target + $testResult = Compare-M365DSCIntunePolicyAssignment -Source $source -Target $target } if (-Not $testResult) From 6dc7f8ab709a3c0c453ace7fb0eed7b613bed096 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 16 Dec 2023 13:10:22 +0000 Subject: [PATCH 21/58] changed assignments type --- ...indowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 | 2 +- ...InformationProtectionPolicyWindows10MdmEnrolled.schema.mof | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 index 830b6cf864..382ee4d4cd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.psm1 @@ -1166,7 +1166,7 @@ function Export-TargetResource } if ($Results.Assignments) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments if ($complexTypeStringResult) { $Results.Assignments = $complexTypeStringResult diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof index d8eded9e60..35950770e5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof @@ -1,5 +1,5 @@ [ClassVersion("1.0.0.0")] -class MSFT_DeviceManagementConfigurationPolicyAssignments +class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments { [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; @@ -89,7 +89,7 @@ class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_Ba [Write, Description("TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access")] String RightsManagementServicesTemplateId; [Write, Description("Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String SmbAutoEncryptedFileExtensions[]; [Write, Description("The policy's description.")] String Description; - [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From f6d155ed28ffbee29d2af0302db17d764d6f25bb Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Sat, 16 Dec 2023 13:52:21 +0000 Subject: [PATCH 22/58] Fix empty BaseUrl --- .../Modules/M365DSCDRGUtil.psm1 | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 8d740a1192..de7110ecd5 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1019,7 +1019,11 @@ function New-IntuneSettingCatalogPolicy try { - $BaseUrl = $Global:MSCloudLoginConnectionProfile.Intune.GraphBaseUrl + $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') + { + $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) + } $Uri = '$($BaseUrl)/beta/deviceManagement/configurationPolicies' $policy = @{ @@ -1083,7 +1087,11 @@ function Update-IntuneSettingCatalogPolicy try { - $BaseUrl = $Global:MSCloudLoginConnectionProfile.Intune.GraphBaseUrl + $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') + { + $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) + } $Uri = "$($BaseUrl)/beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" $policy = @{ @@ -1284,10 +1292,15 @@ function Update-DeviceConfigurationPolicyAssignment [System.String] $APIVersion = 'beta' ) + try { $deviceManagementPolicyAssignments = @() - $BaseUrl = $Global:MSCloudLoginConnectionProfile.Intune.GraphBaseUrl + $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') + { + $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) + } $Uri = "$($BaseUrl)/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) From 2568dc3d390d86d7313af45f8be690096c8148e6 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Sat, 16 Dec 2023 13:57:26 +0000 Subject: [PATCH 23/58] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..d893e8cb88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* M365DSCDRGUtil + * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload + FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 From 80366191e1f604db1a1931ff3ed231e0ad9f4145 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Sat, 16 Dec 2023 14:25:54 +0000 Subject: [PATCH 24/58] Add support to decrypt encrypted OmaSettings --- CHANGELOG.md | 6 ++ ...iceConfigurationCustomPolicyWindows10.psm1 | 18 ++++- .../Modules/M365DSCDRGUtil.psm1 | 68 +++++++++++++++++++ 3 files changed, 90 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..8bcd5cc158 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Add support to decrypt encrypted OmaSettings and export them in plaintext + FIXES [#3655](https://github.com/microsoft/Microsoft365DSC/issues/3655) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index 4ae11ab406..bf494f9a70 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -112,11 +112,25 @@ function Get-TargetResource foreach ($currentomaSettings in $getValue.AdditionalProperties.omaSettings) { $myomaSettings = @{} + + if ($currentomaSettings.isEncrypted -eq $true) + { + $SecretReferenceValueId = $currentomaSettings.secretReferenceValueId + $OmaSettingPlainTextValue = Get-OmaSettingPlainTextValue -SecretReferenceValueId $SecretReferenceValueId + if (![String]::IsNullOrEmpty($OmaSettingPlainTextValue)) + { + $currentomaSettings.value = $OmaSettingPlainTextValue + } + else + { + $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) + $myomaSettings.Add('SecretReferenceValueId', $currentomaSettings.secretReferenceValueId) + } + } + $myomaSettings.Add('Description', $currentomaSettings.description) $myomaSettings.Add('DisplayName', $currentomaSettings.displayName) - $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) $myomaSettings.Add('OmaUri', $currentomaSettings.omaUri) - $myomaSettings.Add('SecretReferenceValueId', $currentomaSettings.secretReferenceValueId) $myomaSettings.Add('FileName', $currentomaSettings.fileName) $myomaSettings.Add('Value', $currentomaSettings.value) if ($currentomaSettings.'@odata.type' -eq '#microsoft.graph.omaSettingInteger') diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 8d740a1192..28c9d8e6dd 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1326,3 +1326,71 @@ function Update-DeviceConfigurationPolicyAssignment return $null } } + +function Get-OmaSettingPlainTextValue +{ + [CmdletBinding()] + [OutputType([System.String])] + Param( + [Parameter(Mandatory = $true)] + [System.String] + $SecretReferenceValueId, + + [Parameter()] + [ValidateSet('v1.0', 'beta')] + [System.String] + $APIVersion = 'beta' + ) + + try + { + <# + e.g. PolicyId for SecretReferenceValueId '35ea58ec-2a79-471d-8eea-7e28e6cd2722_bdf6c690-05fb-4d02-835d-5a7406c35d58_abe32712-2255-445f-a35e-0c6f143d82ca' + is 'bdf6c690-05fb-4d02-835d-5a7406c35d58' + #> + $SplitSecretReferenceValueId = $SecretReferenceValueId.Split("_") + if ($SplitSecretReferenceValueId.Count -ne 3) + { + return $null + } + else + { + $PolicyId = $SplitSecretReferenceValueId[1] + } + } + catch + { + return $null + } + + $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') + { + $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) + } + $Repository = 'deviceManagement/deviceConfigurations' + $Uri = "{0}/{1}/{2}/{3}/getOmaSettingPlainTextValue(secretReferenceValueId='{4}')" -f $BaseUrl, $APIVersion, $Repository, $PolicyId, $SecretReferenceValueId + + try + { + $Result = Invoke-MgGraphRequest -Method GET -Uri $Uri -ErrorAction Stop + } + catch + { + $Message = "Error decrypting OmaSetting with SecretReferenceValueId {0}:" -f $SecretReferenceValueId + New-M365DSCLogEntry -Message $Message ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $null + } + + if (![String]::IsNullOrEmpty($Result.Value)) + { + return $Result.Value + } else { + return $null + } +} From 1067246e1484a1dc185c74a11b1f718380f4f803 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Sat, 16 Dec 2023 14:34:52 +0000 Subject: [PATCH 25/58] Reverse condition --- Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 28c9d8e6dd..ed976ce4c0 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1349,13 +1349,13 @@ function Get-OmaSettingPlainTextValue is 'bdf6c690-05fb-4d02-835d-5a7406c35d58' #> $SplitSecretReferenceValueId = $SecretReferenceValueId.Split("_") - if ($SplitSecretReferenceValueId.Count -ne 3) + if ($SplitSecretReferenceValueId.Count -eq 3) { - return $null + $PolicyId = $SplitSecretReferenceValueId[1] } else { - $PolicyId = $SplitSecretReferenceValueId[1] + return $null } } catch From 8304426d8b372f6e3613128bef320b56e0eae035 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Sat, 16 Dec 2023 14:35:58 +0000 Subject: [PATCH 26/58] Add back IsEncrypted property in all cases --- .../MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 index bf494f9a70..26369ba93e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1 @@ -123,13 +123,13 @@ function Get-TargetResource } else { - $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) $myomaSettings.Add('SecretReferenceValueId', $currentomaSettings.secretReferenceValueId) } } $myomaSettings.Add('Description', $currentomaSettings.description) $myomaSettings.Add('DisplayName', $currentomaSettings.displayName) + $myomaSettings.Add('IsEncrypted', $currentomaSettings.isEncrypted) $myomaSettings.Add('OmaUri', $currentomaSettings.omaUri) $myomaSettings.Add('FileName', $currentomaSettings.fileName) $myomaSettings.Add('Value', $currentomaSettings.value) From 7f2d84262de808311538b19ca49c3bdf8ce70f40 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 18 Dec 2023 13:09:57 +0000 Subject: [PATCH 27/58] Remove BaseUrl since it's not required --- .../Modules/M365DSCDRGUtil.psm1 | 21 +++---------------- 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index de7110ecd5..924a76a016 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1019,12 +1019,7 @@ function New-IntuneSettingCatalogPolicy try { - $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl - if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') - { - $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) - } - $Uri = '$($BaseUrl)/beta/deviceManagement/configurationPolicies' + $Uri = '/beta/deviceManagement/configurationPolicies' $policy = @{ 'name' = $Name @@ -1087,12 +1082,7 @@ function Update-IntuneSettingCatalogPolicy try { - $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl - if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') - { - $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) - } - $Uri = "$($BaseUrl)/beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" + $Uri = "/beta/deviceManagement/configurationPolicies/$DeviceConfigurationPolicyId" $policy = @{ 'name' = $Name @@ -1296,12 +1286,7 @@ function Update-DeviceConfigurationPolicyAssignment try { $deviceManagementPolicyAssignments = @() - $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl - if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') - { - $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) - } - $Uri = "$($BaseUrl)/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" + $Uri = "/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) { From b4e8fc2e012e32725003fb7889bc654b8621aff9 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Mon, 18 Dec 2023 14:11:01 +0000 Subject: [PATCH 28/58] Remove BaseUrl since it's not required --- Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index ed976ce4c0..5b61940a11 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -1363,13 +1363,8 @@ function Get-OmaSettingPlainTextValue return $null } - $BaseUrl = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl - if ($BaseUrl[$BaseUrl.Length - 1] -eq '/') - { - $BaseUrl = $BaseUrl.Substring(0, $BaseUrl.Length - 1) - } $Repository = 'deviceManagement/deviceConfigurations' - $Uri = "{0}/{1}/{2}/{3}/getOmaSettingPlainTextValue(secretReferenceValueId='{4}')" -f $BaseUrl, $APIVersion, $Repository, $PolicyId, $SecretReferenceValueId + $Uri = "/{0}/{1}/{2}/getOmaSettingPlainTextValue(secretReferenceValueId='{3}')" -f $APIVersion, $Repository, $PolicyId, $SecretReferenceValueId try { From a40423304535797593a79f479d79531e659a08c6 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 19 Dec 2023 09:20:51 +0000 Subject: [PATCH 29/58] fixed Test-TargetResource --- ...ntuneDeviceEnrollmentPlatformRestriction.psm1 | 16 +++------------- ...sAutopilotDeploymentProfileAzureADJoined.psm1 | 6 ------ 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 3091ac55e8..646a6fcdc3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -274,14 +274,7 @@ function Set-TargetResource #endregion $currentCategory = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - $PSBoundParameters.Remove('Verbose') | Out-Null + $PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $PSBoundParameters.Remove('Identity') | Out-Null if ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Absent') @@ -547,11 +540,8 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Identity') | Out-Null $ValuesToCheck.Remove('WindowsMobileRestriction') | Out-Null #Convert any DateTime to String diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 index ff01ef6f85..605ad7f2fd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined/MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined.psm1 @@ -591,12 +591,6 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Id') | Out-Null - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" From a79ec1560934a5d898e561c5077729403a150024 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 19 Dec 2023 12:11:25 +0000 Subject: [PATCH 30/58] Add support for remaining platforms --- CHANGELOG.md | 6 ++++++ ...eviceAndAppManagementAssignmentFilter.psm1 | 6 +++--- ...ndAppManagementAssignmentFilter.schema.mof | Bin 3714 -> 3716 bytes 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f48faddcf..f8663c6535 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceAndAppManagementAssignmentFilter + * Add support for remaining platforms supported by this policy + FIXES [#4065](https://github.com/microsoft/Microsoft365DSC/issues/4065) + # 1.23.1213.1 * IntuneEndpointDetectionAndResponsePolicyWindows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index 1832d0b5d5..6ef91c7036 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -17,7 +17,7 @@ function Get-TargetResource $Description, [Parameter()] - [ValidateSet('android', 'androidForWork', 'iOS', 'macOS', 'windowsPhone81', 'windows81AndLater', 'windows10AndLater', 'androidWorkProfile', 'unknown')] + [ValidateSet('android', 'androidForWork', 'iOS', 'macOS', 'windowsPhone81', 'windows81AndLater', 'windows10AndLater', 'androidWorkProfile', 'unknown', 'androidAOSP', 'androidMobileApplicationManagement', 'iOSMobileApplicationManagement', 'unknownFutureValue')] [System.String] $Platform, @@ -151,7 +151,7 @@ function Set-TargetResource $Description, [Parameter()] - [ValidateSet('android', 'androidForWork', 'iOS', 'macOS', 'windowsPhone81', 'windows81AndLater', 'windows10AndLater', 'androidWorkProfile', 'unknown')] + [ValidateSet('android', 'androidForWork', 'iOS', 'macOS', 'windowsPhone81', 'windows81AndLater', 'windows10AndLater', 'androidWorkProfile', 'unknown', 'androidAOSP', 'androidMobileApplicationManagement', 'iOSMobileApplicationManagement', 'unknownFutureValue')] [System.String] $Platform, @@ -256,7 +256,7 @@ function Test-TargetResource $Description, [Parameter()] - [ValidateSet('android', 'androidForWork', 'iOS', 'macOS', 'windowsPhone81', 'windows81AndLater', 'windows10AndLater', 'androidWorkProfile', 'unknown')] + [ValidateSet('android', 'androidForWork', 'iOS', 'macOS', 'windowsPhone81', 'windows81AndLater', 'windows10AndLater', 'androidWorkProfile', 'unknown', 'androidAOSP', 'androidMobileApplicationManagement', 'iOSMobileApplicationManagement', 'unknownFutureValue')] [System.String] $Platform, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.schema.mof index 22406bdaf345a92ffec2dca90d0a151c9e123225..0bf0874e65919f7d30c8384ee0cbc12a69e987e8 100644 GIT binary patch delta 296 zcmZpYZIRs&!pN+^pfEX*aXFaQXV#sp#FPPNZ(*tfu{Y~8%Q7-5OwMJ!KADM4gx!(B zpCOnbVDf)fac*CRe1;^3OokkW)XD!j#dUod5*hMj`m=#JpP?K`x-pajO)F(60-75Jv?B+|PMz$?rVn@UEVc@;gZbG#AwC27 nsEK12TtOP=9<(gnEgARiNLl{FMLk>eJLn=e@ zWK9-pkPKt(WJYe`$y#g@VD&|86(D-E6uS%~SRjpK7nly<+yka Date: Tue, 19 Dec 2023 09:06:16 -0500 Subject: [PATCH 31/58] Various Intune Related Fixes --- .../MSFT_IntuneAppConfigurationPolicy.psm1 | 2 +- ...MSFT_IntuneAppProtectionPolicyAndroid.psm1 | 30 +++++-------------- .../MSFT_IntuneAppProtectionPolicyiOS.psm1 | 11 ++++++- ...tionRulesPolicyWindows10ConfigManager.psm1 | 11 +++++-- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 2 +- .../MSFT_M365DSCRuleEvaluation.psm1 | 2 +- .../1-Create.ps1 | 2 +- .../2-Update.ps1 | 2 +- ...M365DSCIntegration.INTUNE.Create.Tests.ps1 | 10 +++---- 9 files changed, 35 insertions(+), 37 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index f23dcedeb0..e2fe67a6e1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -326,7 +326,7 @@ function Test-TargetResource Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - if ($null -ne $CurrentValues.CustomSettings -and $null -ne $CustomSettings) + if ($null -ne $CurrentValues.CustomSettings -and $CurrentValues.CustomSettings.Length -gt 0 -and $null -ne $CustomSettings) { $value = Test-M365DSCAppConfigurationPolicyCustomSetting -Current $CurrentValues.CustomSettings -Desired $CustomSettings if ($value -eq $false) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 index a2a3e83184..00d2809bc4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.psm1 @@ -246,8 +246,9 @@ function Get-TargetResource if ($null -eq $policyInfo) { Write-Verbose -Message "Searching for Policy using DisplayName {$DisplayName}" - $policyInfo = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -Filter "displayName eq '$DisplayName'" -ExpandProperty Apps, assignments ` - -ErrorAction Stop + $policyInfoArray = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -ExpandProperty Apps, assignments ` + -ErrorAction Stop -All:$true + $policyInfo = $policyInfoArray | Where-Object -FilterScript {$_.displayName -eq $DisplayName} } if ($null -eq $policyInfo) { @@ -628,10 +629,6 @@ function Set-TargetResource } } } - else - { - #write-host 'value' $param 'not specified' - } } # handle complex parameters - manually for now @@ -992,29 +989,22 @@ function Test-TargetResource Write-Verbose -Message ('Unspecified Parameter in Config: ' + $param + ' Current Value Will be retained: ' + $CurrentValues.$param) } } - + Write-Verbose -Message "Starting Assignments Check" # handle complex parameters - manually for now if ($PSBoundParameters.keys -contains 'Assignments' ) { $targetvalues.add('Assignments', $psboundparameters.Assignments) } - else - { - Write-Verbose -Message 'Unspecified Parameter in Config: Assignments - Current Value is:' $CurrentValues.Assignments ` - "`r`nNOTE: Assignments interacts with other values - not specifying may lead to unexpected output" - } + Write-Verbose -Message "Starting Exluded Groups Check" if ($PSBoundParameters.keys -contains 'ExcludedGroups' ) { $targetvalues.add('ExcludedGroups', $psboundparameters.ExcludedGroups) } - else - { - Write-Verbose -Message 'Unspecified Parameter in Config: ExcludedGroups - Current Value is:' $CurrentValues.ExcludedGroups ` - "`r`nNOTE: ExcludedGroups interacts with other values - not specifying may lead to unexpected output" - } # set the apps values + Write-Verbose -Message "AppGroupType: $AppGroupType" + Write-Verbose -Message "apps: $apps" $AppsHash = set-AppsHash -AppGroupType $AppGroupType -apps $apps $targetvalues.add('Apps', $AppsHash.Apps) $targetvalues.add('AppGroupType', $AppsHash.AppGroupType) @@ -1285,12 +1275,8 @@ function Set-ManagedBrowserValues # edge - edge, true, empty id strings # any app - not configured, false, empty strings # unmanaged browser not configured, true, strings must not be empty - - Write-Host 'Setting Managed Browser Properties' - if (!$ManagedBrowserToOpenLinksRequired) { - Write-Host 'Setting Managed Browser to Any App' $ManagedBrowser = 'notConfigured' $ManagedBrowserToOpenLinksRequired = $false $CustomBrowserDisplayName = '' @@ -1301,7 +1287,6 @@ function Set-ManagedBrowserValues { if (($CustomBrowserDisplayName -ne '') -and ($CustomBrowserPackageId -ne '')) { - Write-Host 'Setting Managed Browser to Custom Browser' $ManagedBrowser = 'notConfigured' $ManagedBrowserToOpenLinksRequired = $true $CustomBrowserDisplayName = $CustomBrowserDisplayName @@ -1309,7 +1294,6 @@ function Set-ManagedBrowserValues } else { - Write-Host 'Setting Managed Browser to Microsoft Edge' $ManagedBrowser = 'microsoftEdge' $ManagedBrowserToOpenLinksRequired = $true $CustomBrowserDisplayName = '' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 index d1ad6a0058..b5d2b73345 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppProtectionPolicyiOS/MSFT_IntuneAppProtectionPolicyiOS.psm1 @@ -725,7 +725,16 @@ function Set-TargetResource { if (-not [String]::IsNullOrEmpty($createParameters.$duration)) { - $createParameters.$duration = [TimeSpan]::parse($createParameters.$duration) + Write-Verbose -Message "Parsing {$($createParameters.$duration)} into TimeSpan" + if ($createParameters.$duration.startswith('P')) + { + $timespan = [System.Xml.XmlConvert]::ToTimeSpan($createParameters.$duration) + } + else + { + $timespan = [TimeSpan]$createParameters.$duration + } + $createParameters.$duration = $timespan } } $myExemptedAppProtocols = @() diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 index c06715c2da..50ba894304 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager/MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager.psm1 @@ -176,8 +176,10 @@ function Get-TargetResource try { #Retrieve policy general settings - $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop - + if (-not [System.String]::IsNullOrEmpty($Identity)) + { + $policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + } if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Policy {id: '$Identity'} was found" @@ -957,7 +959,10 @@ function Get-IntuneSettingCatalogPolicySetting -SettingValueName $settingValueName ` -SettingValueType $settingValueType ` -SettingValueTemplateId $settingValueTemplateId - $settingInstance += ($settingValue) + if ($null -ne $settingValue) + { + $settingInstance += [Hashtable]$settingValue + } $settingInstances += @{ '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting' diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index 7014110412..47699b2efa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -363,7 +363,7 @@ function Set-TargetResource if ($policy.id) { - Update-MgDeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index 01a227e082..41367ee930 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -203,7 +203,7 @@ function Test-TargetResource Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule." } - $result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0 + $result = ($instances.Length - $DSCConvertedInstances.Length) -eq 0 if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery)) { diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 index 2194ba0495..cb6919ab1d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/1-Create.ps1 @@ -18,7 +18,7 @@ Configuration Example { DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true + WindowsHelloForBusinessBlocked = $false PinMinimumLength = 5 PinSpecialCharactersUsage = 'required' Ensure = 'Present' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 index a337d210ae..f87d9a4e39 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicy/2-Update.ps1 @@ -18,7 +18,7 @@ Configuration Example { DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true + WindowsHelloForBusinessBlocked = $false PinMinimumLength = 10 # Updated Property PinSpecialCharactersUsage = 'required' Ensure = 'Present' diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 50109f3ff3..1d139f02b8 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -60,7 +60,7 @@ { DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true + WindowsHelloForBusinessBlocked = $false PinMinimumLength = 5 PinSpecialCharactersUsage = 'required' Ensure = 'Present' @@ -308,7 +308,7 @@ ManagedEmailProfileRequired = $True Ensure = 'Present' Credential = $Credscredential - + } IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' { @@ -412,7 +412,7 @@ { Name = 'hosted_app' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair { Name = 'user_script' @@ -446,7 +446,7 @@ Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' @@ -455,7 +455,7 @@ Id = '4d654df9-6826-470f-af4e-d37491663c76' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' From a03d49029b7df64b53be37a16e950b31e421f66c Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 14:18:13 +0000 Subject: [PATCH 32/58] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/intune/IntuneAccountProtectionPolicy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md b/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md index c9358fc50d..734b5707f4 100644 --- a/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md +++ b/docs/docs/resources/intune/IntuneAccountProtectionPolicy.md @@ -99,7 +99,7 @@ Configuration Example { DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true + WindowsHelloForBusinessBlocked = $false PinMinimumLength = 5 PinSpecialCharactersUsage = 'required' Ensure = 'Present' @@ -130,7 +130,7 @@ Configuration Example { DisplayName = 'test' deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured" - WindowsHelloForBusinessBlocked = $true + WindowsHelloForBusinessBlocked = $false PinMinimumLength = 10 # Updated Property PinSpecialCharactersUsage = 'required' Ensure = 'Present' From 78e74cc0e02fa0b2b954894625d5c37e23423b0d Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 14:20:27 +0000 Subject: [PATCH 33/58] Updated {Create} Intune Integration Tests --- .../M365DSCIntegration.INTUNE.Create.Tests.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 1d139f02b8..89fc69d581 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -308,7 +308,7 @@ ManagedEmailProfileRequired = $True Ensure = 'Present' Credential = $Credscredential - + } IntuneDeviceCompliancePolicyMacOS 'ConfigureDeviceCompliancePolicyMacOS' { @@ -412,7 +412,7 @@ { Name = 'hosted_app' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair { Name = 'user_script' @@ -446,7 +446,7 @@ Id = '14c48993-35af-4b77-a4f8-12de917b1bb9' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '98998e7f-cc2a-4d96-8c47-35dd4b2ce56b' @@ -455,7 +455,7 @@ Id = '4d654df9-6826-470f-af4e-d37491663c76' odataType = '#microsoft.graph.groupPolicyPresentationValueDecimal' } - + MSFT_IntuneGroupPolicyDefinitionValuePresentationValue { presentationDefinitionId = '6900e752-4bc3-463b-9fc8-36d78c77bc3e' From 5f45970c8afa475d8dae930f7f8d6fbb2920ab19 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 19 Dec 2023 14:21:23 +0000 Subject: [PATCH 34/58] . From 4662fbec042d44514425c4cc5fdc872e74f4a431 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Tue, 19 Dec 2023 14:52:27 +0000 Subject: [PATCH 35/58] fixed Test-TargetResource --- .../MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 | 2 +- ...ft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 646a6fcdc3..99eb5b034f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -510,7 +510,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 index ca9bef9034..7859f4063d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceEnrollmentPlatformRestriction.Tests.ps1 @@ -207,7 +207,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false + Test-TargetResource @testParams| Should -Be $false } It 'Should remove the restriction from the Set method' { From ce6ffa0ad389053a357f95b0017b551e7211514f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 14:54:40 +0000 Subject: [PATCH 36/58] Updated Resources and Cmdlet documentation pages --- ...ormationProtectionPolicyWindows10MdmEnrolled.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md index 0468a9ec8f..14b6868493 100644 --- a/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md +++ b/docs/docs/resources/intune/IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.md @@ -28,6 +28,7 @@ | **RightsManagementServicesTemplateId** | Write | String | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access | | | **SmbAutoEncryptedFileExtensions** | Write | MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[] | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary | | | **Description** | Write | String | The policy's description. | | +| **Assignments** | Write | MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | @@ -36,6 +37,19 @@ | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +### MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + ### MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate #### Parameters From 668f0474152eb944b3a6b0a8ff7ab52f11b69ef4 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 18:27:31 +0000 Subject: [PATCH 37/58] Updated Resources and Cmdlet documentation pages --- .../intune/IntuneDeviceAndAppManagementAssignmentFilter.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md b/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md index 3103693be7..2ec7e1ebf0 100644 --- a/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md +++ b/docs/docs/resources/intune/IntuneDeviceAndAppManagementAssignmentFilter.md @@ -7,7 +7,7 @@ | **DisplayName** | Key | String | DisplayName of the Assignment Filter. | | | **Identity** | Write | String | Key of the Assignment Filter. | | | **Description** | Write | String | Description of the Assignment Filter. | | -| **Platform** | Write | String | Platform type of the devices on which the Assignment Filter will be applicable. | `android`, `androidForWork`, `iOS`, `macOS`, `windowsPhone81`, `windows81AndLater`, `windows10AndLater`, `androidWorkProfile`, `unknown` | +| **Platform** | Write | String | Platform type of the devices on which the Assignment Filter will be applicable. | `android`, `androidForWork`, `iOS`, `macOS`, `windowsPhone81`, `windows81AndLater`, `windows10AndLater`, `androidWorkProfile`, `unknown`, `androidAOSP`, `androidMobileApplicationManagement`, `iOSMobileApplicationManagement`, `unknownFutureValue` | | **Rule** | Write | String | Rule definition of the Assignment Filter. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | From 53ed1fa1fed1b135b3ede3452b8c372f021cca02 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 19 Dec 2023 13:29:39 -0500 Subject: [PATCH 38/58] Added AAD Integration Tests --- .../workflows/Global - Integration - AAD.yml | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 .github/workflows/Global - Integration - AAD.yml diff --git a/.github/workflows/Global - Integration - AAD.yml b/.github/workflows/Global - Integration - AAD.yml new file mode 100644 index 0000000000..578aa03d01 --- /dev/null +++ b/.github/workflows/Global - Integration - AAD.yml @@ -0,0 +1,86 @@ +name: Global - Integration - AAD +on: [push] + +jobs: + Integration-Global-AAD: + # The type of runner that the job will run on + runs-on: windows-latest + + # Only when run from the main repo + if: github.repository == 'microsoft/Microsoft365DSC' + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + - name: Install Microsoft365DSC + shell: powershell + run: | + winrm quickconfig -force + $source = "./Modules/Microsoft365DSC/" + $destination = "C:\Program Files\WindowsPowerShell\Modules" + Copy-Item -Path $source -Recurse -Destination $destination -Container -Force + Update-M365DSCDependencies + - name: Configure Environment + shell: powershell + run: | + Set-ExecutionPolicy Unrestricted -Force + Get-ChildItem "C:\Program Files\WindowsPowerShell\Modules" -Recurse | Unblock-File + Set-M365DSCTelemetryOption -Enabled $false + Set-Item -Path WSMan:\localhost\MaxEnvelopeSizekb -Value 99999 + - name: Generate {Create} Integration Tests from Examples + shell: powershell + run: | + Import-Module './Tests/Integration/M365DSCTestEngine.psm1' + New-M365DSCIntegrationTest -Workload AAD -Step '1-Create' + - name: Commit {Create} Integration Tests + shell: powershell + run: | + git config --local user.email "nicharl@microsoft.com" + git config --local user.name "NikCharlebois" + git add D:/a/Microsoft365DSC/Microsoft365DSC/Tests/Integration/* + git pull + git commit -m "Updated {Create} AAD Integration Tests" + git push + $SHA = git rev-parse HEAD + echo "commitid=$SHA" >> $env:GITHUB_OUTPUT + - name: Run {Create} Integration Tests + shell: powershell + env: + INTEGRATION_USERNAME: ${{ secrets.INTEGRATION_USERNAME }} + INTEGRATION_PASSWORD: ${{ secrets.INTEGRATION_PASSWORD }} + run: | + $CredPassword = ConvertTo-SecureString $env:INTEGRATION_PASSWORD -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ($env:INTEGRATION_USERNAME, $CredPassword) + try + { + & .\Tests\Integration\Microsoft365DSC\M365DSCIntegration.AAD.Create.Tests.ps1 -Credential $Credential + } + catch + { + throw $_ + } + + try + { + $Result = Test-DSCConfiguration -Detailed -Verbose + } + catch + { + throw $_ + } + + if ($Result.InDesiredState -eq $false) + { + Write-Host -Message "Resources below are not in the Desired State:" + foreach ($Resource in $Result.ResourcesNotInDesiredState) + { + Write-Host $Resource.InstanceName + } + + throw "Could not validate that the Tenant is in the Desired State" + } + else + { + Write-Host "All resources in the Tenant are in the Desired State" + } From def1797b3c47b4667596bb7137c513692e938622 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 18:32:40 +0000 Subject: [PATCH 39/58] Updated {Create} AAD Integration Tests --- .../M365DSCIntegration.AAD.Create.Tests.ps1 | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 new file mode 100644 index 0000000000..5100100644 --- /dev/null +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -0,0 +1,42 @@ + param + ( + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential + ) + + Configuration Master + { + param + ( + [Parameter(Mandatory = $true)] + [System.Management.Automation.PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] + Node Localhost + { + } + } + + $ConfigurationData = @{ + AllNodes = @( + @{ + NodeName = "Localhost" + PSDSCAllowPlaintextPassword = $true + } + ) + } + + # Compile and deploy configuration + try + { + Master -ConfigurationData $ConfigurationData -Credscredential $Credential + Start-DscConfiguration Master -Wait -Force -Verbose + } + catch + { + throw $_ + } From 7a3d5584d12fff585929eabf304654d794272870 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 19 Dec 2023 14:12:09 -0500 Subject: [PATCH 40/58] Updated Integration Tests --- ...NewAdministrativeUnit.ps1 => 1-Create.ps1} | 1 - .../2-CreateNewAdministrativeUnit.ps1 | 50 --------- .../AADAdministrativeUnit/2-Update.ps1 | 29 +++++ .../AADAdministrativeUnit/3-Remove.ps1 | 26 +++++ ...nfigureAADApplication.ps1 => 1-Create.ps1} | 0 .../Resources/AADApplication/2-Update.ps1 | 55 +++++++++ .../Resources/AADApplication/3-Remove.ps1 | 24 ++++ ...DAttributeSet-Example.ps1 => 1-Create.ps1} | 0 .../Resources/AADAttributeSet/2-Update.ps1 | 28 +++++ .../Resources/AADAttributeSet/3-Remove.ps1 | 28 +++++ ...lassReference-Example.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 29 +++++ .../3-Remove.ps1 | 29 +++++ ...nMethodPolicy-Example.ps1 => 1-Create.ps1} | 12 +- .../2-Update.ps1 | 42 +++++++ .../3-Remove.ps1 | 27 +++++ ...Authenticator-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 85 ++++++++++++++ .../3-Remove.ps1 | 33 ++++++ ...odPolicyEmail-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 47 ++++++++ .../3-Remove.ps1 | 26 +++++ ...odPolicyFido2-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 53 +++++++++ .../3-Remove.ps1 | 25 +++++ ...thodPolicySms-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 46 ++++++++ .../3-Remove.ps1 | 25 +++++ ...olicySoftware-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 46 ++++++++ .../3-Remove.ps1 | 25 +++++ ...licyTemporary-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 51 +++++++++ .../3-Remove.ps1 | 25 +++++ ...odPolicyVoice-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 47 ++++++++ .../3-Remove.ps1 | 25 +++++ ...hodPolicyX509-Example.ps1 => 1-Create.ps1} | 10 +- .../2-Update.ps1 | 68 +++++++++++ .../3-Remove.ps1 | 25 +++++ ...trengthPolicy-Example.ps1 => 1-Create.ps1} | 6 + .../2-Update.ps1 | 27 +++++ .../3-Remove.ps1 | 25 +++++ ...ADAuthorizationPolicy.ps1 => 2-Update.ps1} | 0 .../AADAuthorizationPolicy/3-Remove.ps1 | 26 +++++ ...nditionalAccessPolicy.ps1 => 1-Create.ps1} | 1 - .../AADConditionalAccessPolicy/2-Update.ps1 | 57 ++++++++++ .../AADConditionalAccessPolicy/3-Remove.ps1 | 25 +++++ ...tAccessPolicy-Example.ps1 => 2-Update.ps1} | 0 .../AADCrossTenantAccessPolicy/3-Remove.ps1 | 26 +++++ ...rationDefault-Example.ps1 => 2-Update.ps1} | 0 .../3-Remove.ps1 | 24 ++++ ...rationPartner-Example.ps1 => 1-Create.ps1} | 22 ---- .../2-Update.ps1 | 66 +++++++++++ .../3-Remove.ps1 | 24 ++++ ...nagementAccessPackage.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 38 +++++++ .../3-Remove.ps1 | 24 ++++ ...ckageAssignmentPolicy.ps1 => 1-Create.ps1} | 1 - ...anagementAccessPackageAssignmentPolicy.ps1 | 106 ------------------ .../2-Update.ps1 | 56 +++++++++ .../3-Remove.ps1 | 24 ++++ ...tAccessPackageCatalog.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 29 +++++ .../3-Remove.ps1 | 24 ++++ ...ackageCatalogResource.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 33 ++++++ .../3-Remove.ps1 | 24 ++++ ...ConnectedOrganization.ps1 => 1-Create.ps1} | 1 - .../2-Update.ps1 | 35 ++++++ .../3-Remove.ps1 | 24 ++++ ...xternalIdentityPolicy.ps1 => 2-Update.ps1} | 4 +- ...{1-ConfigureAADGroups.ps1 => 1-Create.ps1} | 0 .../Examples/Resources/AADGroup/2-Update.ps1 | 30 +++++ .../AADGroup/3-ConfigureAADGroups.ps1 | 41 ------- .../Examples/Resources/AADGroup/3-Remove.ps1 | 24 ++++ ...eGroupLifecyclePolicy.ps1 => 2-Update.ps1} | 0 .../AADGroupLifecyclePolicy/3-Remove.ps1 | 24 ++++ ...ureGroupsNamingPolicy.ps1 => 2-Update.ps1} | 0 .../AADGroupsNamingPolicy/3-Remove.ps1 | 24 ++++ ...nfigureGroupsSettings.ps1 => 2-Update.ps1} | 0 .../Resources/AADGroupsSettings/3-Remove.ps1 | 24 ++++ ...ADNamedLocationPolicy.ps1 => 1-Create.ps1} | 9 -- .../AADNamedLocationPolicy/2-Update.ps1 | 27 +++++ .../AADNamedLocationPolicy/3-Remove.ps1 | 24 ++++ ...gureAADRoleDefinition.ps1 => 1-Create.ps1} | 0 .../Resources/AADRoleDefinition/2-Update.ps1 | 29 +++++ .../Resources/AADRoleDefinition/3-Remove.ps1 | 25 +++++ ...bilityScheduleRequest.ps1 => 1-Create.ps1} | 0 .../2-Update.ps1 | 38 +++++++ .../3-Remove.ps1 | 38 +++++++ ...nditionalAccessPolicy.ps1 => 1-Create.ps1} | 6 +- .../Resources/AADRoleSetting/2-Update.ps1 | 62 ++++++++++ .../Resources/AADRoleSetting/3-Remove.ps1 | 62 ++++++++++ ...nableSecurityDefaults.ps1 => 3-Remove.ps1} | 0 ...reAADServicePrincipal.ps1 => 1-Create.ps1} | 0 .../AADServicePrincipal/2-Update.ps1 | 37 ++++++ .../AADServicePrincipal/3-Remove.ps1 | 25 +++++ ...ntityProvider-Example.ps1 => 1-Create.ps1} | 0 .../AADSocialIdentityProvider/2-Update.ps1 | 29 +++++ .../AADSocialIdentityProvider/3-Remove.ps1 | 29 +++++ ...igureAADTenantDetails.ps1 => 2-Update.ps1} | 4 +- ...ADTokenLifetimePolicy.ps1 => 2-Update.ps1} | 0 .../AADTokenLifetimePolicy/3-Remove.ps1 | 24 ++++ .../{1-CreateNewAADUser.ps1 => 1-Create.ps1} | 3 +- .../{2-CreateNewAADUser.ps1 => 2-Update.ps1} | 7 +- .../3-Remove.ps1} | 14 +-- 107 files changed, 2241 insertions(+), 285 deletions(-) rename Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/{1-CreateNewAdministrativeUnit.ps1 => 1-Create.ps1} (90%) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADApplication/{1-ConfigureAADApplication.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADApplication/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/{1-AADAttributeSet-Example.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/{1-AADAuthenticationContextClassReference-Example.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/{1-AADAuthenticationMethodPolicy-Example.ps1 => 1-Create.ps1} (84%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/{1-AADAuthenticationMethodPolicyAuthenticator-Example.ps1 => 1-Create.ps1} (93%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/{1-AADAuthenticationMethodPolicyEmail-Example.ps1 => 1-Create.ps1} (83%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/{1-AADAuthenticationMethodPolicyFido2-Example.ps1 => 1-Create.ps1} (85%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/{1-AADAuthenticationMethodPolicySms-Example.ps1 => 1-Create.ps1} (83%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/{1-AADAuthenticationMethodPolicySoftware-Example.ps1 => 1-Create.ps1} (84%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/{1-AADAuthenticationMethodPolicyTemporary-Example.ps1 => 1-Create.ps1} (85%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/{1-AADAuthenticationMethodPolicyVoice-Example.ps1 => 1-Create.ps1} (84%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/{1-AADAuthenticationMethodPolicyX509-Example.ps1 => 1-Create.ps1} (89%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/{1-AADAuthenticationStrengthPolicy-Example.ps1 => 1-Create.ps1} (86%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/{1-ConfigureAADAuthorizationPolicy.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/{1-ConfigureAADConditionalAccessPolicy.ps1 => 1-Create.ps1} (97%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/{1-AADCrossTenantAccessPolicy-Example.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/{1-AADCrossTenantAccessPolicyConfigurationDefault-Example.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/{1-AADCrossTenantAccessPolicyConfigurationPartner-Example.ps1 => 1-Create.ps1} (71%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/{1-ConfigureAADEntitlementManagementAccessPackage.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/{1-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 => 1-Create.ps1} (96%) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/{1-ConfigureAADEntitlementManagementAccessPackageCatalog.ps1 => 1-Create.ps1} (91%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/{1-ConfigureAADEntitlementManagementAccessPackageCatalogResource.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/{Configure_ConnectedOrganization.ps1 => 1-Create.ps1} (94%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/{1-ConfigureExternalIdentityPolicy.ps1 => 2-Update.ps1} (86%) rename Modules/Microsoft365DSC/Examples/Resources/AADGroup/{1-ConfigureAADGroups.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/{1-ConfigureGroupLifecyclePolicy.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/{1-ConfigureGroupsNamingPolicy.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/{1-ConfigureGroupsSettings.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/{1-ConfigureAADNamedLocationPolicy.ps1 => 1-Create.ps1} (59%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/{1-ConfigureAADRoleDefinition.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/{1-CreateNewAADRoleEligibilityScheduleRequest.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/{1-ConfigureAADConditionalAccessPolicy.ps1 => 1-Create.ps1} (88%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADSecurityDefaults/{1-EnableSecurityDefaults.ps1 => 3-Remove.ps1} (100%) rename Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/{1-ConfigureAADServicePrincipal.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/{1-CreateSocialIdentityProvider-Example.ps1 => 1-Create.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/2-Update.ps1 create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/{1-ConfigureAADTenantDetails.ps1 => 2-Update.ps1} (88%) rename Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/{1-ConfigureAADTokenLifetimePolicy.ps1 => 2-Update.ps1} (100%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/3-Remove.ps1 rename Modules/Microsoft365DSC/Examples/Resources/AADUser/{1-CreateNewAADUser.ps1 => 1-Create.ps1} (87%) rename Modules/Microsoft365DSC/Examples/Resources/AADUser/{2-CreateNewAADUser.ps1 => 2-Update.ps1} (76%) rename Modules/Microsoft365DSC/Examples/Resources/{AADGroup/2-ConfigureAADGroups.ps1 => AADUser/3-Remove.ps1} (50%) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 similarity index 90% rename from Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 index 4cf799402b..c396955c60 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-CreateNewAdministrativeUnit.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 @@ -18,7 +18,6 @@ Configuration Example { AADAdministrativeUnit 'TestUnit' { - Id = '49a843c7-e80c-4bae-8819-825656a108f2' DisplayName = 'Test-Unit' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 deleted file mode 100644 index b67cb39319..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-CreateNewAdministrativeUnit.ps1 +++ /dev/null @@ -1,50 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADGroup 'TestGroup' - { - Id = '4b8bbe0f-2d9c-4a82-9f40-9e1717987102' - DisplayName = 'TestGroup' - MailNickname = 'TestGroup' - SecurityEnabled = $true - MailEnabled = $false - IsAssignableToRole = $true - Ensure = "Present" - Credential = $Credscredential - } - AADAdministrativeUnit 'TestUnit' - { - ID = 'Test-Unit' - DisplayName = 'Test-Unit' - ScopedRoleMembers = @( - MSFT_MicrosoftGraphScopedRoleMembership - { - RoleName = "User Administrator" - RoleMemberInfo = MSFT_MicrosoftGraphMember - { - Identity = "TestGroup" - Type = "Group" - } - } - ) - Ensure = 'Present' - Credential = $Credscredential - DependsOn = "[AADGroup]TestGroup" - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 new file mode 100644 index 0000000000..dde9416d5f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + MembershipRule = "(user.country -eq `"US`")" # Updated Property + MembershipRuleProcessingState = 'On' + MembershipType = 'Dynamic' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/3-Remove.ps1 new file mode 100644 index 0000000000..354f73cf2c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-ConfigureAADApplication.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-ConfigureAADApplication.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADApplication/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 new file mode 100644 index 0000000000..950f7c2813 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/2-Update.ps1 @@ -0,0 +1,55 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + AvailableToOtherTenants = $true # Updated Property + GroupMembershipClaims = "0" + Homepage = "https://app.contoso.com" + IdentifierUris = "https://app.contoso.com" + KnownClientApplications = "" + LogoutURL = "https://app.contoso.com/logout" + PublicClient = $false + ReplyURLs = "https://app.contoso.com" + Permissions = @( + MSFT_AADApplicationPermission + { + Name = 'User.Read' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $false + } + MSFT_AADApplicationPermission + { + Name = 'User.ReadWrite.All' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + MSFT_AADApplicationPermission + { + Name = 'User.Read.All' + Type = 'AppOnly' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + ) + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADApplication/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/3-Remove.ps1 new file mode 100644 index 0000000000..104eed381a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADApplication/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/1-AADAttributeSet-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/1-AADAttributeSet-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/2-Update.ps1 new file mode 100644 index 0000000000..52b8df2775 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/2-Update.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAttributeSet "AADAttributeSetTest" + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Present"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 300; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 new file mode 100644 index 0000000000..530ac0e032 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAttributeSet/3-Remove.ps1 @@ -0,0 +1,28 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAttributeSet "AADAttributeSetTest" + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Absent"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 300; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-AADAuthenticationContextClassReference-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 new file mode 100644 index 0000000000..b40aee5124 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthenticationContextClassReference "AADAuthenticationContextClassReference-Test" + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/3-Remove.ps1 new file mode 100644 index 0000000000..b562f75732 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationContextClassReference/3-Remove.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthenticationContextClassReference "AADAuthenticationContextClassReference-Test" + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Absent"; + Id = "c3"; + IsAvailable = $True; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-AADAuthenticationMethodPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 similarity index 84% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-AADAuthenticationMethodPolicy-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 index 55efb80fe2..5acccb80e7 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-AADAuthenticationMethodPolicy-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 @@ -5,14 +5,18 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; DisplayName = "Authentication Methods Policy"; Ensure = "Present"; @@ -31,8 +35,8 @@ Configuration Example ) State = 'default' } - }; - TenantId = $ConfigurationData.NonNodeData.TenantId; + }; + Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 new file mode 100644 index 0000000000..64fc96f46e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 @@ -0,0 +1,42 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" + { + Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + DisplayName = "Authentication Methods Policy"; + Ensure = "Present"; + Id = "authenticationMethodsPolicy"; + PolicyMigrationState = "migrationComplete"; # Updated Property + PolicyVersion = "1.4"; + RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ + AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ + SnoozeDurationInDays = 1 + IncludeTargets = @( + MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ + TargetedAuthenticationMethod = 'microsoftAuthenticator' + TargetType = 'group' + Id = 'all_users' + } + ) + State = 'default' + } + }; + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..4d2777f8cd --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/3-Remove.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" + { + Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + DisplayName = "Authentication Methods Policy"; + Ensure = "Absent"; + Id = "authenticationMethodsPolicy"; + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-AADAuthenticationMethodPolicyAuthenticator-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 similarity index 93% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-AADAuthenticationMethodPolicyAuthenticator-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 index fa1ac35012..c66b6d5b35 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-AADAuthenticationMethodPolicyAuthenticator-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 @@ -5,14 +5,18 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ @@ -75,7 +79,7 @@ Configuration Example ); IsSoftwareOathEnabled = $False; State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 new file mode 100644 index 0000000000..7eff428c5f --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -0,0 +1,85 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" + { + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + ); + FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ + DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + State = 'enabled' + } + NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + State = 'enabled' + } + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + State = 'enabled' + } + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup5' + TargetType = 'group' + } + State = 'enabled' + } + }; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/3-Remove.ps1 new file mode 100644 index 0000000000..9e646afa6e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/3-Remove.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" + { + Ensure = "Absent"; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-AADAuthenticationMethodPolicyEmail-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 similarity index 83% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-AADAuthenticationMethodPolicyEmail-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 index e5adc0cf43..61dedb8e2c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-AADAuthenticationMethodPolicyEmail-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 @@ -5,6 +5,12 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost @@ -12,8 +18,6 @@ Configuration Example AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" { AllowExternalIdToUseEmailOtp = "default"; - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ @@ -37,7 +41,7 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 new file mode 100644 index 0000000000..0a041e107a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" + { + AllowExternalIdToUseEmailOtp = "default"; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Email"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 new file mode 100644 index 0000000000..6ca6f1913c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" + { + Ensure = "Absent"; + Id = "Email"; + State = "disabled"; # Updated Property + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-AADAuthenticationMethodPolicyFido2-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 similarity index 85% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-AADAuthenticationMethodPolicyFido2-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 index f07f31cb01..17864228c2 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-AADAuthenticationMethodPolicyFido2-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 @@ -5,14 +5,18 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ @@ -43,7 +47,7 @@ Configuration Example AaGuids = @() }; State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 new file mode 100644 index 0000000000..721fb619ce --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 @@ -0,0 +1,53 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" + { + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Fido2"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + IsAttestationEnforced = $False; # Updated Property + IsSelfServiceRegistrationAllowed = $True; + KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ + IsEnforced = $False + EnforcementType = 'block' + AaGuids = @() + }; + State = "enabled"; + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/3-Remove.ps1 new file mode 100644 index 0000000000..373788d186 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" + { + Ensure = "Absent"; + Id = "Fido2"; + Credential = $credsCredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-AADAuthenticationMethodPolicySms-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 similarity index 83% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-AADAuthenticationMethodPolicySms-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 index 19938c2832..3ab54145e3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-AADAuthenticationMethodPolicySms-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 @@ -5,14 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ @@ -36,7 +41,6 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 new file mode 100644 index 0000000000..92d61483f7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 @@ -0,0 +1,46 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" + { + Credential = $credsCredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Sms"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/3-Remove.ps1 new file mode 100644 index 0000000000..14b220283c --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Sms"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-AADAuthenticationMethodPolicySoftware-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 similarity index 84% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-AADAuthenticationMethodPolicySoftware-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 index c0ff59838f..10c3805a05 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-AADAuthenticationMethodPolicySoftware-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 @@ -5,14 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ @@ -36,7 +41,6 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 new file mode 100644 index 0000000000..b87b2ab1e6 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 @@ -0,0 +1,46 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" + { + Credential = $credsCredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "SoftwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/3-Remove.ps1 new file mode 100644 index 0000000000..055f75fc9e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "SoftwareOath"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-AADAuthenticationMethodPolicyTemporary-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 similarity index 85% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-AADAuthenticationMethodPolicyTemporary-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 index a6609fe36a..1c6100181d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-AADAuthenticationMethodPolicyTemporary-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 @@ -5,14 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; DefaultLength = 8; DefaultLifetimeInMinutes = 60; Ensure = "Present"; @@ -41,7 +46,6 @@ Configuration Example MaximumLifetimeInMinutes = 480; MinimumLifetimeInMinutes = 60; State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 new file mode 100644 index 0000000000..f0571bf55b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 @@ -0,0 +1,51 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" + { + Credential = $credsCredential; + DefaultLength = 9; # Updated Property + DefaultLifetimeInMinutes = 60; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "TemporaryAccessPass"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + IsUsableOnce = $False; + MaximumLifetimeInMinutes = 480; + MinimumLifetimeInMinutes = 60; + State = "enabled"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/3-Remove.ps1 new file mode 100644 index 0000000000..151a54bf4b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "TemporaryAccessPass"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-AADAuthenticationMethodPolicyVoice-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 similarity index 84% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-AADAuthenticationMethodPolicyVoice-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 index faddfd0563..d8579ed1f2 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-AADAuthenticationMethodPolicyVoice-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 @@ -5,14 +5,19 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; Ensure = "Present"; Id = "Voice"; IsOfficePhoneAllowed = $False; @@ -37,7 +42,6 @@ Configuration Example } ); State = "disabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 new file mode 100644 index 0000000000..da8f05897a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 @@ -0,0 +1,47 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" + { + Credential = $credsCredential; + Ensure = "Present"; + Id = "Voice"; + IsOfficePhoneAllowed = $True; # Updated Property + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/3-Remove.ps1 new file mode 100644 index 0000000000..859ee2321e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Voice"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-AADAuthenticationMethodPolicyX509-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 similarity index 89% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-AADAuthenticationMethodPolicyX509-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index 5204438fba..ef65df08f4 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-AADAuthenticationMethodPolicyX509-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -5,19 +5,24 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; + Credential = $credsCredential; AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ Rules = @(@() ) X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' }; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 1 @@ -58,7 +63,6 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 new file mode 100644 index 0000000000..c1ee918b25 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 @@ -0,0 +1,68 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" + { + Credential = $credsCredential; + AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() + ) + X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + }; + CertificateUserBindings = @( + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 1 + UserProperty = 'onPremisesUserPrincipalName' + X509CertificateField = 'PrincipalName' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 2 + UserProperty = 'onPremisesUserPrincipalName' + X509CertificateField = 'RFC822Name' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 3 + UserProperty = 'certificateUserIds' + X509CertificateField = 'SubjectKeyIdentifier' + } + ); + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "X509Certificate"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/3-Remove.ps1 new file mode 100644 index 0000000000..ce1b97d528 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "X509Certificate"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/1-AADAuthenticationStrengthPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/1-Create.ps1 similarity index 86% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/1-AADAuthenticationStrengthPolicy-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/1-Create.ps1 index 5d3260eee2..41957eb493 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/1-AADAuthenticationStrengthPolicy-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/1-Create.ps1 @@ -5,6 +5,12 @@ It is not meant to use as a production baseline. Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/2-Update.ps1 new file mode 100644 index 0000000000..a7e0364755 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/2-Update.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationStrengthPolicy "AADAuthenticationStrengthPolicy-Example" + { + AllowedCombinations = @("windowsHelloForBusiness","fido2","deviceBasedPush"); # Updated Property + Description = "This is an example"; + DisplayName = "Example"; + Ensure = "Present"; + Credential = $Credscredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..48c8e61ab4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationStrengthPolicy/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationStrengthPolicy "AADAuthenticationStrengthPolicy-Example" + { + DisplayName = "Example"; + Ensure = "Absent"; + Credential = $Credscredential; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/1-ConfigureAADAuthorizationPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/1-ConfigureAADAuthorizationPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..cb52b6ee06 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthorizationPolicy 'AADAuthPol' + { + IsSingleInstance = 'Yes' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 similarity index 97% rename from Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 index da79502c41..b46d82b8bb 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-ConfigureAADConditionalAccessPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 @@ -17,7 +17,6 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - Id = '4b0bb08f-85ab-4a12-a12c-06114b6ac6df' DisplayName = 'Allin-example' BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 new file mode 100644 index 0000000000..6c724b690b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 @@ -0,0 +1,57 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $False # Updated Property + CloudAppSecurityType = 'MonitorOnly' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $true + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..667028b7bb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/1-AADCrossTenantAccessPolicy-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/1-AADCrossTenantAccessPolicy-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..f8c66bb0c1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicy/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicy "AADCrossTenantAccessPolicy" + { + AllowedCloudEndpoints = @("microsoftonline.us"); + Credential = $Credscredential; + DisplayName = "MyXTAPPolicy"; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/1-AADCrossTenantAccessPolicyConfigurationDefault-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/1-AADCrossTenantAccessPolicyConfigurationDefault-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/3-Remove.ps1 new file mode 100644 index 0000000000..9941723b9b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationDefault/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicyConfigurationDefault "AADCrossTenantAccessPolicyConfigurationDefault" + { + Credential = $Credscredential; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-AADCrossTenantAccessPolicyConfigurationPartner-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 similarity index 71% rename from Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-AADCrossTenantAccessPolicyConfigurationPartner-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 index 411ec82054..67eb65e4a6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-AADCrossTenantAccessPolicyConfigurationPartner-Example.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 @@ -46,19 +46,6 @@ Configuration Example } ) } - UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'My Test Group' - TargetType = 'group' - } - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'Bob.Houle@contoso.com' - TargetType = 'user' - } - ) - } } B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ @@ -70,15 +57,6 @@ Configuration Example } ) } - UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'blocked' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'John.Smith@contoso.com' - TargetType = 'user' - } - ) - } } Credential = $Credscredential; Ensure = "Present"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 new file mode 100644 index 0000000000..5bee8926db --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 @@ -0,0 +1,66 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" + { + B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'Office365' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllUsers' + TargetType = 'user' + } + ) + } + } + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + } + B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' # Updated Property + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + } + Credential = $Credscredential; + Ensure = "Present"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/3-Remove.ps1 new file mode 100644 index 0000000000..4598bcd52a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" + { + Credential = $Credscredential; + Ensure = "Absent"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-ConfigureAADEntitlementManagementAccessPackage.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-ConfigureAADEntitlementManagementAccessPackage.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 index 6455ac108f..0f39dee877 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-ConfigureAADEntitlementManagementAccessPackage.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { AADEntitlementManagementAccessPackage 'myAccessPackage' { - Id = '0133f3f9-a2da-4043-b336-aa396bf94a9c' DisplayName = 'General' AccessPackageResourceRoleScopes = @( MSFT_AccessPackageResourceRoleScope { diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 new file mode 100644 index 0000000000..a9c0bfc8f8 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + AccessPackageResourceRoleScopes = @( + MSFT_AccessPackageResourceRoleScope { + Id = 'e5b0c702-b949-4310-953e-2a51790722b8' + AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' + AccessPackageResourceRoleDisplayName = 'AccessPackageRole' + } + ) + CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' + Description = 'Entitlement Access Package Example' + IsHidden = $true # Updated Property + IsRoleScopesVisible = $true + IncompatibleAccessPackages = @() + AccessPackagesIncompatibleWith = @() + IncompatibleGroups = @() + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/3-Remove.ps1 new file mode 100644 index 0000000000..a71c4849f0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 similarity index 96% rename from Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 index 2913c65588..a5b31cb592 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/1-Create.ps1 @@ -32,7 +32,6 @@ Configuration Example Description = ""; DisplayName = "External tenant"; DurationInDays = 365; - Id = "0ae0bc7c-bae7-4e3b-9ed3-216b767efbb3"; RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ ApprovalMode = 'NoApproval' IsRequestorJustificationRequired = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 deleted file mode 100644 index c6fb6d6d04..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-ConfigureAADEntitlementManagementAccessPackageAssignmentPolicy.ps1 +++ /dev/null @@ -1,106 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADEntitlementManagementAccessPackageAssignmentPolicy "MyAssignmentPolicyWithQuestionsAndCulture" - { - AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; - CanExtend = $False; - Credential = $Credscredential - Description = "Initial Policy"; - DisplayName = "Initial Policy"; - DurationInDays = 365; - Ensure = "Present"; - Id = "d46bda47-ec8e-4b62-8d94-3cd13e267a61"; - Questions = @( - MSFT_MicrosoftGraphaccesspackagequestion{ - AllowsMultipleSelection = $False - Id = '8475d987-535d-43a1-a7d7-96b7fd0edda9' - QuestionText = MSFT_MicrosoftGraphaccesspackagelocalizedcontent{ - LocalizedTexts = @( - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - Text = 'My Question' - LanguageCode = 'en-GB' - } - - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - Text = 'Ma question' - LanguageCode = 'fr-FR' - } - ) - DefaultText = 'My question' - } - IsRequired = $True - Choices = @( - MSFT_MicrosoftGraphaccessPackageAnswerChoice{ - displayValue = MSFT_MicrosoftGraphaccessPackageLocalizedContent{ - localizedTexts = @( - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Yes' - languageCode = 'en-GB' - } - - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Oui' - languageCode = 'fr-FR' - } - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Ya' - languageCode = 'de' - } - ) - defaultText = 'Yes' - } - actualValue = 'Yes' - } - - MSFT_MicrosoftGraphaccessPackageAnswerChoice{ - displayValue = MSFT_MicrosoftGraphaccessPackageLocalizedContent{ - localizedTexts = @( - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'No' - languageCode = 'en-GB' - } - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Non' - languageCode = 'fr-FR' - } - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Nein' - languageCode = 'de' - } - ) - defaultText = 'No' - } - actualValue = 'No' - } - ) - Sequence = 0 - odataType = '#microsoft.graph.accessPackageMultipleChoiceQuestion' - } - ); - RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ - ApprovalMode = 'NoApproval' - IsRequestorJustificationRequired = $False - IsApprovalRequired = $False - IsApprovalRequiredForExtension = $False - }; - RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AcceptRequests = $False - ScopeType = 'NoSubjects' - }; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 new file mode 100644 index 0000000000..223ba9497a --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/2-Update.ps1 @@ -0,0 +1,56 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + { + AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ + IsEnabled = $True + StartDateTime = '12/17/2022 23:59:59' + IsAccessRecommendationEnabled = $True + AccessReviewTimeoutBehavior = 'keepAccess' + IsApprovalJustificationRequired = $True + ReviewerType = 'Self' + RecurrenceType = 'quarterly' + Reviewers = @() + DurationInDays = 25 + }; + CanExtend = $False; + Description = ""; + DisplayName = "External tenant"; + DurationInDays = 180; # Updated Property + RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ + ApprovalMode = 'NoApproval' + IsRequestorJustificationRequired = $False + IsApprovalRequired = $False + IsApprovalRequiredForExtension = $False + }; + RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ + AllowedRequestors = @( + MSFT_MicrosoftGraphuserset{ + IsBackup = $False + Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' + odataType = '#microsoft.graph.connectedOrganizationMembers' + } + ) + AcceptRequests = $True + ScopeType = 'SpecificConnectedOrganizationSubjects' + }; + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..747e49d08e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageAssignmentPolicy/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + { + DisplayName = "External tenant"; + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-ConfigureAADEntitlementManagementAccessPackageCatalog.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 similarity index 91% rename from Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-ConfigureAADEntitlementManagementAccessPackageCatalog.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 index 4f024557eb..fae71422d5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-ConfigureAADEntitlementManagementAccessPackageCatalog.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - Id = '7f66090e-11d2-4868-bc13-df98a327077d' DisplayName = 'General' CatalogStatus = 'Published' CatalogType = 'ServiceDefault' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 new file mode 100644 index 0000000000..38127ab97b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'General' + CatalogStatus = 'Published' + CatalogType = 'ServiceDefault' + Description = 'Built-in catalog.' + IsExternallyVisible = $False # Updated Property + Managedidentity = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 new file mode 100644 index 0000000000..6529f1c087 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalog/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-ConfigureAADEntitlementManagementAccessPackageCatalogResource.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-ConfigureAADEntitlementManagementAccessPackageCatalogResource.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 index febf099a4b..bf302be3e6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-ConfigureAADEntitlementManagementAccessPackageCatalogResource.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/1-Create.ps1 @@ -16,7 +16,6 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - Id = 'a694d6c3-57cb-4cb1-b32b-07bf1325df8e' DisplayName = 'Communication site' AddedBy = 'admin@contoso.onmicrosoft.com' AddedOn = '05/11/2022 16:21:15' diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 new file mode 100644 index 0000000000..cce7f22a0e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/2-Update.ps1 @@ -0,0 +1,33 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + AddedBy = 'admin@contoso.onmicrosoft.com' + AddedOn = '05/11/2022 16:21:15' + CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' + Description = 'https://contoso.sharepoint.com/' + IsPendingOnboarding = $False # Updated Property + OriginId = 'https://contoso.sharepoint.com/' + OriginSystem = 'SharePointOnline' + ResourceType = 'SharePoint Online Site' + Url = 'https://contoso.sharepoint.com/' + Ensure = 'Present' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/3-Remove.ps1 new file mode 100644 index 0000000000..ff7e3443b3 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackageCatalogResource/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/Configure_ConnectedOrganization.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 similarity index 94% rename from Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/Configure_ConnectedOrganization.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 index 1db51fbd70..f4772ccf44 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/Configure_ConnectedOrganization.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/1-Create.ps1 @@ -19,7 +19,6 @@ Configuration Example Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); - Id = "12345678-1234-1234-1234-123456789012"; IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ ExternalTenantId = "12345678-1234-1234-1234-123456789012" diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 new file mode 100644 index 0000000000..59e893bec8 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/2-Update.ps1 @@ -0,0 +1,35 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + Description = "this is the tenant partner - Updated"; # Updated Property + DisplayName = "Test Tenant - DSC"; + ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + IdentitySources = @( + MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ + ExternalTenantId = "12345678-1234-1234-1234-123456789012" + DisplayName = 'Contoso' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + } + ); + InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + State = "configured"; + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/3-Remove.ps1 new file mode 100644 index 0000000000..cf45043c10 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementConnectedOrganization/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + DisplayName = "Test Tenant - DSC"; + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/1-ConfigureExternalIdentityPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/2-Update.ps1 similarity index 86% rename from Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/1-ConfigureExternalIdentityPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/2-Update.ps1 index 69bcc10cc8..d722519c05 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/1-ConfigureExternalIdentityPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADExternalIdentityPolicy/2-Update.ps1 @@ -9,7 +9,7 @@ Configuration Example ( [Parameter(Mandatory = $true)] [PSCredential] - $credsAdmin + $credsCredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -20,7 +20,7 @@ Configuration Example { AllowDeletedIdentitiesDataRemoval = $False; AllowExternalIdentitiesToLeave = $True; - Credential = $CredsAdmin; + Credential = $credsCredential; IsSingleInstance = "Yes"; } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-ConfigureAADGroups.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-ConfigureAADGroups.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADGroup/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 new file mode 100644 index 0000000000..a2f4d5c942 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-Update.ps1 @@ -0,0 +1,30 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroup 'MyGroups' + { + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group Updated" # Updated Property + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Visibility = "Private" + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 deleted file mode 100644 index 7da83ee1bf..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-ConfigureAADGroups.ps1 +++ /dev/null @@ -1,41 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADGroup 'MyGroups1' - { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group" - SecurityEnabled = $True - MailEnabled = $False - GroupTypes = @() - MailNickname = "M365DSCG" - Ensure = "Present" - Credential = $Credscredential - } - AADGroup 'MyGroups2' - { - DisplayName = "DSCMemberGroup" - Description = "Microsoft DSC Editor" - SecurityEnabled = $True - MailEnabled = $False - GroupTypes = @() - MailNickname = "M365DSCMG" - Ensure = "Present" - MemberOf = @("DSCGroup") - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 new file mode 100644 index 0000000000..dd1ce51204 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroup 'MyGroups' + { + DisplayName = "DSCGroup" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/1-ConfigureGroupLifecyclePolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/1-ConfigureGroupLifecyclePolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 new file mode 100644 index 0000000000..fa46c7de5e --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupLifecyclePolicy 'GroupLifecyclePolicy' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/1-ConfigureGroupsNamingPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/1-ConfigureGroupsNamingPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..e07d6dbeeb --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupsNamingPolicy/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupsNamingPolicy 'GroupsNamingPolicy' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/1-ConfigureGroupsSettings.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/1-ConfigureGroupsSettings.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/3-Remove.ps1 new file mode 100644 index 0000000000..6fc6a4be3b --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupsSettings/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupsSettings 'GeneralGroupsSettings' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-ConfigureAADNamedLocationPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 similarity index 59% rename from Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-ConfigureAADNamedLocationPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 index 6f3f3f214b..ee96d8b039 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-ConfigureAADNamedLocationPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/1-Create.ps1 @@ -23,14 +23,5 @@ Configuration Example Ensure = "Present" Credential = $Credscredential } - AADNamedLocationPolicy 'AllowedCountries' - { - CountriesAndRegions = @("GH", "AX", "DZ", "AI", "AM") - DisplayName = "Allowed Countries" - IncludeUnknownCountriesAndRegions = $False - OdataType = "#microsoft.graph.countryNamedLocation" - Ensure = "Present" - Credential = $Credscredential - } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 new file mode 100644 index 0000000000..24c3405382 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/2-Update.ps1 @@ -0,0 +1,27 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + IpRanges = @("2.1.1.1/32", "1.2.2.2/32") + IsTrusted = $False # Updated Property + OdataType = "#microsoft.graph.ipNamedLocation" + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/3-Remove.ps1 new file mode 100644 index 0000000000..7020b1c2ae --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADNamedLocationPolicy/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/1-ConfigureAADRoleDefinition.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/1-ConfigureAADRoleDefinition.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/2-Update.ps1 new file mode 100644 index 0000000000..e7db69e5e9 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleDefinition 'AADRoleDefinition1' + { + DisplayName = "DSCRole1" + Description = "DSC created role definition" + ResourceScopes = "/" + IsEnabled = $false # Updated Property + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" + Version = "1.0" + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 new file mode 100644 index 0000000000..79f5c4f43d --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleDefinition 'AADRoleDefinition1' + { + IsEnabled = $true + DisplayName = "DSCRole1" + Ensure = "Update" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-CreateNewAADRoleEligibilityScheduleRequest.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-CreateNewAADRoleEligibilityScheduleRequest.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 new file mode 100644 index 0000000000..3532161553 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/2-Update.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleEligibilityScheduleRequest "MyRequest" + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Present"; + IsValidationOnly = $True; # Updated Property + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/3-Remove.ps1 new file mode 100644 index 0000000000..6fff4548fc --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleEligibilityScheduleRequest/3-Remove.ps1 @@ -0,0 +1,38 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleEligibilityScheduleRequest "MyRequest" + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Absent"; + IsValidationOnly = $True; # Updated Property + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-ConfigureAADConditionalAccessPolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 similarity index 88% rename from Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-ConfigureAADConditionalAccessPolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 index d95f672db7..e603f34d31 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-ConfigureAADConditionalAccessPolicy.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/1-Create.ps1 @@ -30,11 +30,9 @@ Configuration Example ActiveAssigneeNotificationAdditionalRecipient = @(); ActiveAssigneeNotificationDefaultRecipient = $True; ActiveAssigneeNotificationOnlyCritical = $False; - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; ApprovaltoActivate = $False; AssignmentReqJustification = $True; AssignmentReqMFA = $False; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Displayname = "Application Administrator"; ElegibilityAssignmentReqJustification = $False; ElegibilityAssignmentReqMFA = $False; @@ -55,10 +53,10 @@ Configuration Example EligibleAssignmentAssigneeNotificationOnlyCritical = $False; ExpireActiveAssignment = "P180D"; ExpireEligibleAssignment = "P365D"; - Id = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3"; PermanentActiveAssignmentisExpirationRequired = $False; PermanentEligibleAssignmentisExpirationRequired = $False; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $Credscredential + Ensure = 'Present' } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/2-Update.ps1 new file mode 100644 index 0000000000..2c6292e400 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/2-Update.ps1 @@ -0,0 +1,62 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Present' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 new file mode 100644 index 0000000000..1553543bfe --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleSetting/3-Remove.ps1 @@ -0,0 +1,62 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Absent' + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADSecurityDefaults/1-EnableSecurityDefaults.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADSecurityDefaults/3-Remove.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADSecurityDefaults/1-EnableSecurityDefaults.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADSecurityDefaults/3-Remove.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-ConfigureAADServicePrincipal.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-ConfigureAADServicePrincipal.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 new file mode 100644 index 0000000000..b513d7b703 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/2-Update.ps1 @@ -0,0 +1,37 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "" + DisplayName = "AADAppName" + AlternativeNames = "AlternativeName1","AlternativeName2" + AccountEnabled = $true + AppRoleAssignmentRequired = $true # Updated Property + ErrorUrl = "" + Homepage = "https://AADAppName.contoso.com" + LogoutUrl = "https://AADAppName.contoso.com/logout" + PublisherName = "Contoso" + ReplyURLs = "https://AADAppName.contoso.com" + SamlMetadataURL = "" + ServicePrincipalNames = "", "https://AADAppName.contoso.com" + ServicePrincipalType = "Application" + Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" + Ensure = "Present" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 new file mode 100644 index 0000000000..2be911cf20 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADServicePrincipal/3-Remove.ps1 @@ -0,0 +1,25 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "" + DisplayName = "AADAppName" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/1-CreateSocialIdentityProvider-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/1-Create.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/1-CreateSocialIdentityProvider-Example.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/1-Create.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/2-Update.ps1 new file mode 100644 index 0000000000..3807438f25 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/2-Update.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADSocialIdentityProvider "AADSocialIdentityProvider-Google" + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Present"; + IdentityProviderType = "Google"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/3-Remove.ps1 new file mode 100644 index 0000000000..fb8d39bbab --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADSocialIdentityProvider/3-Remove.ps1 @@ -0,0 +1,29 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADSocialIdentityProvider "AADSocialIdentityProvider-Google" + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Absent"; + IdentityProviderType = "Google"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/1-ConfigureAADTenantDetails.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 similarity index 88% rename from Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/1-ConfigureAADTenantDetails.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 index 4bc54af81c..4709f7fc07 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/1-ConfigureAADTenantDetails.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTenantDetails/2-Update.ps1 @@ -6,7 +6,7 @@ It is not meant to use as a production baseline. Configuration Example { param( [System.Management.Automation.PSCredential] - $GlobalAdmin + $credsCredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -20,7 +20,7 @@ Configuration Example { SecurityComplianceNotificationPhones = "+1123456789" SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" - Credential = $GlobalAdmin + Credential = $credsCredential } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-ConfigureAADTokenLifetimePolicy.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 similarity index 100% rename from Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/1-ConfigureAADTokenLifetimePolicy.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/2-Update.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/3-Remove.ps1 new file mode 100644 index 0000000000..6cc645eca1 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/AADTokenLifetimePolicy/3-Remove.ps1 @@ -0,0 +1,24 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-CreateNewAADUser.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 similarity index 87% rename from Modules/Microsoft365DSC/Examples/Resources/AADUser/1-CreateNewAADUser.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 index 5fa9d85398..77f36b174e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-CreateNewAADUser.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/1-Create.ps1 @@ -14,9 +14,10 @@ Configuration Example node localhost { + $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@O365DSC1.onmicrosoft.com" + UserPrincipalName = "John.Smith@$Organization" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-CreateNewAADUser.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 similarity index 76% rename from Modules/Microsoft365DSC/Examples/Resources/AADUser/2-CreateNewAADUser.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 index e95c4a5c89..d80e65086f 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-CreateNewAADUser.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/2-Update.ps1 @@ -14,16 +14,17 @@ Configuration Example node localhost { + $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@O365DSC1.onmicrosoft.com" + UserPrincipalName = "John.Smith@$Organization" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" - City = "Gatineau" + City = "Ottawa" # Updated Country = "Canada" Office = "Ottawa - Queen" - MemberOf = @('Group-M365-Standard-License', 'Group-PowerBI-Pro-License') + LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-ConfigureAADGroups.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 similarity index 50% rename from Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-ConfigureAADGroups.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 index 6fb9a0bd9a..1da4cd0523 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/2-ConfigureAADGroups.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADUser/3-Remove.ps1 @@ -14,17 +14,11 @@ Configuration Example node localhost { - AADGroup 'MyGroups' + $Organization = $Credscredential.Username.Split('@')[1] + AADUser 'ConfigureJohnSMith' { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group" - SecurityEnabled = $True - MailEnabled = $False - GroupTypes = @() - MailNickname = "DSCGroup" - Ensure = "Present" - IsAssignableToRole = $True - AssignedToRole = "Identity Governance Administrator" + UserPrincipalName = "John.Smith@$Organization" + Ensure = "Absent" Credential = $Credscredential } } From 24b3aeb110edd342419cb9307030f583f0cd0b9b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 19:13:35 +0000 Subject: [PATCH 41/58] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAdministrativeUnit.md | 53 ++++--- .../docs/resources/azure-ad/AADApplication.md | 85 +++++++++++ .../resources/azure-ad/AADAttributeSet.md | 62 ++++++++ .../AADAuthenticationContextClassReference.md | 64 +++++++++ .../azure-ad/AADAuthenticationMethodPolicy.md | 87 ++++++++++- ...AuthenticationMethodPolicyAuthenticator.md | 134 ++++++++++++++++- .../AADAuthenticationMethodPolicyEmail.md | 89 +++++++++++- .../AADAuthenticationMethodPolicyFido2.md | 94 +++++++++++- .../AADAuthenticationMethodPolicySms.md | 87 ++++++++++- .../AADAuthenticationMethodPolicySoftware.md | 87 ++++++++++- .../AADAuthenticationMethodPolicyTemporary.md | 92 +++++++++++- .../AADAuthenticationMethodPolicyVoice.md | 88 +++++++++++- .../AADAuthenticationMethodPolicyX509.md | 109 +++++++++++++- .../AADAuthenticationStrengthPolicy.md | 64 +++++++++ .../azure-ad/AADAuthorizationPolicy.md | 29 ++++ .../azure-ad/AADConditionalAccessPolicy.md | 89 +++++++++++- .../azure-ad/AADCrossTenantAccessPolicy.md | 29 ++++ ...sTenantAccessPolicyConfigurationDefault.md | 27 ++++ ...sTenantAccessPolicyConfigurationPartner.md | 94 ++++++++++-- .../AADEntitlementManagementAccessPackage.md | 69 ++++++++- ...ManagementAccessPackageAssignmentPolicy.md | 130 +++++++---------- ...titlementManagementAccessPackageCatalog.md | 60 +++++++- ...tManagementAccessPackageCatalogResource.md | 64 ++++++++- ...itlementManagementConnectedOrganization.md | 66 ++++++++- .../azure-ad/AADExternalIdentityPolicy.md | 4 +- docs/docs/resources/azure-ad/AADGroup.md | 44 ++---- .../azure-ad/AADGroupLifecyclePolicy.md | 27 ++++ .../azure-ad/AADGroupsNamingPolicy.md | 27 ++++ .../resources/azure-ad/AADGroupsSettings.md | 27 ++++ .../azure-ad/AADNamedLocationPolicy.md | 62 +++++++- .../resources/azure-ad/AADRoleDefinition.md | 60 ++++++++ .../AADRoleEligibilityScheduleRequest.md | 82 +++++++++++ .../docs/resources/azure-ad/AADRoleSetting.md | 136 +++++++++++++++++- .../resources/azure-ad/AADServicePrincipal.md | 68 +++++++++ .../azure-ad/AADSocialIdentityProvider.md | 64 +++++++++ .../resources/azure-ad/AADTenantDetails.md | 4 +- .../azure-ad/AADTokenLifetimePolicy.md | 27 ++++ docs/docs/resources/azure-ad/AADUser.md | 38 ++++- 38 files changed, 2329 insertions(+), 193 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index b2b8aeda21..347ec5c892 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -93,7 +93,6 @@ Configuration Example { AADAdministrativeUnit 'TestUnit' { - Id = '49a843c7-e80c-4bae-8819-825656a108f2' DisplayName = 'Test-Unit' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' @@ -124,35 +123,43 @@ Configuration Example node localhost { - AADGroup 'TestGroup' + AADAdministrativeUnit 'TestUnit' { - Id = '4b8bbe0f-2d9c-4a82-9f40-9e1717987102' - DisplayName = 'TestGroup' - MailNickname = 'TestGroup' - SecurityEnabled = $true - MailEnabled = $false - IsAssignableToRole = $true - Ensure = "Present" + DisplayName = 'Test-Unit' + MembershipRule = "(user.country -eq `"US`")" # Updated Property + MembershipRuleProcessingState = 'On' + MembershipType = 'Dynamic' + Ensure = 'Present' Credential = $Credscredential } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { AADAdministrativeUnit 'TestUnit' { - ID = 'Test-Unit' DisplayName = 'Test-Unit' - ScopedRoleMembers = @( - MSFT_MicrosoftGraphScopedRoleMembership - { - RoleName = "User Administrator" - RoleMemberInfo = MSFT_MicrosoftGraphMember - { - Identity = "TestGroup" - Type = "Group" - } - } - ) - Ensure = 'Present' + Ensure = 'Absent' Credential = $Credscredential - DependsOn = "[AADGroup]TestGroup" } } } diff --git a/docs/docs/resources/azure-ad/AADApplication.md b/docs/docs/resources/azure-ad/AADApplication.md index e440ca4552..7224433224 100644 --- a/docs/docs/resources/azure-ad/AADApplication.md +++ b/docs/docs/resources/azure-ad/AADApplication.md @@ -127,3 +127,88 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + AvailableToOtherTenants = $true # Updated Property + GroupMembershipClaims = "0" + Homepage = "https://app.contoso.com" + IdentifierUris = "https://app.contoso.com" + KnownClientApplications = "" + LogoutURL = "https://app.contoso.com/logout" + PublicClient = $false + ReplyURLs = "https://app.contoso.com" + Permissions = @( + MSFT_AADApplicationPermission + { + Name = 'User.Read' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $false + } + MSFT_AADApplicationPermission + { + Name = 'User.ReadWrite.All' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + MSFT_AADApplicationPermission + { + Name = 'User.Read.All' + Type = 'AppOnly' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + ) + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADAttributeSet.md b/docs/docs/resources/azure-ad/AADAttributeSet.md index 5cd6f05fb3..bce314c714 100644 --- a/docs/docs/resources/azure-ad/AADAttributeSet.md +++ b/docs/docs/resources/azure-ad/AADAttributeSet.md @@ -79,3 +79,65 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAttributeSet "AADAttributeSetTest" + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Present"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 300; # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAttributeSet "AADAttributeSetTest" + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Absent"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 300; # Updated Property + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md b/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md index b9d41753c8..27a6544b8d 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationContextClassReference.md @@ -81,3 +81,67 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthenticationContextClassReference "AADAuthenticationContextClassReference-Test" + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthenticationContextClassReference "AADAuthenticationContextClassReference-Test" + { + Credential = $credsCredential; + Description = "Context test Updated"; # Updated Property + DisplayName = "My Context"; + Ensure = "Absent"; + Id = "c3"; + IsAvailable = $True; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md index aeeed35b65..e4f15108f3 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md @@ -127,14 +127,18 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; DisplayName = "Authentication Methods Policy"; Ensure = "Present"; @@ -153,8 +157,83 @@ Configuration Example ) State = 'default' } - }; - TenantId = $ConfigurationData.NonNodeData.TenantId; + }; + Credential = $credsCredential; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" + { + Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + DisplayName = "Authentication Methods Policy"; + Ensure = "Present"; + Id = "authenticationMethodsPolicy"; + PolicyMigrationState = "migrationComplete"; # Updated Property + PolicyVersion = "1.4"; + RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ + AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ + SnoozeDurationInDays = 1 + IncludeTargets = @( + MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ + TargetedAuthenticationMethod = 'microsoftAuthenticator' + TargetType = 'group' + Id = 'all_users' + } + ) + State = 'default' + } + }; + Credential = $credsCredential; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" + { + Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + DisplayName = "Authentication Methods Policy"; + Ensure = "Absent"; + Id = "authenticationMethodsPolicy"; + Credential = $credsCredential; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md index 60022d0e43..6240dedf07 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md @@ -107,14 +107,18 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ @@ -177,7 +181,131 @@ Configuration Example ); IsSoftwareOathEnabled = $False; State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" + { + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + ); + FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ + DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + State = 'enabled' + } + NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + State = 'enabled' + } + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + State = 'enabled' + } + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup5' + TargetType = 'group' + } + State = 'enabled' + } + }; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + Credential = $credsCredential; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" + { + Ensure = "Absent"; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $True; # Updated Property + State = "enabled"; + Credential = $credsCredential; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md index 4e58cc2a8e..785250676b 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md @@ -76,6 +76,12 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost @@ -83,8 +89,6 @@ Configuration Example AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" { AllowExternalIdToUseEmailOtp = "default"; - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ @@ -108,7 +112,86 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" + { + AllowExternalIdToUseEmailOtp = "default"; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Email"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + Credential = $credsCredential; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" + { + Ensure = "Absent"; + Id = "Email"; + State = "disabled"; # Updated Property + Credential = $credsCredential; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md index 489232070e..48f10adae6 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md @@ -88,14 +88,18 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ @@ -126,7 +130,91 @@ Configuration Example AaGuids = @() }; State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $credsCredential; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" + { + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Fido2"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + IsAttestationEnforced = $False; # Updated Property + IsSelfServiceRegistrationAllowed = $True; + KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ + IsEnforced = $False + EnforcementType = 'block' + AaGuids = @() + }; + State = "enabled"; + Credential = $credsCredential; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" + { + Ensure = "Absent"; + Id = "Fido2"; + Credential = $credsCredential; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md index e6779531c0..e8b6de6355 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md @@ -75,14 +75,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ @@ -106,7 +111,83 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" + { + Credential = $credsCredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Sms"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Sms"; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md index 36bedb9e74..e8b86110f5 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md @@ -75,14 +75,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ @@ -106,7 +111,83 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" + { + Credential = $credsCredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "SoftwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "SoftwareOath"; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md index ac988ca699..c4d1cc2812 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md @@ -80,14 +80,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; DefaultLength = 8; DefaultLifetimeInMinutes = 60; Ensure = "Present"; @@ -116,7 +121,88 @@ Configuration Example MaximumLifetimeInMinutes = 480; MinimumLifetimeInMinutes = 60; State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" + { + Credential = $credsCredential; + DefaultLength = 9; # Updated Property + DefaultLifetimeInMinutes = 60; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "TemporaryAccessPass"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + IsUsableOnce = $False; + MaximumLifetimeInMinutes = 480; + MinimumLifetimeInMinutes = 60; + State = "enabled"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "TemporaryAccessPass"; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md index f101659afb..87289fb9a8 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md @@ -76,14 +76,19 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; + Credential = $credsCredential; Ensure = "Present"; Id = "Voice"; IsOfficePhoneAllowed = $False; @@ -108,7 +113,84 @@ Configuration Example } ); State = "disabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" + { + Credential = $credsCredential; + Ensure = "Present"; + Id = "Voice"; + IsOfficePhoneAllowed = $True; # Updated Property + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "Voice"; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index 1fbfc8e724..0e8857b3d1 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -106,19 +106,24 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost { AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; + Credential = $credsCredential; AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ Rules = @(@() ) X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' }; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 1 @@ -159,7 +164,105 @@ Configuration Example } ); State = "enabled"; - TenantId = $ConfigurationData.NonNodeData.TenantId; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" + { + Credential = $credsCredential; + AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() + ) + X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + }; + CertificateUserBindings = @( + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 1 + UserProperty = 'onPremisesUserPrincipalName' + X509CertificateField = 'PrincipalName' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 2 + UserProperty = 'onPremisesUserPrincipalName' + X509CertificateField = 'RFC822Name' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 3 + UserProperty = 'certificateUserIds' + X509CertificateField = 'SubjectKeyIdentifier' + } + ); + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "X509Certificate"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; # Updated Property + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" + { + Credential = $credsCredential; + Ensure = "Absent"; + Id = "X509Certificate"; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationStrengthPolicy.md b/docs/docs/resources/azure-ad/AADAuthenticationStrengthPolicy.md index 3a350a6327..fc4e231af6 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationStrengthPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationStrengthPolicy.md @@ -57,6 +57,12 @@ It is not meant to use as a production baseline. ```powershell Configuration Example { + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) Import-DscResource -ModuleName Microsoft365DSC Node localhost @@ -73,3 +79,61 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationStrengthPolicy "AADAuthenticationStrengthPolicy-Example" + { + AllowedCombinations = @("windowsHelloForBusiness","fido2","deviceBasedPush"); # Updated Property + Description = "This is an example"; + DisplayName = "Example"; + Ensure = "Present"; + Credential = $Credscredential; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADAuthenticationStrengthPolicy "AADAuthenticationStrengthPolicy-Example" + { + DisplayName = "Example"; + Ensure = "Absent"; + Credential = $Credscredential; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md b/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md index 21fe076578..cce8d984fe 100644 --- a/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md @@ -115,3 +115,32 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADAuthorizationPolicy 'AADAuthPol' + { + IsSingleInstance = 'Yes' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index 23a23898aa..340a201ca6 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -106,7 +106,6 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - Id = '4b0bb08f-85ab-4a12-a12c-06114b6ac6df' DisplayName = 'Allin-example' BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') @@ -147,3 +146,91 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $False # Updated Property + CloudAppSecurityType = 'MonitorOnly' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $true + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicy.md b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicy.md index 3c140db406..a29350a291 100644 --- a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicy.md @@ -77,3 +77,32 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicy "AADCrossTenantAccessPolicy" + { + AllowedCloudEndpoints = @("microsoftonline.us"); + Credential = $Credscredential; + DisplayName = "MyXTAPPolicy"; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationDefault.md b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationDefault.md index 98cb1bae7c..8f0ea3db8f 100644 --- a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationDefault.md +++ b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationDefault.md @@ -200,3 +200,30 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicyConfigurationDefault "AADCrossTenantAccessPolicyConfigurationDefault" + { + Credential = $Credscredential; + Ensure = "Absent"; + IsSingleInstance = "Yes"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md index be458deb45..5ea98da170 100644 --- a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md +++ b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md @@ -147,23 +147,68 @@ Configuration Example } ) } - UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + } + B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'blocked' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + } + Credential = $Credscredential; + Ensure = "Present"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" + { + B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'My Test Group' - TargetType = 'group' + Target = 'Office365' + TargetType = 'application' } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'Bob.Houle@contoso.com' + Target = 'AllUsers' TargetType = 'user' } ) } } - B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'blocked' + AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ Target = 'AllApplications' @@ -171,12 +216,14 @@ Configuration Example } ) } - UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'blocked' + } + B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' # Updated Property Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'John.Smith@contoso.com' - TargetType = 'user' + Target = 'AllApplications' + TargetType = 'application' } ) } @@ -189,3 +236,30 @@ Configuration Example } ``` +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" + { + Credential = $Credscredential; + Ensure = "Absent"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md index 9432c6672a..5da369969e 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md @@ -84,7 +84,6 @@ Configuration Example { AADEntitlementManagementAccessPackage 'myAccessPackage' { - Id = '0133f3f9-a2da-4043-b336-aa396bf94a9c' DisplayName = 'General' AccessPackageResourceRoleScopes = @( MSFT_AccessPackageResourceRoleScope { @@ -107,3 +106,71 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + AccessPackageResourceRoleScopes = @( + MSFT_AccessPackageResourceRoleScope { + Id = 'e5b0c702-b949-4310-953e-2a51790722b8' + AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' + AccessPackageResourceRoleDisplayName = 'AccessPackageRole' + } + ) + CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' + Description = 'Entitlement Access Package Example' + IsHidden = $true # Updated Property + IsRoleScopesVisible = $true + IncompatibleAccessPackages = @() + AccessPackagesIncompatibleWith = @() + IncompatibleGroups = @() + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md index 1996963a8a..493a73dd6e 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageAssignmentPolicy.md @@ -208,7 +208,6 @@ Configuration Example Description = ""; DisplayName = "External tenant"; DurationInDays = 365; - Id = "0ae0bc7c-bae7-4e3b-9ed3-216b767efbb3"; RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ ApprovalMode = 'NoApproval' IsRequestorJustificationRequired = $False @@ -250,83 +249,24 @@ Configuration Example node localhost { - AADEntitlementManagementAccessPackageAssignmentPolicy "MyAssignmentPolicyWithQuestionsAndCulture" + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" { AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ + IsEnabled = $True + StartDateTime = '12/17/2022 23:59:59' + IsAccessRecommendationEnabled = $True + AccessReviewTimeoutBehavior = 'keepAccess' + IsApprovalJustificationRequired = $True + ReviewerType = 'Self' + RecurrenceType = 'quarterly' + Reviewers = @() + DurationInDays = 25 + }; CanExtend = $False; - Credential = $Credscredential - Description = "Initial Policy"; - DisplayName = "Initial Policy"; - DurationInDays = 365; - Ensure = "Present"; - Id = "d46bda47-ec8e-4b62-8d94-3cd13e267a61"; - Questions = @( - MSFT_MicrosoftGraphaccesspackagequestion{ - AllowsMultipleSelection = $False - Id = '8475d987-535d-43a1-a7d7-96b7fd0edda9' - QuestionText = MSFT_MicrosoftGraphaccesspackagelocalizedcontent{ - LocalizedTexts = @( - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - Text = 'My Question' - LanguageCode = 'en-GB' - } - - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - Text = 'Ma question' - LanguageCode = 'fr-FR' - } - ) - DefaultText = 'My question' - } - IsRequired = $True - Choices = @( - MSFT_MicrosoftGraphaccessPackageAnswerChoice{ - displayValue = MSFT_MicrosoftGraphaccessPackageLocalizedContent{ - localizedTexts = @( - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Yes' - languageCode = 'en-GB' - } - - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Oui' - languageCode = 'fr-FR' - } - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Ya' - languageCode = 'de' - } - ) - defaultText = 'Yes' - } - actualValue = 'Yes' - } - - MSFT_MicrosoftGraphaccessPackageAnswerChoice{ - displayValue = MSFT_MicrosoftGraphaccessPackageLocalizedContent{ - localizedTexts = @( - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'No' - languageCode = 'en-GB' - } - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Non' - languageCode = 'fr-FR' - } - MSFT_MicrosoftGraphaccessPackageLocalizedText{ - text = 'Nein' - languageCode = 'de' - } - ) - defaultText = 'No' - } - actualValue = 'No' - } - ) - Sequence = 0 - odataType = '#microsoft.graph.accessPackageMultipleChoiceQuestion' - } - ); + Description = ""; + DisplayName = "External tenant"; + DurationInDays = 180; # Updated Property RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ ApprovalMode = 'NoApproval' IsRequestorJustificationRequired = $False @@ -334,9 +274,45 @@ Configuration Example IsApprovalRequiredForExtension = $False }; RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ - AcceptRequests = $False - ScopeType = 'NoSubjects' + AllowedRequestors = @( + MSFT_MicrosoftGraphuserset{ + IsBackup = $False + Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' + odataType = '#microsoft.graph.connectedOrganizationMembers' + } + ) + AcceptRequests = $True + ScopeType = 'SpecificConnectedOrganizationSubjects' }; + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageAssignmentPolicy "myAssignmentPolicyWithAccessReviewsSettings" + { + DisplayName = "External tenant"; + Ensure = "Absent" + Credential = $Credscredential } } } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md index 44cd50cbd9..6a299016ac 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalog.md @@ -70,7 +70,6 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' { - Id = '7f66090e-11d2-4868-bc13-df98a327077d' DisplayName = 'General' CatalogStatus = 'Published' CatalogType = 'ServiceDefault' @@ -84,3 +83,62 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'General' + CatalogStatus = 'Published' + CatalogType = 'ServiceDefault' + Description = 'Built-in catalog.' + IsExternallyVisible = $False # Updated Property + Managedidentity = $False + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'General' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md index 15d5d568ae..ab7401ab7a 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackageCatalogResource.md @@ -149,7 +149,6 @@ Configuration Example { AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' { - Id = 'a694d6c3-57cb-4cb1-b32b-07bf1325df8e' DisplayName = 'Communication site' AddedBy = 'admin@contoso.onmicrosoft.com' AddedOn = '05/11/2022 16:21:15' @@ -167,3 +166,66 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + AddedBy = 'admin@contoso.onmicrosoft.com' + AddedOn = '05/11/2022 16:21:15' + CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' + Description = 'https://contoso.sharepoint.com/' + IsPendingOnboarding = $False # Updated Property + OriginId = 'https://contoso.sharepoint.com/' + OriginSystem = 'SharePointOnline' + ResourceType = 'SharePoint Online Site' + Url = 'https://contoso.sharepoint.com/' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md b/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md index 79f2c6e776..c64c9d84a9 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementConnectedOrganization.md @@ -87,7 +87,6 @@ Configuration Example Description = "this is the tenant partner"; DisplayName = "Test Tenant - DSC"; ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); - Id = "12345678-1234-1234-1234-123456789012"; IdentitySources = @( MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ ExternalTenantId = "12345678-1234-1234-1234-123456789012" @@ -104,3 +103,68 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + Description = "this is the tenant partner - Updated"; # Updated Property + DisplayName = "Test Tenant - DSC"; + ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + IdentitySources = @( + MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ + ExternalTenantId = "12345678-1234-1234-1234-123456789012" + DisplayName = 'Contoso' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + } + ); + InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + State = "configured"; + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + DisplayName = "Test Tenant - DSC"; + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADExternalIdentityPolicy.md b/docs/docs/resources/azure-ad/AADExternalIdentityPolicy.md index 1a74ebc223..ef884015ef 100644 --- a/docs/docs/resources/azure-ad/AADExternalIdentityPolicy.md +++ b/docs/docs/resources/azure-ad/AADExternalIdentityPolicy.md @@ -58,7 +58,7 @@ Configuration Example ( [Parameter(Mandatory = $true)] [PSCredential] - $credsAdmin + $credsCredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -69,7 +69,7 @@ Configuration Example { AllowDeletedIdentitiesDataRemoval = $False; AllowExternalIdentitiesToLeave = $True; - Credential = $CredsAdmin; + Credential = $credsCredential; IsSingleInstance = "Yes"; } } diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 500c4eb61f..2f6c42bae8 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -123,16 +123,15 @@ Configuration Example { AADGroup 'MyGroups' { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group" - SecurityEnabled = $True - MailEnabled = $False - GroupTypes = @() - MailNickname = "DSCGroup" - Ensure = "Present" - IsAssignableToRole = $True - AssignedToRole = "Identity Governance Administrator" - Credential = $Credscredential + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group Updated" # Updated Property + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Visibility = "Private" + Ensure = "Present" + Credential = $Credscredential } } } @@ -155,28 +154,11 @@ Configuration Example node localhost { - AADGroup 'MyGroups1' - { - DisplayName = "DSCGroup" - Description = "Microsoft DSC Group" - SecurityEnabled = $True - MailEnabled = $False - GroupTypes = @() - MailNickname = "M365DSCG" - Ensure = "Present" - Credential = $Credscredential - } - AADGroup 'MyGroups2' + AADGroup 'MyGroups' { - DisplayName = "DSCMemberGroup" - Description = "Microsoft DSC Editor" - SecurityEnabled = $True - MailEnabled = $False - GroupTypes = @() - MailNickname = "M365DSCMG" - Ensure = "Present" - MemberOf = @("DSCGroup") - Credential = $Credscredential + DisplayName = "DSCGroup" + Ensure = "Absent" + Credential = $Credscredential } } } diff --git a/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md b/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md index f0da9d1eec..2c0b95b5cd 100644 --- a/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md +++ b/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md @@ -78,3 +78,30 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupLifecyclePolicy 'GroupLifecyclePolicy' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADGroupsNamingPolicy.md b/docs/docs/resources/azure-ad/AADGroupsNamingPolicy.md index a01cbfbcbc..06476b368d 100644 --- a/docs/docs/resources/azure-ad/AADGroupsNamingPolicy.md +++ b/docs/docs/resources/azure-ad/AADGroupsNamingPolicy.md @@ -76,3 +76,30 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupsNamingPolicy 'GroupsNamingPolicy' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADGroupsSettings.md b/docs/docs/resources/azure-ad/AADGroupsSettings.md index 8127dfd693..7aa4b1dde4 100644 --- a/docs/docs/resources/azure-ad/AADGroupsSettings.md +++ b/docs/docs/resources/azure-ad/AADGroupsSettings.md @@ -89,3 +89,30 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADGroupsSettings 'GeneralGroupsSettings' + { + IsSingleInstance = "Yes" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md b/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md index c18b9a4af9..f43ace7898 100644 --- a/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md +++ b/docs/docs/resources/azure-ad/AADNamedLocationPolicy.md @@ -78,14 +78,62 @@ Configuration Example Ensure = "Present" Credential = $Credscredential } - AADNamedLocationPolicy 'AllowedCountries' + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADNamedLocationPolicy 'CompanyNetwork' { - CountriesAndRegions = @("GH", "AX", "DZ", "AI", "AM") - DisplayName = "Allowed Countries" - IncludeUnknownCountriesAndRegions = $False - OdataType = "#microsoft.graph.countryNamedLocation" - Ensure = "Present" - Credential = $Credscredential + DisplayName = "Company Network" + IpRanges = @("2.1.1.1/32", "1.2.2.2/32") + IsTrusted = $False # Updated Property + OdataType = "#microsoft.graph.ipNamedLocation" + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + Ensure = "Absent" + Credential = $Credscredential } } } diff --git a/docs/docs/resources/azure-ad/AADRoleDefinition.md b/docs/docs/resources/azure-ad/AADRoleDefinition.md index 4d092c02db..d66d201aac 100644 --- a/docs/docs/resources/azure-ad/AADRoleDefinition.md +++ b/docs/docs/resources/azure-ad/AADRoleDefinition.md @@ -87,3 +87,63 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleDefinition 'AADRoleDefinition1' + { + DisplayName = "DSCRole1" + Description = "DSC created role definition" + ResourceScopes = "/" + IsEnabled = $false # Updated Property + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" + Version = "1.0" + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleDefinition 'AADRoleDefinition1' + { + IsEnabled = $true + DisplayName = "DSCRole1" + Ensure = "Update" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md index fb0f9efb9e..ef5191b080 100644 --- a/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md +++ b/docs/docs/resources/azure-ad/AADRoleEligibilityScheduleRequest.md @@ -161,3 +161,85 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleEligibilityScheduleRequest "MyRequest" + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Present"; + IsValidationOnly = $True; # Updated Property + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADRoleEligibilityScheduleRequest "MyRequest" + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Absent"; + IsValidationOnly = $True; # Updated Property + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADRoleSetting.md b/docs/docs/resources/azure-ad/AADRoleSetting.md index 840706cf0b..4ce54475f7 100644 --- a/docs/docs/resources/azure-ad/AADRoleSetting.md +++ b/docs/docs/resources/azure-ad/AADRoleSetting.md @@ -119,11 +119,9 @@ Configuration Example ActiveAssigneeNotificationAdditionalRecipient = @(); ActiveAssigneeNotificationDefaultRecipient = $True; ActiveAssigneeNotificationOnlyCritical = $False; - ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; ApprovaltoActivate = $False; AssignmentReqJustification = $True; AssignmentReqMFA = $False; - CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Displayname = "Application Administrator"; ElegibilityAssignmentReqJustification = $False; ElegibilityAssignmentReqMFA = $False; @@ -144,10 +142,140 @@ Configuration Example EligibleAssignmentAssigneeNotificationOnlyCritical = $False; ExpireActiveAssignment = "P180D"; ExpireEligibleAssignment = "P365D"; - Id = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3"; PermanentActiveAssignmentisExpirationRequired = $False; PermanentEligibleAssignmentisExpirationRequired = $False; - TenantId = $ConfigurationData.NonNodeData.TenantId; + Credential = $Credscredential + Ensure = 'Present' + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Present' + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + Node localhost + { + AADRoleSetting 28b253d8-cde5-471f-a331-fe7320023cdd + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $False; # Updated Property + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Absent' } } } diff --git a/docs/docs/resources/azure-ad/AADServicePrincipal.md b/docs/docs/resources/azure-ad/AADServicePrincipal.md index 0ddd7c7a7e..f5c4d6c8ae 100644 --- a/docs/docs/resources/azure-ad/AADServicePrincipal.md +++ b/docs/docs/resources/azure-ad/AADServicePrincipal.md @@ -109,3 +109,71 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "" + DisplayName = "AADAppName" + AlternativeNames = "AlternativeName1","AlternativeName2" + AccountEnabled = $true + AppRoleAssignmentRequired = $true # Updated Property + ErrorUrl = "" + Homepage = "https://AADAppName.contoso.com" + LogoutUrl = "https://AADAppName.contoso.com/logout" + PublisherName = "Contoso" + ReplyURLs = "https://AADAppName.contoso.com" + SamlMetadataURL = "" + ServicePrincipalNames = "", "https://AADAppName.contoso.com" + ServicePrincipalType = "Application" + Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" + Ensure = "Present" + Credential = $Credscredential + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "" + DisplayName = "AADAppName" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADSocialIdentityProvider.md b/docs/docs/resources/azure-ad/AADSocialIdentityProvider.md index 3cc81eddbd..159a6874ff 100644 --- a/docs/docs/resources/azure-ad/AADSocialIdentityProvider.md +++ b/docs/docs/resources/azure-ad/AADSocialIdentityProvider.md @@ -83,3 +83,67 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADSocialIdentityProvider "AADSocialIdentityProvider-Google" + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Present"; + IdentityProviderType = "Google"; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $credsCredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADSocialIdentityProvider "AADSocialIdentityProvider-Google" + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret-Updated"; # Updated Property + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Absent"; + IdentityProviderType = "Google"; + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADTenantDetails.md b/docs/docs/resources/azure-ad/AADTenantDetails.md index 3bf94c27fe..7e84e98fd7 100644 --- a/docs/docs/resources/azure-ad/AADTenantDetails.md +++ b/docs/docs/resources/azure-ad/AADTenantDetails.md @@ -59,7 +59,7 @@ It is not meant to use as a production baseline. Configuration Example { param( [System.Management.Automation.PSCredential] - $GlobalAdmin + $credsCredential ) Import-DscResource -ModuleName Microsoft365DSC @@ -73,7 +73,7 @@ Configuration Example { SecurityComplianceNotificationPhones = "+1123456789" SecurityComplianceNotificationMails = "example@contoso.com" MarketingNotificationEmails = "example@contoso.com" - Credential = $GlobalAdmin + Credential = $credsCredential } } } diff --git a/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md b/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md index c2d482c9c8..c9ea49d908 100644 --- a/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md +++ b/docs/docs/resources/azure-ad/AADTokenLifetimePolicy.md @@ -78,3 +78,30 @@ Configuration Example } ``` +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + AADTokenLifetimePolicy 'CreateTokenLifetimePolicy' + { + DisplayName = "PolicyDisplayName" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/azure-ad/AADUser.md b/docs/docs/resources/azure-ad/AADUser.md index bcdfb0d725..4d5ef9b418 100644 --- a/docs/docs/resources/azure-ad/AADUser.md +++ b/docs/docs/resources/azure-ad/AADUser.md @@ -87,9 +87,10 @@ Configuration Example node localhost { + $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@O365DSC1.onmicrosoft.com" + UserPrincipalName = "John.Smith@$Organization" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" @@ -122,16 +123,17 @@ Configuration Example node localhost { + $Organization = $Credscredential.Username.Split('@')[1] AADUser 'ConfigureJohnSMith' { - UserPrincipalName = "John.Smith@O365DSC1.onmicrosoft.com" + UserPrincipalName = "John.Smith@$Organization" FirstName = "John" LastName = "Smith" DisplayName = "John J. Smith" - City = "Gatineau" + City = "Ottawa" # Updated Country = "Canada" Office = "Ottawa - Queen" - MemberOf = @('Group-M365-Standard-License', 'Group-PowerBI-Pro-License') + LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") UsageLocation = "US" Ensure = "Present" Credential = $Credscredential @@ -140,3 +142,31 @@ Configuration Example } ``` +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + $Organization = $Credscredential.Username.Split('@')[1] + AADUser 'ConfigureJohnSMith' + { + UserPrincipalName = "John.Smith@$Organization" + Ensure = "Absent" + Credential = $Credscredential + } + } +} +``` + From b4f38feab45f9c30d8a3fcc225bd173e4c64ca29 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Tue, 19 Dec 2023 19:15:54 +0000 Subject: [PATCH 42/58] Updated {Create} AAD Integration Tests --- .../M365DSCIntegration.AAD.Create.Tests.ps1 | 708 ++++++++++++++++++ 1 file changed, 708 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 5100100644..c2b7daad95 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -18,6 +18,714 @@ $Domain = $Credscredential.Username.Split('@')[1] Node Localhost { + AADAdministrativeUnit 'TestUnit' + { + DisplayName = 'Test-Unit' + MembershipRule = "(user.country -eq `"Canada`")" + MembershipRuleProcessingState = 'On' + MembershipType = 'Dynamic' + Ensure = 'Present' + Credential = $Credscredential + } + AADApplication 'AADApp1' + { + DisplayName = "AppDisplayName" + AvailableToOtherTenants = $false + GroupMembershipClaims = "0" + Homepage = "https://app.contoso.com" + IdentifierUris = "https://app.contoso.com" + KnownClientApplications = "" + LogoutURL = "https://app.contoso.com/logout" + PublicClient = $false + ReplyURLs = "https://app.contoso.com" + Permissions = @( + MSFT_AADApplicationPermission + { + Name = 'User.Read' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $false + } + MSFT_AADApplicationPermission + { + Name = 'User.ReadWrite.All' + Type = 'Delegated' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + MSFT_AADApplicationPermission + { + Name = 'User.Read.All' + Type = 'AppOnly' + SourceAPI = 'Microsoft Graph' + AdminConsentGranted = $True + } + ) + Ensure = "Present" + Credential = $Credscredential + } + AADAttributeSet 'AADAttributeSetTest' + { + Credential = $credsCredential; + Description = "Attribute set with 420 attributes"; + Ensure = "Present"; + Id = "TestAttributeSet"; + MaxAttributesPerSet = 420; + } + AADAuthenticationContextClassReference 'AADAuthenticationContextClassReference-Test' + { + Credential = $credsCredential; + Description = "Context test"; + DisplayName = "My Context"; + Ensure = "Present"; + Id = "c3"; + IsAvailable = $True; + } + AADAuthenticationMethodPolicy 'AADAuthenticationMethodPolicy-Authentication Methods Policy' + { + Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + DisplayName = "Authentication Methods Policy"; + Ensure = "Present"; + Id = "authenticationMethodsPolicy"; + PolicyMigrationState = "preMigration"; + PolicyVersion = "1.4"; + RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ + AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ + SnoozeDurationInDays = 1 + IncludeTargets = @( + MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget{ + TargetedAuthenticationMethod = 'microsoftAuthenticator' + TargetType = 'group' + Id = 'all_users' + } + ) + State = 'default' + } + }; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyAuthenticator 'AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator' + { + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + ); + FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ + DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + State = 'enabled' + } + NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + State = 'enabled' + } + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + State = 'enabled' + } + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = '00000000-0000-0000-0000-000000000000' + TargetType = 'group' + } + IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ + Id = 'fakegroup5' + TargetType = 'group' + } + State = 'enabled' + } + }; + Id = "MicrosoftAuthenticator"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'fakegroup6' + TargetType = 'group' + } + ); + IsSoftwareOathEnabled = $False; + State = "enabled"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyEmail 'AADAuthenticationMethodPolicyEmail-Email' + { + AllowExternalIdToUseEmailOtp = "default"; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Email"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "enabled"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicyFido2 'AADAuthenticationMethodPolicyFido2-Fido2' + { + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Fido2"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + IsAttestationEnforced = $True; + IsSelfServiceRegistrationAllowed = $True; + KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ + IsEnforced = $False + EnforcementType = 'block' + AaGuids = @() + }; + State = "enabled"; + Credential = $credsCredential; + } + AADAuthenticationMethodPolicySms 'AADAuthenticationMethodPolicySms-Sms' + { + Credential = $credsCredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "Sms"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "enabled"; + } + AADAuthenticationMethodPolicySoftware 'AADAuthenticationMethodPolicySoftware-SoftwareOath' + { + Credential = $credsCredential; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "SoftwareOath"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "enabled"; + } + AADAuthenticationMethodPolicyTemporary 'AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass' + { + Credential = $credsCredential; + DefaultLength = 8; + DefaultLifetimeInMinutes = 60; + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "TemporaryAccessPass"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + IsUsableOnce = $False; + MaximumLifetimeInMinutes = 480; + MinimumLifetimeInMinutes = 60; + State = "enabled"; + } + AADAuthenticationMethodPolicyVoice 'AADAuthenticationMethodPolicyVoice-Voice' + { + Credential = $credsCredential; + Ensure = "Present"; + Id = "Voice"; + IsOfficePhoneAllowed = $False; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "disabled"; + } + AADAuthenticationMethodPolicyX509 'AADAuthenticationMethodPolicyX509-X509Certificate' + { + Credential = $credsCredential; + AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() + ) + X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + }; + CertificateUserBindings = @( + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 1 + UserProperty = 'onPremisesUserPrincipalName' + X509CertificateField = 'PrincipalName' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 2 + UserProperty = 'onPremisesUserPrincipalName' + X509CertificateField = 'RFC822Name' + } + MSFT_MicrosoftGraphx509CertificateUserBinding{ + Priority = 3 + UserProperty = 'certificateUserIds' + X509CertificateField = 'SubjectKeyIdentifier' + } + ); + Ensure = "Present"; + ExcludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'fakegroup1' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ + Id = 'fakegroup2' + TargetType = 'group' + } + ); + Id = "X509Certificate"; + IncludeTargets = @( + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'fakegroup3' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ + Id = 'fakegroup4' + TargetType = 'group' + } + ); + State = "enabled"; + } + AADAuthenticationStrengthPolicy 'AADAuthenticationStrengthPolicy-Example' + { + AllowedCombinations = @("windowsHelloForBusiness","fido2","x509CertificateMultiFactor","deviceBasedPush"); + Description = "This is an example"; + DisplayName = "Example"; + Ensure = "Present"; + Credential = $Credscredential; + } + AADConditionalAccessPolicy 'Allin-example' + { + DisplayName = 'Allin-example' + BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') + ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') + CloudAppSecurityIsEnabled = $True + CloudAppSecurityType = 'MonitorOnly' + ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') + ExcludeGroups = @() + ExcludeLocations = @('Blocked Countries') + ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') + ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') + ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') + ExcludeExternalTenantsMembers = @() + ExcludeExternalTenantsMembershipKind = 'all' + ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') + GrantControlOperator = 'OR' + IncludeApplications = @('All') + IncludeGroups = @() + IncludeLocations = @('AllTrusted') + IncludePlatforms = @('Android', 'IOS') + IncludeRoles = @('Compliance Administrator') + IncludeUserActions = @() + IncludeUsers = @('Alexw@contoso.com') + IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') + IncludeExternalTenantsMembershipKind = 'enumerated' + IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') + PersistentBrowserIsEnabled = $false + PersistentBrowserMode = '' + SignInFrequencyIsEnabled = $true + SignInFrequencyType = 'Hours' + SignInFrequencyValue = 5 + SignInRiskLevels = @('High', 'Medium') + State = 'disabled' + UserRiskLevels = @('High', 'Medium') + Ensure = 'Present' + Credential = $Credscredential + } + AADCrossTenantAccessPolicyConfigurationPartner 'AADCrossTenantAccessPolicyConfigurationPartner' + { + B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'Office365' + TargetType = 'application' + } + ) + } + UsersAndGroups = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllUsers' + TargetType = 'user' + } + ) + } + } + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'allowed' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + } + B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ + AccessType = 'blocked' + Targets = @( + MSFT_AADCrossTenantAccessPolicyTarget{ + Target = 'AllApplications' + TargetType = 'application' + } + ) + } + } + Credential = $Credscredential; + Ensure = "Present"; + PartnerTenantId = "12345-12345-12345-12345-12345"; + } + AADEntitlementManagementAccessPackage 'myAccessPackage' + { + DisplayName = 'General' + AccessPackageResourceRoleScopes = @( + MSFT_AccessPackageResourceRoleScope { + Id = 'e5b0c702-b949-4310-953e-2a51790722b8' + AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' + AccessPackageResourceRoleDisplayName = 'AccessPackageRole' + } + ) + CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' + Description = 'Entitlement Access Package Example' + IsHidden = $false + IsRoleScopesVisible = $true + IncompatibleAccessPackages = @() + AccessPackagesIncompatibleWith = @() + IncompatibleGroups = @() + Ensure = 'Present' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageAssignmentPolicy 'myAssignmentPolicyWithAccessReviewsSettings' + { + AccessPackageId = "5d05114c-b4d9-4ae7-bda6-4bade48e60f2"; + AccessReviewSettings = MSFT_MicrosoftGraphassignmentreviewsettings{ + IsEnabled = $True + StartDateTime = '12/17/2022 23:59:59' + IsAccessRecommendationEnabled = $True + AccessReviewTimeoutBehavior = 'keepAccess' + IsApprovalJustificationRequired = $True + ReviewerType = 'Self' + RecurrenceType = 'quarterly' + Reviewers = @() + DurationInDays = 25 + }; + CanExtend = $False; + Description = ""; + DisplayName = "External tenant"; + DurationInDays = 365; + RequestApprovalSettings = MSFT_MicrosoftGraphapprovalsettings{ + ApprovalMode = 'NoApproval' + IsRequestorJustificationRequired = $False + IsApprovalRequired = $False + IsApprovalRequiredForExtension = $False + }; + RequestorSettings = MSFT_MicrosoftGraphrequestorsettings{ + AllowedRequestors = @( + MSFT_MicrosoftGraphuserset{ + IsBackup = $False + Id = 'e27eb9b9-27c3-462d-8d65-3bcd763b0ed0' + odataType = '#microsoft.graph.connectedOrganizationMembers' + } + ) + AcceptRequests = $True + ScopeType = 'SpecificConnectedOrganizationSubjects' + }; + Ensure = "Present" + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalog 'myAccessPackageCatalog' + { + DisplayName = 'General' + CatalogStatus = 'Published' + CatalogType = 'ServiceDefault' + Description = 'Built-in catalog.' + IsExternallyVisible = $True + Managedidentity = $False + Ensure = 'Present' + Credential = $Credscredential + } + AADEntitlementManagementAccessPackageCatalogResource 'myAccessPackageCatalogResource' + { + DisplayName = 'Communication site' + AddedBy = 'admin@contoso.onmicrosoft.com' + AddedOn = '05/11/2022 16:21:15' + CatalogId = 'f34c2d92-9e9d-4703-ba9b-955b6ac8dcb3' + Description = 'https://contoso.sharepoint.com/' + IsPendingOnboarding = $False + OriginId = 'https://contoso.sharepoint.com/' + OriginSystem = 'SharePointOnline' + ResourceType = 'SharePoint Online Site' + Url = 'https://contoso.sharepoint.com/' + Ensure = 'Present' + Credential = $Credscredential + } + AADEntitlementManagementConnectedOrganization 'MyConnectedOrganization' + { + Description = "this is the tenant partner"; + DisplayName = "Test Tenant - DSC"; + ExternalSponsors = @("12345678-1234-1234-1234-123456789012"); + IdentitySources = @( + MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource{ + ExternalTenantId = "12345678-1234-1234-1234-123456789012" + DisplayName = 'Contoso' + odataType = '#microsoft.graph.azureActiveDirectoryTenant' + } + ); + InternalSponsors = @("12345678-1234-1234-1234-123456789012"); + State = "configured"; + Ensure = "Present" + Credential = $Credscredential + } + AADGroup 'MyGroups' + { + DisplayName = "DSCGroup" + Description = "Microsoft DSC Group" + SecurityEnabled = $True + MailEnabled = $True + GroupTypes = @("Unified") + MailNickname = "M365DSC" + Visibility = "Private" + Ensure = "Present" + Credential = $Credscredential + } + AADNamedLocationPolicy 'CompanyNetwork' + { + DisplayName = "Company Network" + IpRanges = @("2.1.1.1/32", "1.2.2.2/32") + IsTrusted = $True + OdataType = "#microsoft.graph.ipNamedLocation" + Ensure = "Present" + Credential = $Credscredential + } + AADRoleDefinition 'AADRoleDefinition1' + { + DisplayName = "DSCRole1" + Description = "DSC created role definition" + ResourceScopes = "/" + IsEnabled = $true + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" + Version = "1.0" + Ensure = "Present" + Credential = $Credscredential + } + AADRoleEligibilityScheduleRequest 'MyRequest' + { + Action = "AdminAssign"; + Credential = $Credscredential; + DirectoryScopeId = "/"; + Ensure = "Present"; + IsValidationOnly = $False; + Principal = "John.Smith@$OrganizationName"; + RoleDefinition = "Teams Communications Administrator"; + ScheduleInfo = MSFT_AADRoleEligibilityScheduleRequestSchedule { + startDateTime = '2023-09-01T02:40:44Z' + expiration = MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration + { + endDateTime = '2025-10-31T02:40:09Z' + type = 'afterDateTime' + } + }; + } + AADRoleSetting '28b253d8-cde5-471f-a331-fe7320023cdd' + { + ActivateApprover = @(); + ActivationMaxDuration = "PT8H"; + ActivationReqJustification = $True; + ActivationReqMFA = $False; + ActivationReqTicket = $False; + ActiveAlertNotificationAdditionalRecipient = @(); + ActiveAlertNotificationDefaultRecipient = $True; + ActiveAlertNotificationOnlyCritical = $False; + ActiveApproveNotificationAdditionalRecipient = @(); + ActiveApproveNotificationDefaultRecipient = $True; + ActiveApproveNotificationOnlyCritical = $False; + ActiveAssigneeNotificationAdditionalRecipient = @(); + ActiveAssigneeNotificationDefaultRecipient = $True; + ActiveAssigneeNotificationOnlyCritical = $False; + ApprovaltoActivate = $False; + AssignmentReqJustification = $True; + AssignmentReqMFA = $False; + Displayname = "Application Administrator"; + ElegibilityAssignmentReqJustification = $False; + ElegibilityAssignmentReqMFA = $False; + EligibleAlertNotificationAdditionalRecipient = @(); + EligibleAlertNotificationDefaultRecipient = $True; + EligibleAlertNotificationOnlyCritical = $False; + EligibleApproveNotificationAdditionalRecipient = @(); + EligibleApproveNotificationDefaultRecipient = $True; + EligibleApproveNotificationOnlyCritical = $False; + EligibleAssigneeNotificationAdditionalRecipient = @(); + EligibleAssigneeNotificationDefaultRecipient = $True; + EligibleAssigneeNotificationOnlyCritical = $False; + EligibleAssignmentAlertNotificationAdditionalRecipient = @(); + EligibleAssignmentAlertNotificationDefaultRecipient = $True; + EligibleAssignmentAlertNotificationOnlyCritical = $False; + EligibleAssignmentAssigneeNotificationAdditionalRecipient = @(); + EligibleAssignmentAssigneeNotificationDefaultRecipient = $True; + EligibleAssignmentAssigneeNotificationOnlyCritical = $False; + ExpireActiveAssignment = "P180D"; + ExpireEligibleAssignment = "P365D"; + PermanentActiveAssignmentisExpirationRequired = $False; + PermanentEligibleAssignmentisExpirationRequired = $False; + Credential = $Credscredential + Ensure = 'Present' + } + AADServicePrincipal 'AADServicePrincipal' + { + AppId = "" + DisplayName = "AADAppName" + AlternativeNames = "AlternativeName1","AlternativeName2" + AccountEnabled = $true + AppRoleAssignmentRequired = $false + ErrorUrl = "" + Homepage = "https://AADAppName.contoso.com" + LogoutUrl = "https://AADAppName.contoso.com/logout" + PublisherName = "Contoso" + ReplyURLs = "https://AADAppName.contoso.com" + SamlMetadataURL = "" + ServicePrincipalNames = "", "https://AADAppName.contoso.com" + ServicePrincipalType = "Application" + Tags = "{WindowsAzureActiveDirectoryIntegratedApp}" + Ensure = "Present" + Credential = $Credscredential + } + AADSocialIdentityProvider 'AADSocialIdentityProvider-Google' + { + ClientId = "Google-OAUTH"; + ClientSecret = "FakeSecret"; + Credential = $credsCredential; + DisplayName = "My Google Provider"; + Ensure = "Present"; + IdentityProviderType = "Google"; + } + AADUser 'ConfigureJohnSMith' + { + UserPrincipalName = "John.Smith@$Organization" + FirstName = "John" + LastName = "Smith" + DisplayName = "John J. Smith" + City = "Gatineau" + Country = "Canada" + Office = "Ottawa - Queen" + LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM") + UsageLocation = "US" + Ensure = "Present" + Credential = $Credscredential + } } } From 1ff141da516d9e61da91ee3d764bbe883f12add1 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 07:58:40 -0500 Subject: [PATCH 43/58] Initial --- .../MSFT_AADAdministrativeUnit.psm1 | 13 ++++++++++--- .../MSFT_AADAuthenticationMethodPolicy.psm1 | 1 + .../Resources/AADAdministrativeUnit/1-Create.ps1 | 1 + 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 351359a732..075738fae6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -551,12 +551,19 @@ function Set-TargetResource Write-Verbose -Message "Creating an Azure AD Administrative Unit with DisplayName {$DisplayName}" #region resource generator code - $policy = New-MgBetaDirectoryAdministrativeUnit -BodyParameter $CreateParameters + Write-Verbose -Message "Creating new Administrative Unit with: $(Convert-M365DscHashtableToString -Hashtable $CreateParameters)" + + $jsonParams = ConvertTo-Json $CreateParameters + + # TODO - Replace by cmdlet call which has an issue in 2.11.1 + $url = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + 'beta/administrativeUnits' + $policy = Invoke-MgGraphRequest -Method POST -Uri $url -Body $jsonParams if ($MembershipType -ne 'Dynamic') { foreach ($member in $memberSpecification) { + Write-Verbose -Message "Adding new dynamic member {$($member.Id)}" $memberBodyParam = @{ '@odata.id' = "https://graph.microsoft.com/v1.0/$($member.Type)/$($member.Id)" } @@ -993,8 +1000,8 @@ function Export-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - - + + try { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 index 2ca3f0aef0..5f2a544a0d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1 @@ -357,6 +357,7 @@ function Set-TargetResource } #region resource generator code $UpdateParameters.Add("@odata.type", "#microsoft.graph.AuthenticationMethodsPolicy") + Write-Verbose -Message "Updating AuthenticationMethodPolicy with: `r`n$(Convert-M365DscHashtableToString -Hashtable $UpdateParameters)" Update-MgBetaPolicyAuthenticationMethodPolicy -BodyParameter $UpdateParameters #endregion } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 index c396955c60..5c764b636b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAdministrativeUnit/1-Create.ps1 @@ -19,6 +19,7 @@ Configuration Example AADAdministrativeUnit 'TestUnit' { DisplayName = 'Test-Unit' + Description = 'Test Description' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' From 2e17dd12a2caaa643bf9b5a44c816e648d2d7db9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 08:04:10 -0500 Subject: [PATCH 44/58] Updated MSCloudLoginAssistant to v1.1.4 --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 347f1d4eda..a4d7e26a9d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,8 @@ * M365DSCDRGUtil * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.4. # 1.23.1213.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 493713e7a2..8ee78e7e70 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.3" + RequiredVersion = "1.1.4" }, @{ ModuleName = 'PnP.PowerShell' From ecec761a332dd303720e329f7cbe9d20b719139e Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 08:27:39 -0500 Subject: [PATCH 45/58] Fixes Unit Tests --- .../1-Create.ps1 | 4 +-- .../2-Update.ps1 | 6 ++--- .../AADAuthorizationPolicy/3-Remove.ps1 | 26 ------------------- .../Examples/Resources/AADGroup/3-Remove.ps1 | 1 + .../AADGroupLifecyclePolicy/3-Remove.ps1 | 1 + .../Resources/AADRoleDefinition/3-Remove.ps1 | 1 + 6 files changed, 8 insertions(+), 31 deletions(-) delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 index 5acccb80e7..fccaab7aff 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/1-Create.ps1 @@ -21,8 +21,8 @@ Configuration Example DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "preMigration"; - PolicyVersion = "1.4"; + PolicyMigrationState = "migrationInProgress"; + PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ SnoozeDurationInDays = 1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 index 64fc96f46e..906e101085 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicy/2-Update.ps1 @@ -17,12 +17,12 @@ Configuration Example { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + Description = "Updated"; # Updated Property DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationComplete"; # Updated Property - PolicyVersion = "1.4"; + PolicyMigrationState = "migrationInProgress"; + PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ SnoozeDurationInDays = 1 diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 deleted file mode 100644 index cb52b6ee06..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthorizationPolicy/3-Remove.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADAuthorizationPolicy 'AADAuthPol' - { - IsSingleInstance = 'Yes' - Ensure = 'Absent' - Credential = $Credscredential - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 index dd1ce51204..2a6ab9e6fd 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 @@ -16,6 +16,7 @@ Configuration Example { AADGroup 'MyGroups' { + MailNickname = "M365DSC" DisplayName = "DSCGroup" Ensure = "Absent" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 index fa46c7de5e..fe1d5e11ad 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 @@ -17,6 +17,7 @@ Configuration Example AADGroupLifecyclePolicy 'GroupLifecyclePolicy' { IsSingleInstance = "Yes" + GroupLifetimeInDays = 99 Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 index 79f5c4f43d..d58d7539d3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 @@ -17,6 +17,7 @@ Configuration Example AADRoleDefinition 'AADRoleDefinition1' { IsEnabled = $true + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" DisplayName = "DSCRole1" Ensure = "Update" Credential = $Credscredential From f907155e8518878638f350ec887bfc9285910780 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 09:21:14 -0500 Subject: [PATCH 46/58] Fixes --- .../Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 | 2 ++ .../Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 | 2 ++ .../Examples/Resources/AADRoleDefinition/3-Remove.ps1 | 4 ++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 index 2a6ab9e6fd..b51e513cf6 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroup/3-Remove.ps1 @@ -17,6 +17,8 @@ Configuration Example AADGroup 'MyGroups' { MailNickname = "M365DSC" + SecurityEnabled = $True + MailEnabled = $True DisplayName = "DSCGroup" Ensure = "Absent" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 index fe1d5e11ad..29cf864c51 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADGroupLifecyclePolicy/3-Remove.ps1 @@ -17,7 +17,9 @@ Configuration Example AADGroupLifecyclePolicy 'GroupLifecyclePolicy' { IsSingleInstance = "Yes" + AlternateNotificationEmails = @("john.smith@contoso.com") GroupLifetimeInDays = 99 + ManagedGroupTypes = "Selected" Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 index d58d7539d3..fec85868f1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADRoleDefinition/3-Remove.ps1 @@ -17,9 +17,9 @@ Configuration Example AADRoleDefinition 'AADRoleDefinition1' { IsEnabled = $true - RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update" + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read" DisplayName = "DSCRole1" - Ensure = "Update" + Ensure = "Absent" Credential = $Credscredential } } From 0315b33f24fbc932f3d6642be4055cd6294b9829 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 20 Dec 2023 14:56:30 +0000 Subject: [PATCH 47/58] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAuthenticationMethodPolicy.md | 10 +++---- .../azure-ad/AADAuthorizationPolicy.md | 29 ------------------- docs/docs/resources/azure-ad/AADGroup.md | 3 ++ .../azure-ad/AADGroupLifecyclePolicy.md | 3 ++ .../resources/azure-ad/AADRoleDefinition.md | 3 +- 5 files changed, 13 insertions(+), 35 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md index e4f15108f3..fe416dd6e3 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicy.md @@ -143,8 +143,8 @@ Configuration Example DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "preMigration"; - PolicyVersion = "1.4"; + PolicyMigrationState = "migrationInProgress"; + PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ SnoozeDurationInDays = 1 @@ -184,12 +184,12 @@ Configuration Example { AADAuthenticationMethodPolicy "AADAuthenticationMethodPolicy-Authentication Methods Policy" { - Description = "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings"; + Description = "Updated"; # Updated Property DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "migrationComplete"; # Updated Property - PolicyVersion = "1.4"; + PolicyMigrationState = "migrationInProgress"; + PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ SnoozeDurationInDays = 1 diff --git a/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md b/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md index cce8d984fe..21fe076578 100644 --- a/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md +++ b/docs/docs/resources/azure-ad/AADAuthorizationPolicy.md @@ -115,32 +115,3 @@ Configuration Example } ``` -### Example 2 - -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. - -```powershell -Configuration Example -{ - param - ( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - AADAuthorizationPolicy 'AADAuthPol' - { - IsSingleInstance = 'Yes' - Ensure = 'Absent' - Credential = $Credscredential - } - } -} -``` - diff --git a/docs/docs/resources/azure-ad/AADGroup.md b/docs/docs/resources/azure-ad/AADGroup.md index 2f6c42bae8..4ee4e6dc5c 100644 --- a/docs/docs/resources/azure-ad/AADGroup.md +++ b/docs/docs/resources/azure-ad/AADGroup.md @@ -156,6 +156,9 @@ Configuration Example { AADGroup 'MyGroups' { + MailNickname = "M365DSC" + SecurityEnabled = $True + MailEnabled = $True DisplayName = "DSCGroup" Ensure = "Absent" Credential = $Credscredential diff --git a/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md b/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md index 2c0b95b5cd..13b8d58116 100644 --- a/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md +++ b/docs/docs/resources/azure-ad/AADGroupLifecyclePolicy.md @@ -98,6 +98,9 @@ Configuration Example AADGroupLifecyclePolicy 'GroupLifecyclePolicy' { IsSingleInstance = "Yes" + AlternateNotificationEmails = @("john.smith@contoso.com") + GroupLifetimeInDays = 99 + ManagedGroupTypes = "Selected" Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/azure-ad/AADRoleDefinition.md b/docs/docs/resources/azure-ad/AADRoleDefinition.md index d66d201aac..ac70b6eb1a 100644 --- a/docs/docs/resources/azure-ad/AADRoleDefinition.md +++ b/docs/docs/resources/azure-ad/AADRoleDefinition.md @@ -139,8 +139,9 @@ Configuration Example AADRoleDefinition 'AADRoleDefinition1' { IsEnabled = $true + RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read" DisplayName = "DSCRole1" - Ensure = "Update" + Ensure = "Absent" Credential = $Credscredential } } From fb25b48e76c9eb1a0c1a32c76b111a02e853a89f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 20 Dec 2023 14:58:10 +0000 Subject: [PATCH 48/58] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index c2b7daad95..78b4835a75 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -87,8 +87,8 @@ DisplayName = "Authentication Methods Policy"; Ensure = "Present"; Id = "authenticationMethodsPolicy"; - PolicyMigrationState = "preMigration"; - PolicyVersion = "1.4"; + PolicyMigrationState = "migrationInProgress"; + PolicyVersion = "1.5"; RegistrationEnforcement = MSFT_MicrosoftGraphregistrationEnforcement{ AuthenticationMethodsRegistrationCampaign = MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign{ SnoozeDurationInDays = 1 From 6e16cc40b5a418fd6c6e616a8b6090e58ae917ce Mon Sep 17 00:00:00 2001 From: Derek Smay Date: Wed, 20 Dec 2023 10:01:24 -0500 Subject: [PATCH 49/58] Removed limit on priority. --- .../MSFT_SCAutoSensitivityLabelPolicy.psm1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 index 23aa8f0a83..b2e54458cc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCAutoSensitivityLabelPolicy/MSFT_SCAutoSensitivityLabelPolicy.psm1 @@ -75,7 +75,6 @@ function Get-TargetResource [Parameter()] [System.Int32] - [ValidateRange(0, 2)] $Priority, [Parameter()] @@ -304,7 +303,6 @@ function Set-TargetResource [Parameter()] [System.Int32] - [ValidateRange(0, 2)] $Priority, [Parameter()] @@ -572,7 +570,6 @@ function Test-TargetResource [Parameter()] [System.Int32] - [ValidateRange(0, 2)] $Priority, [Parameter()] From ce0cad207efaf5e7b03521a95c72d276fa49ca01 Mon Sep 17 00:00:00 2001 From: Derek Smay Date: Wed, 20 Dec 2023 10:03:58 -0500 Subject: [PATCH 50/58] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4d7e26a9d..a7a9982e4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,8 @@ * M365DSCDRGUtil * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) +* SCAutoSensitivieyLabelPolicy + FIXES [#4036] Don't see any limits on our docs for priority * DEPENDENCIES * Updated MSCloudLoginAssistant to version 1.1.4. From 4f75cb28b71eedd91b292449ed79a6408aa2e8f2 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 20 Dec 2023 15:33:58 +0000 Subject: [PATCH 51/58] Set ErrorAction to Stop on integration workflows --- .github/workflows/Global - Integration - AAD.yml | 4 +++- .github/workflows/Global - Integration - INTUNE.yml | 4 +++- Tests/Integration/M365DSCTestEngine.psm1 | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Global - Integration - AAD.yml b/.github/workflows/Global - Integration - AAD.yml index 578aa03d01..22cbe9fb0d 100644 --- a/.github/workflows/Global - Integration - AAD.yml +++ b/.github/workflows/Global - Integration - AAD.yml @@ -63,13 +63,15 @@ jobs: try { - $Result = Test-DSCConfiguration -Detailed -Verbose + $Result = Test-DSCConfiguration -Detailed -Verbose -ErrorAction Stop } catch { throw $_ } + Write-Host "" + if ($Result.InDesiredState -eq $false) { Write-Host -Message "Resources below are not in the Desired State:" diff --git a/.github/workflows/Global - Integration - INTUNE.yml b/.github/workflows/Global - Integration - INTUNE.yml index 5da21e227c..89b45a7056 100644 --- a/.github/workflows/Global - Integration - INTUNE.yml +++ b/.github/workflows/Global - Integration - INTUNE.yml @@ -63,13 +63,15 @@ jobs: try { - $Result = Test-DSCConfiguration -Detailed -Verbose + $Result = Test-DSCConfiguration -Detailed -Verbose -ErrorAction Stop } catch { throw $_ } + Write-Host "" + if ($Result.InDesiredState -eq $false) { Write-Host -Message "Resources below are not in the Desired State:" diff --git a/Tests/Integration/M365DSCTestEngine.psm1 b/Tests/Integration/M365DSCTestEngine.psm1 index 566d1e11ce..d75004b683 100644 --- a/Tests/Integration/M365DSCTestEngine.psm1 +++ b/Tests/Integration/M365DSCTestEngine.psm1 @@ -96,7 +96,7 @@ function New-M365DSCIntegrationTest try { Master -ConfigurationData $ConfigurationData -Credscredential $Credential - Start-DscConfiguration Master -Wait -Force -Verbose + Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop } catch { From 41649b15fcb75485896dd00ffbb003458c0b133a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 14:07:33 -0500 Subject: [PATCH 52/58] Work in Progress for Integration tests --- ...thenticationMethodPolicyAuthenticator.psm1 | 99 ++++++++++--------- ...AADEntitlementManagementAccessPackage.psm1 | 26 ++++- .../1-Create.ps1 | 49 +++++---- .../2-Update.ps1 | 49 +++++---- .../1-Create.ps1 | 14 +-- .../2-Update.ps1 | 14 +-- .../1-Create.ps1 | 14 +-- .../2-Update.ps1 | 16 ++- .../1-Create.ps1 | 24 ++--- .../2-Update.ps1 | 24 ++--- .../1-Create.ps1 | 22 ++--- .../2-Update.ps1 | 22 ++--- .../1-Create.ps1 | 14 +-- .../2-Update.ps1 | 14 +-- .../1-Create.ps1 | 28 ++---- .../2-Update.ps1 | 28 ++---- .../1-Create.ps1 | 21 ++-- .../2-Update.ps1 | 21 ++-- .../AADConditionalAccessPolicy/1-Create.ps1 | 54 ++++------ .../AADConditionalAccessPolicy/2-Update.ps1 | 54 ++++------ .../1-Create.ps1 | 42 +++----- .../2-Update.ps1 | 42 +++----- 22 files changed, 273 insertions(+), 418 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index ddb27d4f21..123f728e20 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -99,14 +99,14 @@ function Get-TargetResource $complexCompanionAppAllowedState = @{} $complexExcludeTarget = @{} if ($getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.id - $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) - } - else - { - $complexExcludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.id) - } + { + $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.id + $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) + } + else + { + $complexExcludeTarget.Add('Id', 'all_users') + } if ($null -ne $getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.targetType) { $complexExcludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.companionAppAllowedState.excludeTarget.targetType.toString()) @@ -118,14 +118,14 @@ function Get-TargetResource $complexCompanionAppAllowedState.Add('ExcludeTarget', $complexExcludeTarget) $complexIncludeTarget = @{} if ($getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.id - $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) - } - else - { - $complexIncludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.id) - } + { + $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.id + $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) + } + else + { + $complexIncludeTarget.Add('Id', 'all_users') + } if ($null -ne $getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.targetType) { $complexIncludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.companionAppAllowedState.includeTarget.targetType.toString()) @@ -145,16 +145,17 @@ function Get-TargetResource } $complexFeatureSettings.Add('CompanionAppAllowedState', $complexCompanionAppAllowedState) $complexDisplayAppInformationRequiredState = @{} + $complexExcludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.id - $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) - } - else - { - $complexExcludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.id) - } + { + $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.id + $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) + } + else + { + $complexExcludeTarget.Add('Id', 'all_users') + } if ($null -ne $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.targetType) { $complexExcludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.excludeTarget.targetType.toString()) @@ -166,14 +167,14 @@ function Get-TargetResource $complexDisplayAppInformationRequiredState.Add('ExcludeTarget', $complexExcludeTarget) $complexIncludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.id - $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) - } - else - { - $complexIncludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.id) - } + { + $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.id + $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) + } + else + { + $complexIncludeTarget.Add('Id', 'all_users') + } if ($null -ne $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.targetType) { $complexIncludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.displayAppInformationRequiredState.includeTarget.targetType.toString()) @@ -195,14 +196,14 @@ function Get-TargetResource $complexDisplayLocationInformationRequiredState = @{} $complexExcludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.id - $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) - } - else - { - $complexExcludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.id) - } + { + $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.id + $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) + } + else + { + $complexExcludeTarget.Add('Id', 'all_users') + } if ($null -ne $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.targetType) { $complexExcludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.excludeTarget.targetType.toString()) @@ -214,14 +215,14 @@ function Get-TargetResource $complexDisplayLocationInformationRequiredState.Add('ExcludeTarget', $complexExcludeTarget) $complexIncludeTarget = @{} if ($getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.id - $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) - } - else - { - $complexIncludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.id) - } + { + $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.id + $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) + } + else + { + $complexIncludeTarget.Add('Id', 'all_users') + } if ($null -ne $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.targetType) { $complexIncludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.displayLocationInformationRequiredState.includeTarget.targetType.toString()) @@ -249,7 +250,7 @@ function Get-TargetResource { $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $currentExcludeTargets.id -ErrorAction SilentlyContinue - if ($null -ne $myIncludeTargetsDisplayName) + if ($null -ne $myExcludeTargetsDisplayName) { $myExcludeTargets.Add('Id', $myExcludeTargetsDisplayName.DisplayName) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 index 03ed887329..844320d380 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1 @@ -141,6 +141,8 @@ function Get-TargetResource } } + $catalog = Get-MgBetaEntitlementManagementAccessPackageCatalog -AccessPackageCatalog $getValue.CatalogId + $getIncompatibleAccessPackages = @() [Array]$query = Get-MgBetaEntitlementManagementAccessPackageIncompatibleAccessPackage -AccessPackageId $getValue.id if ($query.count -gt 0) @@ -165,7 +167,7 @@ function Get-TargetResource $results = @{ Id = $getValue.Id - CatalogId = $getValue.CatalogId + CatalogId = $catalog.DisplayName Description = $getValue.Description DisplayName = $getValue.DisplayName IsHidden = $getValue.IsHidden @@ -313,6 +315,16 @@ function Set-TargetResource #region basic information $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CreateParameters.CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($CreateParameters.CatalogId)'" + if ($catalogInstance) + { + $CreateParameters.CatalogId = $catalogInstance.Id + } + } + $CreateParameters.Remove('Id') | Out-Null $CreateParameters.Remove('Verbose') | Out-Null $CreateParameters.Remove('AccessPackageResourceRoleScopes') | Out-Null @@ -419,6 +431,16 @@ function Set-TargetResource #region basic information $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $ObjectGuid = [System.Guid]::empty + if (-not [System.Guid]::TryParse($CreateParameters.CatalogId, [System.Management.Automation.PSReference]$ObjectGuid)) + { + $catalogInstance = Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "DisplayName eq '$($UpdateParameters.CatalogId)'" + if ($catalogInstance) + { + $UpdateParameters.CatalogId = $catalogInstance.Id + } + } + $UpdateParameters.Remove('Id') | Out-Null $UpdateParameters.Remove('Verbose') | Out-Null $UpdateParameters.Remove('AccessPackageResourceRoleScopes') | Out-Null @@ -755,7 +777,7 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of {$Id}" + Write-Verbose -Message "Testing configuration of {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 index c66b6d5b35..fb6900710a 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/1-Create.ps1 @@ -17,69 +17,66 @@ Configuration Example { AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'fakegroup1' + Id = 'Legal Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'Paralegals' TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup2' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup3' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' - TargetType = 'group' - } - IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup5' - TargetType = 'group' - } - State = 'enabled' - } - }; + }; Id = "MicrosoftAuthenticator"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ - Id = 'fakegroup6' + Id = 'Finance Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'Northwind Traders' TargetType = 'group' } ); IsSoftwareOathEnabled = $False; State = "enabled"; - Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 index 7eff428c5f..af044fae17 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyAuthenticator/2-Update.ps1 @@ -17,69 +17,66 @@ Configuration Example { AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'fakegroup1' + Id = 'Legal Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'Paralegals' TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup2' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup3' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' - TargetType = 'group' - } - IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup5' - TargetType = 'group' - } - State = 'enabled' - } - }; + }; Id = "MicrosoftAuthenticator"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ - Id = 'fakegroup6' + Id = 'Finance Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'Northwind Traders' TargetType = 'group' } ); IsSoftwareOathEnabled = $True; # Updated Property State = "enabled"; - Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 index 61dedb8e2c..4fd4b2ef08 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/1-Create.ps1 @@ -17,31 +17,27 @@ Configuration Example { AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" { - AllowExternalIdToUseEmailOtp = "default"; + AllowExternalIdToUseEmailOtp = "enabled"; + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); Id = "Email"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup3' + Id = 'Finance Team' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); State = "enabled"; - Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 index 0a041e107a..da4c2f15b5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyEmail/2-Update.ps1 @@ -17,31 +17,27 @@ Configuration Example { AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" { - AllowExternalIdToUseEmailOtp = "default"; + AllowExternalIdToUseEmailOtp = "enabled"; + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); Id = "Email"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup3' + Id = 'Finance Team' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); State = "disabled"; # Updated Property - Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 index 17864228c2..5f5610df96 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/1-Create.ps1 @@ -17,29 +17,26 @@ Configuration Example { AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup1' + Id = 'Paralegals' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup2' + Id = 'Executives' TargetType = 'group' } ); Id = "Fido2"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - IsAttestationEnforced = $True; + IsAttestationEnforced = $False; IsSelfServiceRegistrationAllowed = $True; KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ IsEnforced = $False @@ -47,7 +44,6 @@ Configuration Example AaGuids = @() }; State = "enabled"; - Credential = $credsCredential; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 index 721fb619ce..64b188cf46 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyFido2/2-Update.ps1 @@ -17,37 +17,33 @@ Configuration Example { AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup1' + Id = 'Paralegals' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup2' + Id = 'Executives' TargetType = 'group' } ); Id = "Fido2"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - IsAttestationEnforced = $False; # Updated Property + IsAttestationEnforced = $False; IsSelfServiceRegistrationAllowed = $True; KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ IsEnforced = $False EnforcementType = 'block' AaGuids = @() }; - State = "enabled"; - Credential = $credsCredential; + State = "disabled"; # Updated Property } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 index 3ab54145e3..22f4f8c8a5 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/1-Create.ps1 @@ -17,30 +17,22 @@ Configuration Example { AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Employees' TargetType = 'group' } ); - Id = "Sms"; - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Id = "Sms"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "enabled"; + State = "enabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 index 92d61483f7..e0f3f6c9a8 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySms/2-Update.ps1 @@ -17,30 +17,22 @@ Configuration Example { AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Employees' TargetType = 'group' } ); - Id = "Sms"; - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Id = "Sms"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "disabled"; # Updated Property } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 index 10c3805a05..0efd4c1697 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/1-Create.ps1 @@ -17,30 +17,26 @@ Configuration Example { AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup1' + Id = 'Executives' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); - Id = "SoftwareOath"; - IncludeTargets = @( + Id = "SoftwareOath"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); - State = "enabled"; + State = "enabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 index b87b2ab1e6..9223768e7e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicySoftware/2-Update.ps1 @@ -17,30 +17,26 @@ Configuration Example { AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup1' + Id = 'Executives' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); - Id = "SoftwareOath"; - IncludeTargets = @( + Id = "SoftwareOath"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "disabled"; # Updated Property } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 index 1c6100181d..7be4ff9417 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/1-Create.ps1 @@ -17,28 +17,20 @@ Configuration Example { AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" { - Credential = $credsCredential; + Credential = $Credscredential; DefaultLength = 8; DefaultLifetimeInMinutes = 60; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Company' TargetType = 'group' } ); Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup4' + Id = 'DSCGroup' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 index f0571bf55b..a23cf77d9d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyTemporary/2-Update.ps1 @@ -17,28 +17,20 @@ Configuration Example { AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" { - Credential = $credsCredential; + Credential = $Credscredential; DefaultLength = 9; # Updated Property DefaultLifetimeInMinutes = 60; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Company' TargetType = 'group' } ); Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup4' + Id = 'DSCGroup' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 index d8579ed1f2..4a86e634df 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/1-Create.ps1 @@ -17,31 +17,17 @@ Configuration Example { AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" { - Credential = $credsCredential; - Ensure = "Present"; - Id = "Voice"; - IsOfficePhoneAllowed = $False; - ExcludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup2' - TargetType = 'group' - } - ); - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Credential = $Credscredential; + Ensure = "Present"; + Id = "Voice"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "disabled"; + IsOfficePhoneAllowed = $False; + State = "disabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 index da8f05897a..c895589eb3 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyVoice/2-Update.ps1 @@ -17,31 +17,17 @@ Configuration Example { AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" { - Credential = $credsCredential; - Ensure = "Present"; - Id = "Voice"; - IsOfficePhoneAllowed = $True; # Updated Property - ExcludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup2' - TargetType = 'group' - } - ); - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Credential = $Credscredential; + Ensure = "Present"; + Id = "Voice"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "disabled"; + IsOfficePhoneAllowed = $True; # Updated Property + State = "disabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 index ef65df08f4..dabae65428 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/1-Create.ps1 @@ -17,21 +17,21 @@ Configuration Example { AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { - Credential = $credsCredential; AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() ) - X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 1 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'PrincipalName' } MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 2 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'RFC822Name' } MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -40,25 +40,18 @@ Configuration Example X509CertificateField = 'SubjectKeyIdentifier' } ); + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup2' + Id = 'DSCGroup' TargetType = 'group' } ); Id = "X509Certificate"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup4' + Id = 'Finance Team' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 index c1ee918b25..0edadb587c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADAuthenticationMethodPolicyX509/2-Update.ps1 @@ -17,21 +17,21 @@ Configuration Example { AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { - Credential = $credsCredential; AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() ) - X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 1 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'PrincipalName' } MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 2 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'RFC822Name' } MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -40,25 +40,18 @@ Configuration Example X509CertificateField = 'SubjectKeyIdentifier' } ); + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup2' + Id = 'DSCGroup' TargetType = 'group' } ); Id = "X509Certificate"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup4' + Id = 'Finance Team' TargetType = 'group' } ); diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 index b46d82b8bb..644bff924b 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/1-Create.ps1 @@ -17,41 +17,25 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - DisplayName = 'Allin-example' - BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') - ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = 'MonitorOnly' - ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') - ExcludeGroups = @() - ExcludeLocations = @('Blocked Countries') - ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') - ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') - ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') - ExcludeExternalTenantsMembers = @() - ExcludeExternalTenantsMembershipKind = 'all' - ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') - GrantControlOperator = 'OR' - IncludeApplications = @('All') - IncludeGroups = @() - IncludeLocations = @('AllTrusted') - IncludePlatforms = @('Android', 'IOS') - IncludeRoles = @('Compliance Administrator') - IncludeUserActions = @() - IncludeUsers = @('Alexw@contoso.com') - IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') - IncludeExternalTenantsMembershipKind = 'enumerated' - IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = '' - SignInFrequencyIsEnabled = $true - SignInFrequencyType = 'Hours' - SignInFrequencyValue = 5 - SignInRiskLevels = @('High', 'Medium') - State = 'disabled' - UserRiskLevels = @('High', 'Medium') - Ensure = 'Present' - Credential = $Credscredential + ApplicationEnforcedRestrictionsIsEnabled = $False; + BuiltInControls = @("mfa"); + ClientAppTypes = @("all"); + CloudAppSecurityIsEnabled = $False; + Credential = $Credscredential; + DeviceFilterMode = "exclude"; + DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; + DisplayName = "Example CAP"; + Ensure = "Present"; + ExcludeUsers = @("admin@$Domain"); + GrantControlOperator = "OR"; + IncludeApplications = @("All"); + IncludeRoles = @("Attack Payload Author"); + PersistentBrowserIsEnabled = $False; + SignInFrequencyInterval = "timeBased"; + SignInFrequencyIsEnabled = $True; + SignInFrequencyType = "hours"; + SignInFrequencyValue = 1; + State = "disabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 index 6c724b690b..59adad1221 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADConditionalAccessPolicy/2-Update.ps1 @@ -17,41 +17,25 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - DisplayName = 'Allin-example' - BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') - ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') - CloudAppSecurityIsEnabled = $False # Updated Property - CloudAppSecurityType = 'MonitorOnly' - ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') - ExcludeGroups = @() - ExcludeLocations = @('Blocked Countries') - ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') - ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') - ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') - ExcludeExternalTenantsMembers = @() - ExcludeExternalTenantsMembershipKind = 'all' - ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') - GrantControlOperator = 'OR' - IncludeApplications = @('All') - IncludeGroups = @() - IncludeLocations = @('AllTrusted') - IncludePlatforms = @('Android', 'IOS') - IncludeRoles = @('Compliance Administrator') - IncludeUserActions = @() - IncludeUsers = @('Alexw@contoso.com') - IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') - IncludeExternalTenantsMembershipKind = 'enumerated' - IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = '' - SignInFrequencyIsEnabled = $true - SignInFrequencyType = 'Hours' - SignInFrequencyValue = 5 - SignInRiskLevels = @('High', 'Medium') - State = 'disabled' - UserRiskLevels = @('High', 'Medium') - Ensure = 'Present' - Credential = $Credscredential + ApplicationEnforcedRestrictionsIsEnabled = $False; + BuiltInControls = @("mfa"); + ClientAppTypes = @("all"); + CloudAppSecurityIsEnabled = $True; # Updated Porperty + Credential = $Credscredential; + DeviceFilterMode = "exclude"; + DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; + DisplayName = "Example CAP"; + Ensure = "Present"; + ExcludeUsers = @("admin@$Domain"); + GrantControlOperator = "OR"; + IncludeApplications = @("All"); + IncludeRoles = @("Attack Payload Author"); + PersistentBrowserIsEnabled = $False; + SignInFrequencyInterval = "timeBased"; + SignInFrequencyIsEnabled = $True; + SignInFrequencyType = "hours"; + SignInFrequencyValue = 1; + State = "disabled"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 index 67eb65e4a6..e555e01397 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/1-Create.ps1 @@ -16,12 +16,17 @@ Configuration Example { AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" { - B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com + AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings { + InboundAllowed = $True + OutboundAllowed = $True + }; + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'Office365' + Target = 'AllApplications' TargetType = 'application' } ) @@ -30,37 +35,16 @@ Configuration Example AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllUsers' + Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365 TargetType = 'user' } ) } - } - B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'blocked' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - Credential = $Credscredential; - Ensure = "Present"; - PartnerTenantId = "12345-12345-12345-12345-12345"; + }; + ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' + CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' + TenantId = 'M365x35070558.onmicrosoft.com' + Ensure = "Present"; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 index 5bee8926db..fa20869958 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADCrossTenantAccessPolicyConfigurationPartner/2-Update.ps1 @@ -16,12 +16,17 @@ Configuration Example { AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" { - B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com + AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings { + InboundAllowed = $False # Updated Property + OutboundAllowed = $True + }; + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'Office365' + Target = 'AllApplications' TargetType = 'application' } ) @@ -30,37 +35,16 @@ Configuration Example AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllUsers' + Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365 TargetType = 'user' } ) } - } - B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' # Updated Property - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - Credential = $Credscredential; - Ensure = "Present"; - PartnerTenantId = "12345-12345-12345-12345-12345"; + }; + ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' + CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' + TenantId = 'M365x35070558.onmicrosoft.com' + Ensure = "Present"; } } } From efbc0ecd2ff3bdd11f58888f8f887c92e6f575d5 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 14:07:40 -0500 Subject: [PATCH 53/58] Fixes --- CHANGELOG.md | 2 ++ .../1-Create.ps1 | 25 ++++++------------- .../2-Update.ps1 | 25 ++++++------------- 3 files changed, 18 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4d7e26a9d..757e50e1d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* AADEntitlementManagementAccessPackage + * Retrieve catalog by name instead of id. * IntuneDeviceAndAppManagementAssignmentFilter * Add support for remaining platforms supported by this policy FIXES [#4065](https://github.com/microsoft/Microsoft365DSC/issues/4065) diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 index 0f39dee877..778b2ae509 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/1-Create.ps1 @@ -16,23 +16,14 @@ Configuration Example { AADEntitlementManagementAccessPackage 'myAccessPackage' { - DisplayName = 'General' - AccessPackageResourceRoleScopes = @( - MSFT_AccessPackageResourceRoleScope { - Id = 'e5b0c702-b949-4310-953e-2a51790722b8' - AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' - AccessPackageResourceRoleDisplayName = 'AccessPackageRole' - } - ) - CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' - Description = 'Entitlement Access Package Example' - IsHidden = $false - IsRoleScopesVisible = $true - IncompatibleAccessPackages = @() - AccessPackagesIncompatibleWith = @() - IncompatibleGroups = @() - Ensure = 'Present' - Credential = $Credscredential + AccessPackagesIncompatibleWith = @(); + CatalogId = "General"; + Credential = $Credscredential; + Description = "Integration Tests"; + DisplayName = "Integration Package"; + Ensure = "Present"; + IsHidden = $False; + IsRoleScopesVisible = $True; } } } diff --git a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 index a9c0bfc8f8..668580ab74 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/AADEntitlementManagementAccessPackage/2-Update.ps1 @@ -16,23 +16,14 @@ Configuration Example { AADEntitlementManagementAccessPackage 'myAccessPackage' { - DisplayName = 'General' - AccessPackageResourceRoleScopes = @( - MSFT_AccessPackageResourceRoleScope { - Id = 'e5b0c702-b949-4310-953e-2a51790722b8' - AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' - AccessPackageResourceRoleDisplayName = 'AccessPackageRole' - } - ) - CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' - Description = 'Entitlement Access Package Example' - IsHidden = $true # Updated Property - IsRoleScopesVisible = $true - IncompatibleAccessPackages = @() - AccessPackagesIncompatibleWith = @() - IncompatibleGroups = @() - Ensure = 'Present' - Credential = $Credscredential + AccessPackagesIncompatibleWith = @(); + CatalogId = "General"; + Credential = $Credscredential; + Description = "Integration Tests"; + DisplayName = "Integration Package"; + Ensure = "Present"; + IsHidden = $True; # Updated Property + IsRoleScopesVisible = $True; } } } From cafbca2344412a3b60008528210e966a9d030099 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 20 Dec 2023 19:09:46 +0000 Subject: [PATCH 54/58] Updated {Create} AAD Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 78b4835a75..dbd3e9e31e 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -742,7 +742,7 @@ try { Master -ConfigurationData $ConfigurationData -Credscredential $Credential - Start-DscConfiguration Master -Wait -Force -Verbose + Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop } catch { From f82e5d517eee5809223badc2f00cc0b60d29223d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 14:30:20 -0500 Subject: [PATCH 55/58] Fixes Unit Tests --- .../Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 | 2 +- ...t365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 index ec98174a55..77d7ff00a1 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAdministrativeUnit.Tests.ps1 @@ -113,7 +113,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { } It 'Should Create the AU from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDirectoryAdministrativeUnit -Exactly 1 + Should -Invoke -CommandName Invoke-MgGraphRequest -Exactly 1 } } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 index 4e186b06a0..197ae6b449 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADEntitlementManagementAccessPackage.Tests.ps1 @@ -166,7 +166,12 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Ensure = 'Present' Credential = $Credential } - + Mock -CommandName Get-MgBetaEntitlementManagementAccessPackageCatalog -MockWith { + return @{ + DisplayName = 'FakeStringValue' + Id = 'FakeStringValue' + } + } Mock -CommandName Get-MgBetaEntitlementManagementAccessPackage -MockWith { return @{ CatalogId = 'FakeStringValue' From adf55806c1089edea748d692171e3a96a72452f2 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 20 Dec 2023 20:00:24 +0000 Subject: [PATCH 56/58] Updated Resources and Cmdlet documentation pages --- .../azure-ad/AADAdministrativeUnit.md | 1 + ...AuthenticationMethodPolicyAuthenticator.md | 98 ++++++++-------- .../AADAuthenticationMethodPolicyEmail.md | 28 ++--- .../AADAuthenticationMethodPolicyFido2.md | 30 ++--- .../AADAuthenticationMethodPolicySms.md | 48 +++----- .../AADAuthenticationMethodPolicySoftware.md | 44 +++---- .../AADAuthenticationMethodPolicyTemporary.md | 28 +---- .../AADAuthenticationMethodPolicyVoice.md | 56 +++------ .../AADAuthenticationMethodPolicyX509.md | 42 +++---- .../azure-ad/AADConditionalAccessPolicy.md | 108 ++++++------------ ...sTenantAccessPolicyConfigurationPartner.md | 84 +++++--------- .../AADEntitlementManagementAccessPackage.md | 50 +++----- 12 files changed, 216 insertions(+), 401 deletions(-) diff --git a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md index 347ec5c892..db08e51a4e 100644 --- a/docs/docs/resources/azure-ad/AADAdministrativeUnit.md +++ b/docs/docs/resources/azure-ad/AADAdministrativeUnit.md @@ -94,6 +94,7 @@ Configuration Example AADAdministrativeUnit 'TestUnit' { DisplayName = 'Test-Unit' + Description = 'Test Description' MembershipRule = "(user.country -eq `"Canada`")" MembershipRuleProcessingState = 'On' MembershipType = 'Dynamic' diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md index 6240dedf07..1033682cb1 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyAuthenticator.md @@ -119,69 +119,66 @@ Configuration Example { AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'fakegroup1' + Id = 'Legal Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'Paralegals' TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup2' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup3' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' - TargetType = 'group' - } - IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup5' - TargetType = 'group' - } - State = 'enabled' - } - }; + }; Id = "MicrosoftAuthenticator"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ - Id = 'fakegroup6' + Id = 'Finance Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'Northwind Traders' TargetType = 'group' } ); IsSoftwareOathEnabled = $False; State = "enabled"; - Credential = $credsCredential; } } } @@ -207,69 +204,66 @@ Configuration Example { AADAuthenticationMethodPolicyAuthenticator "AADAuthenticationMethodPolicyAuthenticator-MicrosoftAuthenticator" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ - Id = 'fakegroup1' + Id = 'Legal Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget{ + Id = 'Paralegals' TargetType = 'group' } ); FeatureSettings = MSFT_MicrosoftGraphmicrosoftAuthenticatorFeatureSettings{ DisplayLocationInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup2' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - NumberMatchingRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup3' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - CompanionAppAllowedState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ + DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' + Id = 'all_users' TargetType = 'group' } IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } - State = 'enabled' + State = 'default' } - DisplayAppInformationRequiredState = MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration{ - ExcludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = '00000000-0000-0000-0000-000000000000' - TargetType = 'group' - } - IncludeTarget = MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget{ - Id = 'fakegroup5' - TargetType = 'group' - } - State = 'enabled' - } - }; + }; Id = "MicrosoftAuthenticator"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ - Id = 'fakegroup6' + Id = 'Finance Team' + TargetType = 'group' + } + MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget{ + Id = 'Northwind Traders' TargetType = 'group' } ); IsSoftwareOathEnabled = $True; # Updated Property State = "enabled"; - Credential = $credsCredential; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md index 785250676b..2b5c62d557 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyEmail.md @@ -88,31 +88,27 @@ Configuration Example { AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" { - AllowExternalIdToUseEmailOtp = "default"; + AllowExternalIdToUseEmailOtp = "enabled"; + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); Id = "Email"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup3' + Id = 'Finance Team' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); State = "enabled"; - Credential = $credsCredential; } } } @@ -138,31 +134,27 @@ Configuration Example { AADAuthenticationMethodPolicyEmail "AADAuthenticationMethodPolicyEmail-Email" { - AllowExternalIdToUseEmailOtp = "default"; + AllowExternalIdToUseEmailOtp = "enabled"; + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); Id = "Email"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup3' + Id = 'Finance Team' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); State = "disabled"; # Updated Property - Credential = $credsCredential; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md index 48f10adae6..3f3d52b50c 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyFido2.md @@ -100,29 +100,26 @@ Configuration Example { AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup1' + Id = 'Paralegals' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup2' + Id = 'Executives' TargetType = 'group' } ); Id = "Fido2"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - IsAttestationEnforced = $True; + IsAttestationEnforced = $False; IsSelfServiceRegistrationAllowed = $True; KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ IsEnforced = $False @@ -130,7 +127,6 @@ Configuration Example AaGuids = @() }; State = "enabled"; - Credential = $credsCredential; } } } @@ -156,37 +152,33 @@ Configuration Example { AADAuthenticationMethodPolicyFido2 "AADAuthenticationMethodPolicyFido2-Fido2" { + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup1' + Id = 'Paralegals' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget{ - Id = 'fakegroup2' + Id = 'Executives' TargetType = 'group' } ); Id = "Fido2"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - IsAttestationEnforced = $False; # Updated Property + IsAttestationEnforced = $False; IsSelfServiceRegistrationAllowed = $True; KeyRestrictions = MSFT_MicrosoftGraphfido2KeyRestrictions{ IsEnforced = $False EnforcementType = 'block' AaGuids = @() }; - State = "enabled"; - Credential = $credsCredential; + State = "disabled"; # Updated Property } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md index e8b6de6355..69360fefdb 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySms.md @@ -87,30 +87,22 @@ Configuration Example { AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( - MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Employees' TargetType = 'group' } ); - Id = "Sms"; - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Id = "Sms"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "enabled"; + State = "enabled"; } } } @@ -136,30 +128,22 @@ Configuration Example { AADAuthenticationMethodPolicySms "AADAuthenticationMethodPolicySms-Sms" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( - MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Employees' TargetType = 'group' } ); - Id = "Sms"; - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Id = "Sms"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySmsIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "disabled"; # Updated Property } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md index e8b86110f5..b74df2e7f8 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicySoftware.md @@ -87,30 +87,26 @@ Configuration Example { AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup1' + Id = 'Executives' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); - Id = "SoftwareOath"; - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Id = "SoftwareOath"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); - State = "enabled"; + State = "enabled"; } } } @@ -136,30 +132,26 @@ Configuration Example { AADAuthenticationMethodPolicySoftware "AADAuthenticationMethodPolicySoftware-SoftwareOath" { - Credential = $credsCredential; - Ensure = "Present"; - ExcludeTargets = @( + Credential = $Credscredential; + Ensure = "Present"; + ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup1' + Id = 'Executives' TargetType = 'group' } MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget{ - Id = 'fakegroup2' + Id = 'Paralegals' TargetType = 'group' } ); - Id = "SoftwareOath"; - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Id = "SoftwareOath"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget{ - Id = 'fakegroup4' + Id = 'Legal Team' TargetType = 'group' } ); - State = "disabled"; # Updated Property + State = "disabled"; # Updated Property } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md index c4d1cc2812..6ccb4a78f0 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyTemporary.md @@ -92,28 +92,20 @@ Configuration Example { AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" { - Credential = $credsCredential; + Credential = $Credscredential; DefaultLength = 8; DefaultLifetimeInMinutes = 60; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Company' TargetType = 'group' } ); Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup4' + Id = 'DSCGroup' TargetType = 'group' } ); @@ -146,28 +138,20 @@ Configuration Example { AADAuthenticationMethodPolicyTemporary "AADAuthenticationMethodPolicyTemporary-TemporaryAccessPass" { - Credential = $credsCredential; + Credential = $Credscredential; DefaultLength = 9; # Updated Property DefaultLifetimeInMinutes = 60; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget{ - Id = 'fakegroup2' + Id = 'All Company' TargetType = 'group' } ); Id = "TemporaryAccessPass"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget{ - Id = 'fakegroup4' + Id = 'DSCGroup' TargetType = 'group' } ); diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md index 87289fb9a8..a8ae86de8f 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyVoice.md @@ -88,31 +88,17 @@ Configuration Example { AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" { - Credential = $credsCredential; - Ensure = "Present"; - Id = "Voice"; - IsOfficePhoneAllowed = $False; - ExcludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup2' - TargetType = 'group' - } - ); - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Credential = $Credscredential; + Ensure = "Present"; + Id = "Voice"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "disabled"; + IsOfficePhoneAllowed = $False; + State = "disabled"; } } } @@ -138,31 +124,17 @@ Configuration Example { AADAuthenticationMethodPolicyVoice "AADAuthenticationMethodPolicyVoice-Voice" { - Credential = $credsCredential; - Ensure = "Present"; - Id = "Voice"; - IsOfficePhoneAllowed = $True; # Updated Property - ExcludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget{ - Id = 'fakegroup2' - TargetType = 'group' - } - ); - IncludeTargets = @( - MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } + Credential = $Credscredential; + Ensure = "Present"; + Id = "Voice"; + IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget{ - Id = 'fakegroup4' + Id = 'all_users' TargetType = 'group' } ); - State = "disabled"; + IsOfficePhoneAllowed = $True; # Updated Property + State = "disabled"; } } } diff --git a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md index 0e8857b3d1..76071d519e 100644 --- a/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md +++ b/docs/docs/resources/azure-ad/AADAuthenticationMethodPolicyX509.md @@ -118,21 +118,21 @@ Configuration Example { AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { - Credential = $credsCredential; AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() ) - X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 1 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'PrincipalName' } MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 2 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'RFC822Name' } MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -141,25 +141,18 @@ Configuration Example X509CertificateField = 'SubjectKeyIdentifier' } ); + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup2' + Id = 'DSCGroup' TargetType = 'group' } ); Id = "X509Certificate"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup4' + Id = 'Finance Team' TargetType = 'group' } ); @@ -189,21 +182,21 @@ Configuration Example { AADAuthenticationMethodPolicyX509 "AADAuthenticationMethodPolicyX509-X509Certificate" { - Credential = $credsCredential; AuthenticationModeConfiguration = MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration{ + Rules = @(@() ) - X509CertificateAuthenticationDefaultMode = 'x509CertificateMultiFactor' + X509CertificateAuthenticationDefaultMode = 'x509CertificateSingleFactor' }; CertificateUserBindings = @( MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 1 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'PrincipalName' } MSFT_MicrosoftGraphx509CertificateUserBinding{ Priority = 2 - UserProperty = 'onPremisesUserPrincipalName' + UserProperty = 'userPrincipalName' X509CertificateField = 'RFC822Name' } MSFT_MicrosoftGraphx509CertificateUserBinding{ @@ -212,25 +205,18 @@ Configuration Example X509CertificateField = 'SubjectKeyIdentifier' } ); + Credential = $Credscredential; Ensure = "Present"; ExcludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup1' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget{ - Id = 'fakegroup2' + Id = 'DSCGroup' TargetType = 'group' } ); Id = "X509Certificate"; IncludeTargets = @( MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup3' - TargetType = 'group' - } - MSFT_AADAuthenticationMethodPolicyX509IncludeTarget{ - Id = 'fakegroup4' + Id = 'Finance Team' TargetType = 'group' } ); diff --git a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md index 340a201ca6..50256488d8 100644 --- a/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md +++ b/docs/docs/resources/azure-ad/AADConditionalAccessPolicy.md @@ -106,41 +106,25 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - DisplayName = 'Allin-example' - BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') - ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') - CloudAppSecurityIsEnabled = $True - CloudAppSecurityType = 'MonitorOnly' - ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') - ExcludeGroups = @() - ExcludeLocations = @('Blocked Countries') - ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') - ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') - ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') - ExcludeExternalTenantsMembers = @() - ExcludeExternalTenantsMembershipKind = 'all' - ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') - GrantControlOperator = 'OR' - IncludeApplications = @('All') - IncludeGroups = @() - IncludeLocations = @('AllTrusted') - IncludePlatforms = @('Android', 'IOS') - IncludeRoles = @('Compliance Administrator') - IncludeUserActions = @() - IncludeUsers = @('Alexw@contoso.com') - IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') - IncludeExternalTenantsMembershipKind = 'enumerated' - IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = '' - SignInFrequencyIsEnabled = $true - SignInFrequencyType = 'Hours' - SignInFrequencyValue = 5 - SignInRiskLevels = @('High', 'Medium') - State = 'disabled' - UserRiskLevels = @('High', 'Medium') - Ensure = 'Present' - Credential = $Credscredential + ApplicationEnforcedRestrictionsIsEnabled = $False; + BuiltInControls = @("mfa"); + ClientAppTypes = @("all"); + CloudAppSecurityIsEnabled = $False; + Credential = $Credscredential; + DeviceFilterMode = "exclude"; + DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; + DisplayName = "Example CAP"; + Ensure = "Present"; + ExcludeUsers = @("admin@$Domain"); + GrantControlOperator = "OR"; + IncludeApplications = @("All"); + IncludeRoles = @("Attack Payload Author"); + PersistentBrowserIsEnabled = $False; + SignInFrequencyInterval = "timeBased"; + SignInFrequencyIsEnabled = $True; + SignInFrequencyType = "hours"; + SignInFrequencyValue = 1; + State = "disabled"; } } } @@ -166,41 +150,25 @@ Configuration Example { AADConditionalAccessPolicy 'Allin-example' { - DisplayName = 'Allin-example' - BuiltInControls = @('Mfa', 'CompliantDevice', 'DomainJoinedDevice', 'ApprovedApplication', 'CompliantApplication') - ClientAppTypes = @('ExchangeActiveSync', 'Browser', 'MobileAppsAndDesktopClients', 'Other') - CloudAppSecurityIsEnabled = $False # Updated Property - CloudAppSecurityType = 'MonitorOnly' - ExcludeApplications = @('803ee9ca-3f7f-4824-bd6e-0b99d720c35c', '00000012-0000-0000-c000-000000000000', '00000007-0000-0000-c000-000000000000', 'Office365') - ExcludeGroups = @() - ExcludeLocations = @('Blocked Countries') - ExcludePlatforms = @('Windows', 'WindowsPhone', 'MacOS') - ExcludeRoles = @('Company Administrator', 'Application Administrator', 'Application Developer', 'Cloud Application Administrator', 'Cloud Device Administrator') - ExcludeUsers = @('admin@contoso.com', 'AAdmin@contoso.com', 'CAAdmin@contoso.com', 'AllanD@contoso.com', 'AlexW@contoso.com', 'GuestsOrExternalUsers') - ExcludeExternalTenantsMembers = @() - ExcludeExternalTenantsMembershipKind = 'all' - ExcludeGuestOrExternalUserTypes = @('internalGuest', 'b2bCollaborationMember') - GrantControlOperator = 'OR' - IncludeApplications = @('All') - IncludeGroups = @() - IncludeLocations = @('AllTrusted') - IncludePlatforms = @('Android', 'IOS') - IncludeRoles = @('Compliance Administrator') - IncludeUserActions = @() - IncludeUsers = @('Alexw@contoso.com') - IncludeExternalTenantsMembers = @('11111111-1111-1111-1111-111111111111') - IncludeExternalTenantsMembershipKind = 'enumerated' - IncludeGuestOrExternalUserTypes = @('b2bCollaborationGuest') - PersistentBrowserIsEnabled = $false - PersistentBrowserMode = '' - SignInFrequencyIsEnabled = $true - SignInFrequencyType = 'Hours' - SignInFrequencyValue = 5 - SignInRiskLevels = @('High', 'Medium') - State = 'disabled' - UserRiskLevels = @('High', 'Medium') - Ensure = 'Present' - Credential = $Credscredential + ApplicationEnforcedRestrictionsIsEnabled = $False; + BuiltInControls = @("mfa"); + ClientAppTypes = @("all"); + CloudAppSecurityIsEnabled = $True; # Updated Porperty + Credential = $Credscredential; + DeviceFilterMode = "exclude"; + DeviceFilterRule = "device.trustType -eq `"AzureAD`" -or device.trustType -eq `"ServerAD`" -or device.trustType -eq `"Workplace`""; + DisplayName = "Example CAP"; + Ensure = "Present"; + ExcludeUsers = @("admin@$Domain"); + GrantControlOperator = "OR"; + IncludeApplications = @("All"); + IncludeRoles = @("Attack Payload Author"); + PersistentBrowserIsEnabled = $False; + SignInFrequencyInterval = "timeBased"; + SignInFrequencyIsEnabled = $True; + SignInFrequencyType = "hours"; + SignInFrequencyValue = 1; + State = "disabled"; } } } diff --git a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md index 5ea98da170..f14b0feb1b 100644 --- a/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md +++ b/docs/docs/resources/azure-ad/AADCrossTenantAccessPolicyConfigurationPartner.md @@ -117,12 +117,17 @@ Configuration Example { AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" { - B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com + AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings { + InboundAllowed = $True + OutboundAllowed = $True + }; + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'Office365' + Target = 'AllApplications' TargetType = 'application' } ) @@ -131,37 +136,16 @@ Configuration Example AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllUsers' + Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365 TargetType = 'user' } ) } - } - B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'blocked' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - Credential = $Credscredential; - Ensure = "Present"; - PartnerTenantId = "12345-12345-12345-12345-12345"; + }; + ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' + CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' + TenantId = 'M365x35070558.onmicrosoft.com' + Ensure = "Present"; } } } @@ -186,12 +170,17 @@ Configuration Example { AADCrossTenantAccessPolicyConfigurationPartner "AADCrossTenantAccessPolicyConfigurationPartner" { - B2BCollaborationInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { + PartnerTenantId = "e7a80bcf-696e-40ca-8775-a7f85fbb3ebc"; # O365DSC.onmicrosoft.com + AutomaticUserConsentSettings = MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings { + InboundAllowed = $False # Updated Property + OutboundAllowed = $True + }; + B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'Office365' + Target = 'AllApplications' TargetType = 'application' } ) @@ -200,37 +189,16 @@ Configuration Example AccessType = 'allowed' Targets = @( MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllUsers' + Target = '68bafe64-f86b-4c4e-b33b-9d3eaa11544b' # Office 365 TargetType = 'user' } ) } - } - B2BCollaborationOutbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - B2BDirectConnectInbound = MSFT_AADCrossTenantAccessPolicyB2BSetting { - Applications = MSFT_AADCrossTenantAccessPolicyTargetConfiguration{ - AccessType = 'allowed' # Updated Property - Targets = @( - MSFT_AADCrossTenantAccessPolicyTarget{ - Target = 'AllApplications' - TargetType = 'application' - } - ) - } - } - Credential = $Credscredential; - Ensure = "Present"; - PartnerTenantId = "12345-12345-12345-12345-12345"; + }; + ApplicationId = 'c6957111-b1a6-479c-a15c-73e01ceb3b99' + CertificateThumbprint = 'ACD01315A4EBA42CD2E18EEE443AA280CC0BAB8B' + TenantId = 'M365x35070558.onmicrosoft.com' + Ensure = "Present"; } } } diff --git a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md index 5da369969e..37af8361ef 100644 --- a/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md +++ b/docs/docs/resources/azure-ad/AADEntitlementManagementAccessPackage.md @@ -84,23 +84,14 @@ Configuration Example { AADEntitlementManagementAccessPackage 'myAccessPackage' { - DisplayName = 'General' - AccessPackageResourceRoleScopes = @( - MSFT_AccessPackageResourceRoleScope { - Id = 'e5b0c702-b949-4310-953e-2a51790722b8' - AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' - AccessPackageResourceRoleDisplayName = 'AccessPackageRole' - } - ) - CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' - Description = 'Entitlement Access Package Example' - IsHidden = $false - IsRoleScopesVisible = $true - IncompatibleAccessPackages = @() - AccessPackagesIncompatibleWith = @() - IncompatibleGroups = @() - Ensure = 'Present' - Credential = $Credscredential + AccessPackagesIncompatibleWith = @(); + CatalogId = "General"; + Credential = $Credscredential; + Description = "Integration Tests"; + DisplayName = "Integration Package"; + Ensure = "Present"; + IsHidden = $False; + IsRoleScopesVisible = $True; } } } @@ -125,23 +116,14 @@ Configuration Example { AADEntitlementManagementAccessPackage 'myAccessPackage' { - DisplayName = 'General' - AccessPackageResourceRoleScopes = @( - MSFT_AccessPackageResourceRoleScope { - Id = 'e5b0c702-b949-4310-953e-2a51790722b8' - AccessPackageResourceOriginId = '8721d9fd-c6ef-46df-b1b2-bb6f818bce5b' - AccessPackageResourceRoleDisplayName = 'AccessPackageRole' - } - ) - CatalogId = '1b0e5aca-83e4-447b-84a8-3d8cffb4a331' - Description = 'Entitlement Access Package Example' - IsHidden = $true # Updated Property - IsRoleScopesVisible = $true - IncompatibleAccessPackages = @() - AccessPackagesIncompatibleWith = @() - IncompatibleGroups = @() - Ensure = 'Present' - Credential = $Credscredential + AccessPackagesIncompatibleWith = @(); + CatalogId = "General"; + Credential = $Credscredential; + Description = "Integration Tests"; + DisplayName = "Integration Package"; + Ensure = "Present"; + IsHidden = $True; # Updated Property + IsRoleScopesVisible = $True; } } } From 724c2b9eb1b881700c603a17efffe3863b7a3e51 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 20 Dec 2023 20:02:55 +0000 Subject: [PATCH 57/58] Updated {Create} Intune Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 89fc69d581..a9463d7e84 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -2586,7 +2586,7 @@ try { Master -ConfigurationData $ConfigurationData -Credscredential $Credential - Start-DscConfiguration Master -Wait -Force -Verbose + Start-DscConfiguration Master -Wait -Force -Verbose -ErrorAction Stop } catch { From 4bf8935bd5b01196649b485f97ccd431b0466092 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 20 Dec 2023 15:50:00 -0500 Subject: [PATCH 58/58] Release 1.23.1220.1 --- CHANGELOG.md | 10 +++--- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 32 +++++++++++++++++--- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8c61f4199e..70a49f2e9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.23.1220.1 * AADEntitlementManagementAccessPackage * Retrieve catalog by name instead of id. @@ -12,19 +12,19 @@ FIXES [#3655](https://github.com/microsoft/Microsoft365DSC/issues/3655) * IntuneDeviceEnrollmentPlatformRestriction * Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly - FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) + FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) * IntuneEndpointDetectionAndResponsePolicyWindows10 * Fix issue when trying to remove policy and Identity is set to a random GUID or from another tenant - FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) + FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled * Added Assignments FIXES [#2932](https://github.com/microsoft/Microsoft365DSC/issues/2932) +* SCAutoSensitivieyLabelPolicy + FIXES [#4036] Don't see any limits on our docs for priority * M365DSCDRGUtil * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) -* SCAutoSensitivieyLabelPolicy - FIXES [#4036] Don't see any limits on our docs for priority * DEPENDENCIES * Updated MSCloudLoginAssistant to version 1.1.4. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 53acdb10e5..6bef493831 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2023-12-13 +# Generated on: 2023-12-20 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.23.1213.1' + ModuleVersion = '1.23.1220.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,9 +140,31 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* DEPENDENCIES - * Updated Microsoft.Graph to version 2.11.0. - * Updated MSCloudLoginAssistant to version 1.1.3.' + ReleaseNotes = '* AADEntitlementManagementAccessPackage + * Retrieve catalog by name instead of id. + * IntuneDeviceAndAppManagementAssignmentFilter + * Add support for remaining platforms supported by this policy + FIXES [#4065](https://github.com/microsoft/Microsoft365DSC/issues/4065) + * IntuneDeviceConfigurationCustomPolicyWindows10 + * Add support to decrypt encrypted OmaSettings and export them in plaintext + FIXES [#3655](https://github.com/microsoft/Microsoft365DSC/issues/3655) + * IntuneDeviceEnrollmentPlatformRestriction + * Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly + FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730) + * IntuneEndpointDetectionAndResponsePolicyWindows10 + * Fix issue when trying to remove policy and Identity is set to a random GUID + or from another tenant + FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041) + * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled + * Added Assignments + FIXES [#2932](https://github.com/microsoft/Microsoft365DSC/issues/2932) + * SCAutoSensitivieyLabelPolicy + FIXES [#4036] Don''t see any limits on our docs for priority + * M365DSCDRGUtil + * Fix empty BaseUrl since MSCloudLoginAssistant removed Intune workload + FIXES [#4057](https://github.com/microsoft/Microsoft365DSC/issues/4057) + * DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.4.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false