microsoft
/
Microsoft365DSC
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Major Update

Nik Charlebois 2021-10-06 06:17:59 -04:00
Родитель 8311ea491f
Коммит acb486e374
145 изменённых файлов: 1010 добавлений и 361 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

11
AADApplication.md

@ -17,15 +17,13 @@
| **IdentifierUris** | Write | StringArray[] | User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain. ||
| **KnownClientApplications** | Write | StringArray[] | Client applications that are tied to this resource application. ||
| **LogoutURL** | Write | String | The logout url for this application. ||
| **Oauth2AllowImplicitFlow** | Write | Boolean | Specifies whether this web application can request OAuth2.0 implicit flow tokens. The default is false. ||
| **Oauth2AllowUrlPathMatching** | Write | Boolean | Specifies whether, as part of OAuth 2.0 token requests, Azure AD will allow path matching of the redirect URI against the application's replyUrls. The default is false. ||
| **Oauth2RequirePostResponse** | Write | Boolean | Set this to true if an Oauth2 psot response is required. ||
| **PublicClient** | Write | Boolean | Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false. ||
| **ReplyURLs** | Write | StringArray[] | Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to. ||
| **SamlMetadataUrl** | Write | String | The URL to the SAML metadata for the application. ||
| **Ensure** | Write | String | Specify if the Azure AD App should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure AD Admin ||
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **Permissions** | Write | InstanceArray[] | API permissions for the Azure Active Directory Application. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -75,12 +73,9 @@ Configuration Example
IdentifierUris = "https://app.contoso.com"
KnownClientApplications = ""
LogoutURL = "https://app.contoso.com/logout"
Oauth2AllowImplicitFlow = $false
Oauth2AllowUrlPathMatching = $false
Oauth2RequirePostResponse = $false
PublicClient = $false
ReplyURLs = "https://app.contoso.com"
SamlMetadataUrl = ""
Permissions = @(
MSFT_AADApplicationPermission
{
@ -105,7 +100,7 @@ Configuration Example
}
)
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

5
AADConditionalAccessPolicy.md

@ -36,9 +36,10 @@
| **PersistentBrowserIsEnabled** | Write | Boolean | Specifies, whether Browser Persistence is controlled by the Policy. ||
| **PersistentBrowserMode** | Write | String | Specifies, what Browser Persistence control is enforced by the Policy. |Always, Never, |
| **Ensure** | Write | String | Specify if the Azure AD CA Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure Active Directory Admin ||
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADConditionalAccessPolicy
@ -97,7 +98,7 @@ Configuration Example
{
AADConditionalAccessPolicy Allin-example
{
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
BuiltInControls = @("Mfa", "CompliantDevice", "DomainJoinedDevice", "ApprovedApplication", "CompliantApplication");
ClientAppTypes = @("ExchangeActiveSync", "Browser", "MobileAppsAndDesktopClients", "Other");
CloudAppSecurityIsEnabled = $True;

76
AADGroup.md Normal file

@ -0,0 +1,76 @@
# AADGroup
## Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **DisplayName** | Key | String | DisplayName of the Azure Active Directory Group ||
| **MailNickname** | Key | String | Specifies a mail nickname for the group. ||
| **Description** | Write | String | Specifies a description for the group. ||
| **Id** | Write | String | Specifies an ID for the group. ||
| **GroupTypes** | Write | StringArray[] | Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership. ||
| **MembershipRule** | Write | String | Specifies the membership rule for a dynamic group. ||
| **MembershipRuleProcessingState** | Write | String | Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule. |On, Paused|
| **SecurityEnabled** | Write | Boolean | Specifies whether the group is security enabled. For security groups, this value must be $True. ||
| **MailEnabled** | Write | Boolean | Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD. ||
| **IsAssignableToRole** | Write | Boolean | Specifies whether this group can be assigned a role. Only available when creating a group and can't be modified after group is created. ||
| **Visibility** | Write | String | This parameter determines the visibility of the group's content and members list. |Public, Private, HiddenMembership|
| **Ensure** | Write | String | Specify if the Azure AD Group should exist or not. |Present, Absent|
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADGroup
### Description
This resource configures an Azure Active Directory group.
## Azure AD Permissions
To authenticate via Azure Active Directory, this resource required the following Application permissions:
* **Automate**
* None
* **Export**
* None
NOTE: All permisions listed above require admin consent.
## Examples
### Example 1
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
```powershell
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$credsGlobalAdmin
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADGroup MyGroups
{
DisplayName = "DSCGroup"
Description = "Microsoft DSC Group"
SecurityEnabled = $True
MailEnabled = $True
GroupTypes = @("Unified")
MailNickname = "M365DSC"
Visibility = "Private"
Credential = $credsGlobalAdmin
Ensure = "Present"
}
}
}
```

66
AADGroupLifecyclePolicy.md Normal file

@ -0,0 +1,66 @@
# AADGroupLifecyclePolicy
## Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **IsSingleInstance** | Key | String | Only valid value is 'Yes'. |Yes|
| **GroupLifetimeInDays** | Required | UInt32 | The number of days a group can exist before it needs to be renewed. ||
| **ManagedGroupTypes** | Required | String | This parameter allows the admin to select which office 365 groups the policy will apply to. 'None' will create the policy in a disabled state. 'All' will apply the policy to every Office 365 group in the tenant. 'Selected' will allow the admin to choose specific Office 365 groups that the policy will apply to. |All, None, Selected|
| **AlternateNotificationEmails** | Required | StringArray[] | Notification emails for groups that have no owners will be sent to these email addresses. ||
| **Ensure** | Write | String | Specify if the Azure AD Groups Lifecycle Policy should exist or not. |Present, Absent|
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADGroupLifecyclePolicy
### Description
This resource configures an Azure Active Directory Group Lifecycle Policy (e.g. Expiration).
## Azure AD Permissions
To authenticate via Azure Active Directory, this resource required the following Application permissions:
* **Automate**
* None
* **Export**
* None
NOTE: All permisions listed above require admin consent.
## Examples
### Example 1
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
```powershell
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$credsGlobalAdmin
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADGroupLifecyclePolicy GroupLifecyclePolicy
{
AlternateNotificationEmails = @("john.smith@contoso.com");
Ensure = "Present";
Credential = $credsGlobalAdmin;
GroupLifetimeInDays = 99;
IsSingleInstance = "Yes";
ManagedGroupTypes = "Selected";
}
}
}
```

5
AADGroupsNamingPolicy.md

@ -8,9 +8,10 @@
| **PrefixSuffixNamingRequirement** | Write | String | Prefixes and suffixes to add to the group name. ||
| **CustomBlockedWordsList** | Write | StringArray[] | Comma delimited list of words that should be blocked from being included in groups' names. ||
| **Ensure** | Write | String | Specify if the Azure AD Groups Naming Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure Active Directory Admin ||
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADGroupsNamingPolicy
@ -52,7 +53,7 @@ Configuration Example
AADGroupsNamingPolicy GroupsNamingPolicy
{
CustomBlockedWordsList = @("CEO", "President");
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
IsSingleInstance = "Yes";
PrefixSuffixNamingRequirement = "[Title]Test[Company][GroupName][Office]Redmond";
Ensure = "Present";

5
AADGroupsSettings.md

@ -13,9 +13,10 @@
| **AllowToAddGuests** | Write | Boolean | A boolean indicating whether or not is allowed to add guests to this directory. ||
| **UsageGuidelinesUrl** | Write | String | A link to the Group Usage Guidelines. ||
| **Ensure** | Write | String | Specify if the Azure AD Groups Naming Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure Active Directory Admin ||
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADGroupsNamingPolicy
@ -61,7 +62,7 @@ Configuration Example
AllowToAddGuests = $True;
EnableGroupCreation = $True;
Ensure = "Present";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
GroupCreationAllowedGroupName = "All Company";
GuestUsageGuidelinesUrl = "https://contoso.com/guestusage";
IsSingleInstance = "Yes";

21
AADNamedLocationPolicy.md

@ -4,17 +4,18 @@
| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **OdataType** | Write | String | Specifies the Odata Type of a Named Location policy object in Azure Active Directory |#microsoft.graph.countryNamedLocation, #microsoft.graph.ipNamedLocation|
| **Id** | Write | String | Specifies the ID of a Named Location policy in Azure Active Directory. ||
| **DisplayName** | Key | String | Specifies the Display Name of a Named Location policy in Azure Active Directory ||
| **IpRanges** | Write | StringArray[] | Specifies the IP ranges of the Named Location policy in Azure Active Directory ||
| **IsTrusted** | Write | Boolean | Specifies the isTrusted value for the Named Location policy in Azure Active Directory ||
| **CountriesAndRegions** | Write | StringArray[] | Specifies the countries and regions for the Named Location policy in Azure Active Directory ||
| **IncludeUnknownCountriesAndRegions** | Write | Boolean | Specifies the includeUnknownCountriesAndRegions value for the Named Location policy in Azure Active Directory ||
| **OdataType** | Write | String | Specifies the Odata Type of a Named Location object in Azure Active Directory |#microsoft.graph.countryNamedLocation, #microsoft.graph.ipNamedLocation|
| **Id** | Write | String | Specifies the ID of a Named Location in Azure Active Directory. ||
| **DisplayName** | Key | String | Specifies the Display Name of a Named Location in Azure Active Directory ||
| **IpRanges** | Write | StringArray[] | Specifies the IP ranges of the Named Location in Azure Active Directory ||
| **IsTrusted** | Write | Boolean | Specifies the isTrusted value for the Named Location in Azure Active Directory ||
| **CountriesAndRegions** | Write | StringArray[] | Specifies the countries and regions for the Named Location in Azure Active Directory ||
| **IncludeUnknownCountriesAndRegions** | Write | Boolean | Specifies the includeUnknownCountriesAndRegions value for the Named Location in Azure Active Directory ||
| **Ensure** | Write | String | Specify if the Azure AD Named Location should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure AD Admin ||
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADNamedLocationPolicy
@ -61,7 +62,7 @@ Configuration Example
IsTrusted = $True;
OdataType = "#microsoft.graph.ipNamedLocation";
TenantId = $ConfigurationData.NonNodeData.TenantId;
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
AADNamedLocationPolicy AllowedCountries
{
@ -71,7 +72,7 @@ Configuration Example
IncludeUnknownCountriesAndRegions = $False;
OdataType = "#microsoft.graph.countryNamedLocation";
TenantId = $ConfigurationData.NonNodeData.TenantId;
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

5
AADRoleDefinition.md

@ -13,9 +13,10 @@
| **TemplateId** | Write | String | Specifies template id for the role definition. ||
| **Version** | Write | String | Specifies version for the role definition. ||
| **Ensure** | Write | String | Specify if the Azure AD Role definition should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure AD Admin ||
| **Credential** | Write | PSCredential | Credentials of the Azure AD Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADRoleDefintiion
@ -68,7 +69,7 @@ Configuration Example
RolePermissions = "microsoft.directory/applicationPolicies/allProperties/read","microsoft.directory/applicationPolicies/allProperties/update","microsoft.directory/applicationPolicies/basic/update"
Version = "1.0"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

7
AADServicePrincipal.md

@ -7,7 +7,7 @@
| **AppId** | Key | String | The unique identifier for the associated application. ||
| **ObjectID** | Write | String | The ObjectID of the ServicePrincipal ||
| **DisplayName** | Write | String | Displayname of the ServicePrincipal. ||
| **AlternativeNames** | Write | StringArray[] | The atlernative names for this service principal ||
| **AlternativeNames** | Write | StringArray[] | The alternative names for this service principal ||
| **AccountEnabled** | Write | Boolean | True if the service principal account is enabled; otherwise, false. ||
| **AppRoleAssignmentRequired** | Write | Boolean | Indicates whether an application role assignment is required. ||
| **ErrorUrl** | Write | String | Specifies the error URL of the ServicePrincipal. ||
@ -23,7 +23,8 @@
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure AD Admin ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **Credential** | Write | PSCredential | Credentials of the Azure AD Admin ||
# AADServicePrincipal
@ -98,7 +99,7 @@ Configuration Example
ServicePrincipalType = "Application"
Tags = "{WindowsAzureActiveDirectoryIntegratedApp}"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

5
AADTenantDetails.md

@ -9,9 +9,10 @@
| **SecurityComplianceNotificationMails** | Write | StringArray[] | Email-addresses from the people who should receive Security Compliance Notifications ||
| **SecurityComplianceNotificationPhones** | Write | StringArray[] | Phone Numbers from the people who should receive Security Notifications ||
| **TechnicalNotificationMails** | Write | StringArray[] | Email-addresses from the people who should receive Technical Notifications ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure Active Directory Admin ||
| **Credential** | Write | PSCredential | Credentials of the Azure Active Directory Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AAD Tenant Details
@ -55,7 +56,7 @@ Configuration Example {
SecurityComplianceNotificationPhones = "+1123456789"
SecurityComplianceNotificationMails = "exapmle@contoso.com"
MarketingNotificationEmails = "exapmle@contoso.com"
GlobalAdminAccount = $GlobalAdmin
Credential = $GlobalAdmin
IsSingleInstance = 'Yes'
}
}

36
AADTokenLifetimePolicy.md Normal file

@ -0,0 +1,36 @@
# AADTokenLifetimePolicy
## Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **DisplayName** | Key | String | DisplayName of the Policy ||
| **Id** | Write | String | ObjectID of the Policy. ||
| **Description** | Write | String | Description of the Policy. ||
| **Definition** | Write | StringArray[] | Definition of the Policy. ||
| **IsOrganizationDefault** | Write | Boolean | IsOrganizationDefault of the Policy. ||
| **Ensure** | Write | String | Specify if the Azure AD Policy should exist or not. |Present, Absent|
| **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory application to authenticate with. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# AADTokenLifetimePolicy
### Description
This resource configures the Azure AD Token Lifetime Policies
## Azure AD Permissions
To authenticate via Azure Active Directory, this resource required the following Application permissions:
* **Automate**
* Policy.Read.All,Policy.ReadWrite.ApplicationConfiguration
* **Export**
* None
NOTE: All permisions listed above require admin consent.

8
EXOAcceptedDomain.md

@ -9,7 +9,7 @@
| **DomainType** | Write | String | The type of AcceptedDomain. Currently the EXOAcceptedDomain DSC Resource accepts a value of 'Authoritative' and 'InternalRelay'. |Authoritative, InternalRelay|
| **MatchSubDomains** | Write | Boolean | The MatchSubDomains parameter must be false on Authoritative domains. The default value is false. ||
| **OutboundOnly** | Write | Boolean | The OutboundOnly must be false on Authoritative domains. The default value is false. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -35,10 +35,10 @@ DomainType
- Required: No (Defaults to 'Authoritative')
- Description: The DomainType parameter specifies the accepted domain type.
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of a Microsoft 365 Admin
Identity
@ -70,7 +70,7 @@ OutboundOnly
EXOAcceptedDomain ExampleEmailDomain {
Ensure = 'Present'
Identity = 'example.contoso.com'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
```

2
EXOActiveSyncDeviceAccessRule.md

@ -9,7 +9,7 @@
| **Characteristic** | Write | String | The Characteristic parameter specifies the device characteristic or category that's used by the rule. |DeviceModel, DeviceType, DeviceOS, UserAgent, XMSWLHeader|
| **QueryString** | Write | String | The QueryString parameter specifies the device identifier that's used by the rule. This parameter uses a text value that's used with Characteristic parameter value to define the device. ||
| **Ensure** | Write | String | Specify if the Active Sync Device Access Rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOAddressBookPolicy.md

@ -10,7 +10,7 @@
| **OfflineAddressBook** | Write | String | The OfflineAddressBook parameter specifies the identity of the offline address book (OAB) that will be used by mailbox users who are assigned this address book policy. You can specify only one OAB for each address book policy. ||
| **RoomList** | Write | String | The RoomList parameter specifies the name of the room address list. ||
| **Ensure** | Write | String | Specify if the Address Book Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

4
EXOAddressList.md

@ -27,7 +27,7 @@
| **IncludedRecipients** | Write | StringArray[] | The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type. |AllRecipients, MailboxUsers, MailContacts, MailGroups, MailUsers, Resources|
| **RecipientFilter** | Write | String | The RecipientFilter parameter specifies a custom OPath filter that's based on the value of any available recipient property. ||
| **Ensure** | Write | String | Specifies if this AddressList should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -67,7 +67,7 @@ Configuration Example
ConditionalStateOrProvince = "US"
IncludedRecipients = "AllRecipients"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

10
EXOAntiPhishPolicy.md

@ -12,6 +12,7 @@
| **TargetedDomainProtectionAction** | Write | String | The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages for the domains specified by the TargetedDomainsToProtect parameter. |BccMessage, Delete, MoveToJmf, NoAction, Quarantine, Redirect|
| **TargetedUserProtectionAction** | Write | String | The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter. |BccMessage, Delete, MoveToJmf, NoAction, Quarantine, Redirect|
| **Enabled** | Write | Boolean | Specify if this policy should be enabled. Default is $true. ||
| **EnableFirstContactSafetyTips** | Write | Boolean | The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender. ||
| **EnableAntispoofEnforcement** | Write | Boolean | The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the policy. ||
| **EnableMailboxIntelligence** | Write | Boolean | The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection. ||
| **EnableMailboxIntelligenceProtection** | Write | Boolean | The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives. ||
@ -23,6 +24,7 @@
| **EnableTargetedUserProtection** | Write | Boolean | The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter ||
| **EnableUnauthenticatedSender** | Write | Boolean | The EnableUnauthenticatedSender parameter enables or disables unauthenticated sender identification in Outlook. ||
| **EnableUnusualCharactersSafetyTips** | Write | Boolean | The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections. ||
| **EnableViaTag** | Write | Boolean | This setting is part of spoof protection. The EnableViaTag parameter enables or disables adding the via tag to the From address in Outlook. ||
| **MakeDefault** | Write | Boolean | Make this the default antiphishing policy ||
| **ExcludedDomains** | Write | StringArray[] | The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas. ||
| **ExcludedSenders** | Write | StringArray[] | The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas. ||
@ -33,7 +35,7 @@
| **TargetedDomainsToProtect** | Write | StringArray[] | The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true. ||
| **TargetedUserActionRecipients** | Write | StringArray[] | The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas. ||
| **TargetedUsersToProtect** | Write | StringArray[] | The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -54,10 +56,10 @@ Ensure
- Required: No (Defaults to 'Present')
- Description: Specifies if the configuration should be `Present` or `Absent`
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -70,7 +72,7 @@ Identity
EXOAntiPhishPolicy TestPhishPolicy {
Ensure = 'Present'
Identity = 'TestPolicy'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
```

8
EXOAntiPhishRule.md

@ -16,7 +16,7 @@
| **RecipientDomainIs** | Write | StringArray[] | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas. ||
| **SentTo** | Write | StringArray[] | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ||
| **SentToMemberOf** | Write | StringArray[] | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -43,10 +43,10 @@ Ensure
- Required: No (Defaults to 'Present')
- Description: Specifies if the configuration should be `Present` or `Absent`
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -59,7 +59,7 @@ Identity
EXOAntiPhishRule TestPhishRule {
Ensure = 'Present'
Identity = 'TestRule'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AntiPhishPolicy = 'TestPolicy'
Enabled = $true
Priority = 0

2
EXOApplicationAccessPolicy.md

@ -10,7 +10,7 @@
| **PolicyScopeGroupId** | Write | String | The PolicyScopeGroupID parameter specifies the recipient to define in the policy. You can use any value that uniquely identifies the recipient. ||
| **Description** | Write | String | The Description parameter specifies a description for the policy. ||
| **Ensure** | Write | String | Specify if the Application Access Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

15
EXOAtpPolicyForO365.md

@ -8,12 +8,13 @@
| **Identity** | Write | String | The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default. ||
| **Ensure** | Write | String | Since there is only one policy, the default policy, this must be set to 'Present' |Present|
| **AllowClickThrough** | Write | Boolean | The AllowClickThrough parameter specifies whether to allow users to click through to the original blocked URL in Office 365 ProPlus. Default is $true. ||
| **AllowSafeDocsOpen** | Write | Boolean | The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents identifies a file as malicious. ||
| **BlockUrls** | Write | StringArray[] | The BlockUrls parameter specifies the URLs that are always blocked by Safe Links scanning. You can specify multiple values separated by commas. ||
| **EnableATPForSPOTeamsODB** | Write | Boolean | The EnableATPForSPOTeamsODB parameter specifies whether ATP is enabled for SharePoint Online, OneDrive for Business and Microsoft Teams. Default is $false. ||
| **EnableSafeDocs** | Write | Boolean | The EnableSafeDocs parameter specifies whether to enable the Safe Documents feature in the organization. Default is $false. ||
| **EnableSafeLinksForO365Clients** | Write | Boolean | The EnableSafeLinksForO365Clients parameter specifies whether Safe Links scanning is enabled for supported Office 365 desktop, mobile, and web apps. Default is $true. ||
| **TrackClicks** | Write | Boolean | The TrackClicks parameter specifies whether to track user clicks related to blocked URLs. Default is $true. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -40,7 +41,7 @@ IsSingleInstance
- Required: Yes
- Description: Single instance resource, the value must be 'Yes'
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -58,6 +59,13 @@ AllowClickThrough
users to click through to the original blocked URL in
Office 365 ProPlus. The default value is $true
AllowSafeDocsOpen
- Required: No
- Description: The AllowSafeDocsOpen parameter specifies whether users can
click through and bypass the Protected View container even when Safe Documents
identifies a file as malicious.
BlockUrls
- Required: No
@ -99,8 +107,9 @@ TrackClicks
IsSingleInstance = 'Yes'
Ensure = 'Present'
Identity = 'Default'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AllowClickThrough = $true
AllowSafeDocsOpen = $true
BlockUrls = @('test1.badurl.com','test2.badurl.com')
EnableATPForSPOTeamsODB = $true
EnableSafeDocs = $false

2
EXOAvailabilityAddressSpace.md

@ -10,7 +10,7 @@
| **ForestName** | Write | String | The ForestName parameter specifies the SMTP domain name of the target forest for users whose free/busy data must be retrieved. If your users are distributed among multiple SMTP domains in the target forest, run the Add-AvailabilityAddressSpace command once for each SMTP domain. ||
| **TargetAutodiscoverEpr** | Write | String | The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct server endpoint for external requests. ||
| **Ensure** | Write | String | Specifies if this AvailabilityAddressSpace should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

8
EXOAvailabilityConfig.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **OrgWideAccount** | Key | String | Specify the OrgWideAccount for the AvailabilityConfig. ||
| **Ensure** | Write | String | Specify if the AvailabilityConfig should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -27,10 +27,10 @@ Ensure
- Description: Specifies whether the configured AvailabilityConfig
should be Present or Absent.
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
OrgWideAccount
@ -43,7 +43,7 @@ OrgWideAccount
EXOAvailabilityConfig ExampleAvailabilityConfig {
Ensure = 'Present'
OrgWideAccount = 'johndoe'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
```

6
EXOCASMailboxPlan.md

@ -10,7 +10,7 @@
| **ImapEnabled** | Write | Boolean | The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $true for all CAS mailbox plans except ExchangeOnlineDeskless which is $false by default. ||
| **OwaMailboxPolicy** | Write | String | The OwaMailboxPolicy parameter specifies the Outlook on the web (formerly known as Outlook Web App) mailbox policy for the mailbox plan. The default value is OwaMailboxPolicy-Default. You can use the Get-OwaMailboxPolicy cmdlet to view the available Outlook on the web mailbox policies. ||
| **PopEnabled** | Write | Boolean | The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. Default is $true. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -32,7 +32,7 @@ Ensure
- Description: `Present` is the only value accepted.
Configurations using `Ensure = 'Absent'` will throw an Error!
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -77,7 +77,7 @@ PopEnabled
EXOCASMailboxPlan CASMBPExampleConfig {
Ensure = 'Present'
Identity = 'ExchangeOnlineEnterprise-6f6c267b-f8db-4020-b441-f7bd966a0ca0'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
ActiveSyncEnabled = $true
ImapEnabled = $true
OwaMailboxPolicy = 'OwaMailboxPolicy-Default'

6
EXOClientAccessRule.md

@ -19,7 +19,7 @@
| **UserRecipientFilter** | Write | String | The UserRecipientFilter parameter specifies a condition for the client access rule that uses OPath filter syntax to identify the user. ||
| **UsernameMatchesAnyOfPatterns** | Write | StringArray[] | The UsernameMatchesAnyOfPatterns parameter specifies a condition for the client access rule that is based on the user's account name. ||
| **Ensure** | Write | String | Specifies if this Client Access Rule should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -47,7 +47,7 @@ Ensure
- Description: Specifies whether the configured Client Access Rule
should be Present or Absent.
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -210,7 +210,7 @@ UserRecipientFilter
EXOClientAccessRule CliendAccessRuleExampleConfig {
Ensure = 'Present'
Identity = 'ExampleCASRule'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
Action = 'AllowAccess'
AnyOfAuthenticationTypes = @('AdfsAuthentication', 'BasicAuthentication')
AnyOfClientIPAddressesOrRanges = @('192.168.1.100', '10.1.1.0/24', '172.16.5.1-172.16.5.150')

6
EXODkimSigningConfig.md

@ -11,7 +11,7 @@
| **KeySize** | Write | UInt16 | The KeySize parameter specifies the size in bits of the public key that's used in the DKIM signing policy. The only available value is 1024. |1024|
| **Enabled** | Write | Boolean | The Enabled parameter specifies whether the DKIM Signing Configuration is enabled or disabled. Default is $true. ||
| **Ensure** | Write | String | Specifies if this Client Access Rule should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -33,7 +33,7 @@ Ensure
- Description: Specifies whether the configured Dkim Signing Config
should be Present or Absent.
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -94,7 +94,7 @@ KeySize
EXODkimSigningConfig DkimSigningConfigExample {
Ensure = 'Present'
Identity = 'contoso.com'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AdminDisplayName = 'contoso.com DKIM Config'
BodyCanonicalization = 'Relaxed'
Enabled = $false

2
EXOEmailAddressPolicy.md

@ -10,7 +10,7 @@
| **EnabledPrimarySMTPAddressTemplate** | Write | StringArray[] | The EnabledPrimarySMTPAddressTemplate parameter specifies the specifies the rule in the email address policy that's used to generate the primary SMTP email addresses for recipients. You can use this parameter instead of the EnabledEmailAddressTemplates if the policy only applies the primary email address and no additional proxy addresses. ||
| **ManagedByFilter** | Write | String | The ManagedByFilter parameter specifies the email address policies to apply to Office 365 groups based on the properties of the users who create the Office 365 groups. ||
| **Ensure** | Write | String | Specify if the Email Address Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOGlobalAddressList.md

@ -26,7 +26,7 @@
| **IncludedRecipients** | Write | StringArray[] | The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type. |, AllRecipients, MailboxUsers, MailContacts, MailGroups, MailUsers, Resources|
| **RecipientFilter** | Write | String | The RecipientFilter parameter specifies an OPath filter that's based on the value of any available recipient property. ||
| **Ensure** | Write | String | Specify if the Global Address List should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

8
EXOHostedConnectionFilterPolicy.md

@ -11,7 +11,7 @@
| **IPBlockList** | Write | StringArray[] | The IPBlockList parameter specifies IP addresses from which messages are never allowed. Messages from the IP addresses you specify are blocked without any further spam scanning. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP. ||
| **MakeDefault** | Write | Boolean | The MakeDefault parameter makes the specified policy the default connection filter policy. Default is $false. ||
| **Ensure** | Write | String | Specifies if this Hosted Connection Filter Policy should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -33,10 +33,10 @@ Ensure
- Description: `Present` is the only value accepted.
Configurations using `Ensure = 'Absent'` will throw an Error!
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -87,7 +87,7 @@ IPBlockList
EXOHostedConnectionFilterPolicy TestHostedConnectionFilterPolicy {
Ensure = 'Present'
Identity = 'TestPolicy'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AdminDisplayName = 'This policiy is a test'
EnableSafeList = $true
IPAllowList = @('192.168.1.100', '10.1.1.0/24', '172.16.5.1-172.16.5.150')

12
EXOHostedContentFilterPolicy.md

@ -22,6 +22,7 @@
| **EndUserSpamNotificationCustomSubject** | Write | String | The EndUserSpamNotificationCustomSubject parameter specifies a custom subject for end-user spam notification messages. ||
| **EndUserSpamNotificationFrequency** | Write | UInt32 | The EndUserSpamNotificationFrequency parameter specifies the repeat interval in days that end-user spam notification messages are sent. Valid input for this parameter is an integer between 1 and 15. The default value is 3. ||
| **EndUserSpamNotificationLanguage** | Write | String | The EndUserSpamNotificationLanguage parameter specifies the language of end-user spam notification messages. The default value is Default. This means the default language of end-user spam notification messages is the default language of the cloud-based organization. |Default, English, French, German, Italian, Japanese, Spanish, Korean, Portuguese, Russian, ChineseSimplified, ChineseTraditional, Amharic, Arabic, Bulgarian, BengaliIndia, Catalan, Czech, Cyrillic, Danish, Greek, Estonian, Basque, Farsi, Finnish, Filipino, Galician, Gujarati, Hebrew, Hindi, Croatian, Hungarian, Indonesian, Icelandic, Kazakh, Kannada, Lithuanian, Latvian, Malayalam, Marathi, Malay, Dutch, NorwegianNynorsk, Norwegian, Oriya, Polish, PortuguesePortugal, Romanian, Slovak, Slovenian, SerbianCyrillic, Serbian, Swedish, Swahili, Tamil, Telugu, Thai, Turkish, Ukrainian, Urdu, Vietnamese|
| **HighConfidencePhishAction** | Write | String | The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing |MoveToJmf, Redirect, Quarantine|
| **HighConfidenceSpamAction** | Write | String | The HighConfidenceSpamAction parameter specifies the action to take on messages that are classified as high confidence spam. |MoveToJmf, AddXHeader, ModifySubject, Redirect, Delete, Quarantine, NoAction|
| **IncreaseScoreWithBizOrInfoUrls** | Write | String | The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or .info domains. Valid values for this parameter are Off, On or Test. The default value is Off. |Off, On, Test|
| **IncreaseScoreWithImageLinks** | Write | String | The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to remote websites. Valid values for this parameter are Off, On or Test. The default value is Off. |Off, On, Test|
@ -45,7 +46,7 @@
| **ModifySubjectValue** | Write | String | The ModifySubjectValue parameter specifies the text to prepend to the existing subject of spam messages when an action parameter is set to the value ModifySubject. ||
| **PhishSpamAction** | Write | String | The PhishSpamAction parameter specifies the action to take on messages that are classified as phishing |MoveToJmf, AddXHeader, ModifySubject, Redirect, Delete, Quarantine, NoAction|
| **QuarantineRetentionPeriod** | Write | UInt32 | The QuarantineRetentionPeriod parameter specifies the length of time in days that spam messages remain in the quarantine. Valid input for this parameter is an integer between 1 and 30. The default value is 15. ||
| **RedirectToRecipients** | Write | StringArray[] | The RedirectToRecipients parameter specifies the replacement recipients in spam messages when an action parameter is set to the value Redirect. The action parameters that use the value of RedirectToRecipients are HighConfidenceSpamAction and SpamAction. ||
| **RedirectToRecipients** | Write | StringArray[] | The RedirectToRecipients parameter specifies the replacement recipients in spam messages when an action parameter is set to the value Redirect. The action parameters that use the value of RedirectToRecipients are BulkSpamAction, HighConfidencePhishAction, HighConfidenceSpamAction, PhishSpamAction and SpamAction. ||
| **RegionBlockList** | Write | StringArray[] | The RegionBlockList parameter specifies the region to block when messages are blocked based on their source region. Valid input for this parameter is a supported ISO 3166-1 uppercase two-letter country code. You can specify multiple values separated by commas. This parameter is only used when the EnableRegionBlockList parameter is set to $true. ||
| **SpamAction** | Write | String | The SpamAction parameter specifies the action to take on messages that are classified as spam (not high confidence spam, bulk email, or phishing). |MoveToJmf, AddXHeader, ModifySubject, Redirect, Delete, Quarantine, NoAction|
| **TestModeAction** | Write | String | The TestModeAction parameter specifies the additional action to take on messages that match any of the IncreaseScoreWith or MarkAsSpam parameters that are set to the value Test. |None, AddXHeader, BccMessage|
@ -53,7 +54,7 @@
| **PhishZapEnabled** | Write | Boolean | The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing messages in delivered messages in Exchange Online mailboxes. ||
| **SpamZapEnabled** | Write | Boolean | The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in delivered messages in Exchange Online mailboxes. ||
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -75,10 +76,10 @@ Ensure
- Description: `Present` is the only value accepted.
Configurations using `Ensure = 'Absent'` will throw an Error!
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -97,7 +98,7 @@ AdminDisplayName
EXOHostedContentFilterPolicy TestHostedContentFilterPolicy {
Ensure = 'Present'
Identity = 'TestPolicy'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AdminDisplayName = 'This policiy is a test'
AddXHeaderValue = 'MyCustomSpamHeader'
ModifySubjectValue = 'SPAM!'
@ -125,6 +126,7 @@ EXOHostedContentFilterPolicy TestHostedContentFilterPolicy {
LanguageBlockList = @('AF', 'SQ', 'AR', 'CY', 'YI')
RegionBlockList = @('AF', 'AX', 'AL', 'DZ', 'ZW')
HighConfidenceSpamAction = 'Quarantine'
HighConfidencePhishAction = 'Quarantine'
SpamAction = 'MoveToJmf'
EnableEndUserSpamNotifications = $true
DownloadLink = $false

8
EXOHostedContentFilterRule.md

@ -16,7 +16,7 @@
| **SentTo** | Write | StringArray[] | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ||
| **SentToMemberOf** | Write | StringArray[] | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group. ||
| **Ensure** | Write | String | Specify if this rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -44,10 +44,10 @@ Ensure
- Description: `Present` is the only value accepted.
Configurations using `Ensure = 'Absent'` will throw an Error!
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -60,7 +60,7 @@ Identity
EXOHostedContentFilterRule TestHostedContentFilterRule {
Ensure = 'Present'
Identity = 'TestRule'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
HostedContentFilterPolicy = 'TestPolicy'
Enabled = $true
Priority = 0

6
EXOHostedOutboundSpamFilterPolicy.md

@ -16,7 +16,7 @@
| **ActionWhenThresholdReached** | Write | String | The ActionWhenThresholdReached parameter specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert, BlockUser, BlockUserForToday. BlockUserForToday is the default value. ||
| **AutoForwardingMode** | Write | String | The AutoForwardingMode specifies how the policy controls automatic email forwarding to outbound recipients. Valid values are: Automatic, On, Off. ||
| **Ensure** | Write | String | Specify if this rule should exist or not. This value must be 'Present' as the Default policy cannot be deleted. |Present|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -43,7 +43,7 @@ IsSingleInstance
- Required: Yes
- Description: Single instance resource, the value must be 'Yes'
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -142,7 +142,7 @@ EXOHostedOutboundSpamFilterPolicy HostedOutboundSpamFilterPolicyExample {
IsSingleInstance = 'Yes'
Ensure = 'Present'
Identity = 'Default'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AdminDisplayName = 'Default Outbound Spam Filter Policy'
BccSuspiciousOutboundMail = $true
BccSuspiciousOutboundAdditionalRecipients = @('admin@contoso.com')

8
EXOHostedOutboundSpamFilterRule.md

@ -16,7 +16,7 @@
| **From** | Write | StringArray[] | The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender. ||
| **FromMemberOf** | Write | StringArray[] | The FromMemberOf parameter specifies a condition that looks for messages sent by group members. You can use any value that uniquely identifies the group. ||
| **Ensure** | Write | String | Specify if this rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -44,10 +44,10 @@ Ensure
- Description: `Present` is the only value accepted.
Configurations using `Ensure = 'Absent'` will throw an Error!
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -60,7 +60,7 @@ Identity
EXOHostedOutboundSpamFilterRule TestHostedOutboundSpamFilterRule {
Ensure = 'Present'
Identity = 'TestRule'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
HostedOutboundSpamFilterPolicy = 'TestPolicy'
Enabled = $true
Priority = 0

2
EXOInboundConnector.md

@ -19,7 +19,7 @@
| **TlsSenderCertificateName** | Write | String | The TlsSenderCertificateName parameter specifies the certificate used by the sender's domain when the RequireTls parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP domain. ||
| **TreatMessagesAsInternal** | Write | Boolean | The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization doesn't use Exchange. ||
| **Ensure** | Write | String | Specifies if this Outbound connector should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOIntraOrganizationConnector.md

@ -9,7 +9,7 @@
| **Enabled** | Write | Boolean | Specifies whether connector is enabled. ||
| **TargetAddressDomains** | Write | StringArray[] | The TargetAddressDomains parameter specifies the domain namespaces that will be used in the Intra-organization connector. These domains must have valid Autodiscover endpoints defined in their organizations. The domains and their associated Autodiscover endpoints are used by the Intra-Organization connector for feature and service connectivity. You can specify multiple domains separated by commas. ||
| **Ensure** | Write | String | Specifies if this Intra-Organization connector should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

4
EXOJournalRule.md

@ -10,7 +10,7 @@
| **Enabled** | Write | Boolean | Specifies whether the Journal Rule is enabled or not. ||
| **RuleScope** | Write | String | The Scope parameter specifies the scope of email messages to which the journal rule is applied |Global, Internal, External|
| **Ensure** | Write | String | Present ensures the rule exists, Absent that it does not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -44,7 +44,7 @@ Configuration Example
{
Enabled = $True;
Ensure = "Present";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
JournalEmailAddress = "John.Smith@contoso.com";
Name = "Send to John"
RuleScope = "Global";

4
EXOMailTips.md

@ -11,7 +11,7 @@
| **MailTipsMailboxSourcedTipsEnabled** | Write | Boolean | Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled. ||
| **MailTipsExternalRecipientsTipsEnabled** | Write | Boolean | Specifies whether MailTips for external recipients are enabled. ||
| **Ensure** | Write | String | |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -50,7 +50,7 @@ Configuration Example
MailTipsMailboxSourcedTipsEnabled = $True
MailTipsExternalRecipientsTipsEnabled = $True
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
EXOMailboxSettings.md

@ -8,7 +8,7 @@
| **TimeZone** | Write | String | The name of the Time Zone to assign to the mailbox ||
| **Locale** | Write | String | The code of the Locale to assign to the mailbox ||
| **Ensure** | Write | String | Present ensures the Mailbox Settings are applied |Present|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -52,7 +52,7 @@ Configuration Example
TimeZone = "Eastern Standard Time"
Locale = "fr-CA"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

2
EXOMalwareFilterPolicy.md

@ -26,7 +26,7 @@
| **MakeDefault** | Write | Boolean | MakeDefault makes this malware filter policy the default policy. Valid values are: $true|$false. ||
| **ZapEnabled** | Write | Boolean | The ZapEnabled parameter enables or disables zero-hour auto purge (ZAP) for malware. ZAP detects malware in unread messages that have already been delivered to the user's Inbox. Valid values are: $true|$false. ||
| **Ensure** | Write | String | Specifies if this MalwareFilterPolicy should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOMalwareFilterRule.md

@ -16,7 +16,7 @@
| **SentTo** | Write | StringArray[] | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ||
| **SentToMemberOf** | Write | StringArray[] | The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely identifies the group. ||
| **Ensure** | Write | String | Specifies if the Malware Filter Rule should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOManagementRole.md

@ -8,7 +8,7 @@
| **Parent** | Key | String | The Parent parameter specifies the identity of the role to copy. Mandatory for management role creation/update or when Ensure=Present. Non-mandatory for Ensure=Absent ||
| **Description** | Write | String | The Description parameter specifies the description that's displayed when the management role is viewed using the Get-ManagementRole cmdlet. ||
| **Ensure** | Write | String | Specify if the Management Role should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOMobileDeviceMailboxPolicy.md

@ -60,7 +60,7 @@
| **UNCAccessEnabled** | Write | Boolean | The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device. ||
| **WSSAccessEnabled** | Write | Boolean | The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device. ||
| **Ensure** | Write | String | Specify if the Mobile Device Mailbox Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOOfflineAddressBook.md

@ -10,7 +10,7 @@
| **DiffRetentionPeriod** | Write | String | The DiffRetentionPeriod parameter specifies the number of days that the OAB difference files are stored on the server. ||
| **IsDefault** | Write | Boolean | The IsDefault parameter specifies whether the OAB is used by all mailboxes and mailbox databases that don't have an OAB specified. ||
| **Ensure** | Write | String | Specify if the Offline Address Book should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOOnPremisesOrganization.md

@ -13,7 +13,7 @@
| **OrganizationRelationship** | Write | String | The OrganizationRelationship parameter specifies the organization relationship configured by the Hybrid Configuration wizard on the Office 365 tenant as part of a hybrid deployment with an on-premises Exchange organization. This organization relationship defines the federated sharing features enabled on the Office 365 tenant. ||
| **Comment** | Write | String | The Comment parameter specifies an optional comment. ||
| **Ensure** | Write | String | Specify if the On-Premises Organization should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

4
EXOOrganizationConfig.md

@ -68,7 +68,7 @@
| **VisibleMeetingUpdateProperties** | Write | String | The VisibleMeetingUpdateProperties parameter specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee's calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated. ||
| **WebPushNotificationsDisabled** | Write | Boolean | The WebPushNotificationsDisabled parameter specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user's desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer. ||
| **WebSuggestedRepliesDisabled** | Write | Boolean | The WebSuggestedRepliesDisabled parameter specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -130,7 +130,7 @@ Configuration Example
DefaultPublicFolderAgeLimit = $null;
OutlookMobileGCCRestrictionsEnabled = $False;
ActivityBasedAuthenticationTimeoutEnabled = $True;
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
ConnectorsEnabledForYammer = $True;
HierarchicalAddressBookRoot = $null;
DefaultPublicFolderMaxItemSize = "13 KB (13,312 bytes)";

2
EXOOrganizationRelationship.md

@ -23,7 +23,7 @@
| **TargetOwaURL** | Write | String | The TargetOwaURL parameter specifies the Outlook on the web (formerly Outlook Web App) URL of the external organization that's defined in the organization relationship. It is used for Outlook on the web redirection in a cross-premise Exchange scenario. Configuring this attribute enables users in the organization to use their current Outlook on the web URL to access Outlook on the web in the external organization. ||
| **TargetSharingEpr** | Write | String | The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services for the external organization. ||
| **Ensure** | Write | String | Specify if the OrganizationRelationship should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOOutboundConnector.md

@ -21,7 +21,7 @@
| **TestMode** | Write | Boolean | The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector. Valid values are: $true | $false (default) ||
| **ValidationRecipients** | Write | StringArray[] | The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas. ||
| **Ensure** | Write | String | Specifies if this Outbound connector should exist. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOOwaMailboxPolicy.md

@ -81,7 +81,7 @@
| **WeatherEnabled** | Write | Boolean | The WeatherEnabled parameter specifies whether to enable or disable weather information in the calendar in Outlook on the web. ||
| **WebPartsFrameOptionsType** | Write | String | The WebPartsFrameOptionsType parameter specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web. |None, SameOrigin, Deny|
| **Ensure** | Write | String | Specify if the OWA Mailbox Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOPartnerApplication.md

@ -11,7 +11,7 @@
| **Enabled** | Write | Boolean | The Enabled parameter specifies whether the partner application is enabled. ||
| **LinkedAccount** | Write | String | The LinkedAccount parameter specifies a linked Active Directory user account for the application. ||
| **Ensure** | Write | String | Specify if the Partner Application should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOPolicyTipConfig.md

@ -7,7 +7,7 @@
| **Name** | Key | String | The Name parameter specifies the custom Policy Tip you want to modify. ||
| **Value** | Write | String | The Value parameter specifies the text that's displayed by the Policy Tip. ||
| **Ensure** | Write | String | Specify if the Policy Tip Config should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXORemoteDomain.md

@ -27,7 +27,7 @@
| **TrustedMailInboundEnabled** | Write | Boolean | The TrustedMailInboundEnabled parameter specifies whether messages from senders in the remote domain are treated as trusted messages. ||
| **TrustedMailOutboundEnabled** | Write | Boolean | The TrustedMailOutboundEnabled parameter specifies whether messages sent to recipients in the remote domain are treated as trusted messages. ||
| **UseSimpleDisplayName** | Write | Boolean | The UseSimpleDisplayName parameter specifies whether the sender's simple display name is used for the From email address in messages sent to recipients in the remote domain. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXORoleAssignmentPolicy.md

@ -9,7 +9,7 @@
| **IsDefault** | Write | Boolean | The IsDefault switch makes the assignment policy the default assignment policy. ||
| **Roles** | Write | StringArray[] | The Roles parameter specifies the management roles to assign to the role assignment policy when it's created. ||
| **Ensure** | Write | String | Specify if the Role Assignment Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

6
EXOSafeAttachmentPolicy.md

@ -12,7 +12,7 @@
| **Redirect** | Write | Boolean | The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid values are: $true: Malware attachments are sent to the email address specified by the RedirectAddress parameter. $false: Malware attachments aren't sent to another email address. This is the default value. ||
| **RedirectAddress** | Write | String | The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the Redirect parameter is set to the value $true. ||
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -33,7 +33,7 @@ Ensure
- Required: No (Defaults to 'Present')
- Description: Specifies if the configuration should exist or not
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -105,7 +105,7 @@ RedirectAddress
EXOSafeAttachmentPolicy SafeAttachmentPolicyExample {
Ensure = 'Present'
Identity = 'TestSafeAttachmentPolicy'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AdminDisplayName = 'Test Safe Attachment Policy'
Action = 'Block'
Enable = $true

8
EXOSafeAttachmentRule.md

@ -16,7 +16,7 @@
| **SentTo** | Write | StringArray[] | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ||
| **SentToMemberOf** | Write | StringArray[] | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group. ||
| **Ensure** | Write | String | Specify if this rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -43,10 +43,10 @@ Ensure
- Description: Specifies if the configuration should be
`Present` or `Absent`
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -59,7 +59,7 @@ Identity
EXOSafeAttachmentRule TestSafeAttachmentRule {
Ensure = 'Present'
Identity = 'TestRule'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
SafeAttachmentPolicy = 'TestPolicy'
Enabled = $true
Priority = 0

33
EXOSafeLinksPolicy.md

@ -6,16 +6,19 @@
| --- | --- | --- | --- | --- |
| **Identity** | Key | String | The Identity parameter specifies the SafeLinks policy that you want to modify. ||
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **AdminDisplayName** | Write | String | The AdminDisplayName parameter specifies a description for the policy. ||
| **AdminDisplayName** | Write | String | The AdminDisplayName parameter specifies a description for the policy. ||
| **CustomNotificationText** | Write | String | The custom notification text specifies the customized notification text to show to users. ||
| **DeliverMessageAfterScan** | Write | Boolean | The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are: $true: Wait until Safe Links scanning is complete before delivering the message. $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value. ||
| **DoNotAllowClickThrough** | Write | Boolean | The DoNotAllowClickThrough parameter specifies whether to allow users to click through to the original URL. Valid values are: $true: The user isn't allowed to click through to the original URL. This is the default value. $false: The user is allowed to click through to the original URL. ||
| **DoNotRewriteUrls** | Write | StringArray[] | The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values separated by commas. ||
| **DoNotTrackUserClicks** | Write | Boolean | The DoNotTrackUserClicks parameter specifies whether to track user clicks related to links in email messages. Valid values are: $true: User clicks aren't tracked. This is the default value. $false: User clicks are tracked. ||
| **EnableForInternalSenders** | Write | Boolean | EnableForInternalSenders $true or $false ||
| **EnableForInternalSenders** | Write | Boolean | The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization. ||
| **EnableOrganizationBranding** | Write | Boolean | The EnableOrganizationBranding parameter specifies whether your organization's logo is displayed on Safe Links warning and notification pages. ||
| **EnableSafeLinksForTeams** | Write | Boolean | The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are: $true: Safe Links is enabled for Teams. If a protected user clicks a malicious link in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser. $false: Safe Links isn't enabled for Teams. This is the default value. ||
| **IsEnabled** | Write | Boolean | This parameter specifies whether the rule or policy is enabled. ||
| **ScanUrls** | Write | Boolean | The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values are: $true: Scanning links in email messages is enabled. $false: Scanning links in email messages is disabled. This is the default value. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **UseTranslatedNotificationText** | Write | Boolean | The UseTranslatedNotificationText specifies whether to use Microsoft Translator to automatically localize the custom notification text that you specified with the CustomNotificationText parameter. ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -36,7 +39,7 @@ Ensure
- Required: No (Defaults to 'Present')
- Description: Specifies if the configuration should exist or not
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
@ -53,6 +56,12 @@ AdminDisplayName
- Description: The AdminDisplayName parameter specifies a
description for the policy.
CustomNotificationText
- Required: No
- Description: The custom notification text specifies the customized
notification text to show to users
DeliverMessageAfterScan
- Required: No
@ -93,6 +102,13 @@ EnableForInternalSenders
- Description: This parameter specifies whether the policy is enabled
for internal senders. $true or $false
EnableOrganizationBranding
- Required: No
- Description: The EnableOrganizationBranding parameter specifies whether
your organization's logo is displayed on Safe Links warning and
notification pages.
EnableSafeLinksForTeams
- Required: No
@ -118,13 +134,20 @@ ScanUrls
$false: Scanning links in email messages is disabled.
This is the default value.
UseTranslatedNotificationText
- Required: No
- Description: The UseTranslatedNotificationText specifies whether to use
Microsoft Translator to automatically localize the custom notification text
that you specified with the CustomNotificationText parameter.
## Example
```PowerShell
EXOSafeLinksPolicy SafeLinksPolicyExample {
Ensure = 'Present'
Identity = 'TestSafeLinksPolicy'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
AdminDisplayName = 'Test SafeLinks Policy'
DoNotAllowClickThrough = $true
DoNotRewriteUrls = @('test.contoso.com', 'test.fabrikam.com')

8
EXOSafeLinksRule.md

@ -16,7 +16,7 @@
| **RecipientDomainIs** | Write | StringArray[] | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas. ||
| **SentTo** | Write | StringArray[] | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ||
| **SentToMemberOf** | Write | StringArray[] | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group. ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -42,10 +42,10 @@ Ensure
- Required: No (Defaults to 'Present')
- Description: Specifies if the configuration should be `Present` or `Absent`
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of an Office365 Global Admin
- Description: Credentials of the account to authenticate with
Identity
@ -58,7 +58,7 @@ Identity
EXOSafeLinksRule TestSafeLinksRule {
Ensure = 'Present'
Identity = 'TestRule'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
SafeLinksPolicy = 'TestSafeLinksPolicy'
Enabled = $true
Priority = 0

4
EXOSharedMailbox.md

@ -8,7 +8,7 @@
| **PrimarySMTPAddress** | Write | String | The primary email address of the Shared Mailbox ||
| **Aliases** | Write | StringArray[] | Aliases for the Shared Mailbox ||
| **Ensure** | Write | String | Present ensures the group exists, absent ensures it is removed |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -44,7 +44,7 @@ Configuration Example
PrimarySMTPAddress = "Test@O365DSC1.onmicrosoft.com"
Aliases = @("Joufflu@o365dsc1.onmicrosoft.com", "Gilles@O365dsc1.onmicrosoft.com")
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

2
EXOSharingPolicy.md

@ -9,7 +9,7 @@
| **Enabled** | Write | Boolean | The Enabled parameter specifies whether to enable the sharing policy. Valid values for this parameter are $true or $false. ||
| **Domains** | Write | StringArray[] | The Domains parameter specifies domains to which this policy applies and the sharing policy action. ||
| **Ensure** | Write | String | Specify if the Sharing Policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

2
EXOTransportRule.md

@ -171,7 +171,7 @@
| **SubjectOrBodyMatchesPatterns** | Write | StringArray[] | The SubjectOrBodyMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field or body of messages. ||
| **WithImportance** | Write | String | The WithImportance parameter specifies a condition that looks for messages with the specified importance level. |Low, Normal, High|
| **Ensure** | Write | String | Specify if the Transport Rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||

10
IntuneAppConfigurationPolicy.md

@ -4,13 +4,17 @@
| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **name** | Write | String | Name of the custom setting. ||
| **value** | Write | String | Value of the custom setting. ||
| **DisplayName** | Key | String | Display name of the app configuration policy. ||
| **Description** | Write | String | Description of the app configuration policy. ||
| **CustomSettings** | Write | InstanceArray[] | Custom settings for the app cnfiguration policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneAppConfigurationPolicy
@ -40,7 +44,7 @@ Configuration Example
DisplayName = 'Contoso'
Description = 'Contoso Policy'
Ensure = 'Present'
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}
@ -67,7 +71,7 @@ Configuration Example
DisplayName = 'Contoso'
Description = 'Contoso Policy'
Ensure = 'Absent'
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

5
IntuneAppProtectionPolicyiOS.md

@ -31,10 +31,11 @@
| **Assignments** | Write | StringArray[] | List of IDs of the groups assigned to this iOS Protection Policy. ||
| **ExcludedGroups** | Write | StringArray[] | List of IDs of the groups that are excluded from this iOS Protection Policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceConfigurationPolicyiOS
@ -88,7 +89,7 @@ Configuration Example
SaveAsBlocked = $True;
SimplePinBlocked = $False;
Ensure = 'Present'
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

5
IntuneDeviceCategory.md

@ -7,10 +7,11 @@
| **DisplayName** | Key | String | Display name of the device category. ||
| **Description** | Write | String | Description of the device category. ||
| **Ensure** | Write | String | Present ensures the category exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceCategory
@ -40,7 +41,7 @@ Configuration Example
DisplayName = "Contoso"
Description = "Contoso Category"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

9
IntuneDeviceCompliancePolicyAndroid.md

@ -35,10 +35,11 @@
| **RestrictedApps** | Write | String | RestrictedApps of the Android device compliance policy. ||
| **RoleScopeTagIds** | Write | String | RoleScopeTagIds of the Android device compliance policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneAndroidDeviceCompliancePolicy
### Description
@ -229,7 +230,7 @@ IntuneDeviceCompliancePolicyAndroid a58cdba9-c410-4ba4-b7d2-3a09593b5d84
DeviceThreatProtectionRequiredSecurityLevel = "unavailable";
DisplayName = "Compliance Android";
Ensure = "Present";
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
osMinimumVersion = "7";
PasswordExpirationDays = 90;
PasswordMinimumLength = 6;
@ -275,7 +276,7 @@ Configuration Example
DeviceThreatProtectionRequiredSecurityLevel = "unavailable";
DisplayName = "Test Policy";
Ensure = "Present";
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
osMinimumVersion = "7";
PasswordExpirationDays = 90;
PasswordMinimumLength = 6;
@ -318,7 +319,7 @@ Configuration Example
{
DisplayName = "Test Android Device Compliance Policy"
Ensure = "Absent"
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

9
IntuneDeviceCompliancePolicyAndroidWorkProfile.md

@ -31,10 +31,11 @@
| **SecurityRequireCompanyPortalAppIntegrity** | Write | Boolean | SecurityRequireCompanyPortalAppIntegrity of the AndroidWorkProfile device compliance policy. ||
| **RoleScopeTagIds** | Write | String | RoleScopeTagIds of the AndroidWorkProfile device compliance policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceCompliancePolicyAndroidWorkProfile
@ -183,7 +184,7 @@ IntuneDeviceCompliancePolicyAndroidDeviceOwner f7d82525-b7c0-475c-9d5e-16fafdfa4
DeviceThreatProtectionRequiredSecurityLevel = "unavailable";
DisplayName = "DeviceOwner";
Ensure = "Present";
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
PasswordExpirationDays = 90;
PasswordMinimumLength = 6;
PasswordMinutesOfInactivityBeforeLock = 5;
@ -227,7 +228,7 @@ Configuration Example
DeviceThreatProtectionRequiredSecurityLevel = "unavailable";
DisplayName = "Test Policy";
Ensure = "Present";
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
PasswordExpirationDays = 90;
PasswordMinimumLength = 6;
PasswordMinutesOfInactivityBeforeLock = 5;
@ -268,7 +269,7 @@ Configuration Example
{
DisplayName = "Test Android Work Profile Device Compliance Policy"
Ensure = "Absent"
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

9
IntuneDeviceCompliancePolicyMacOS.md

@ -24,10 +24,11 @@
| **FirewallBlockAllIncoming** | Write | Boolean | FirewallBlockAllIncoming of the MacOS device compliance policy. ||
| **FirewallEnableStealthMode** | Write | Boolean | FirewallEnableStealthMode of the MacOS device compliance policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceCompliancePolicyMacOS
@ -153,7 +154,7 @@ For more information, see Gatekeeper on macOS.
FirewallBlockAllIncoming = $False;
FirewallEnableStealthMode = $False;
Ensure = 'Present';
GlobalAdminAccount = $GlobalAdminAccount;
Credential = $Credential;
}
```
@ -198,7 +199,7 @@ Configuration Example
FirewallBlockAllIncoming = $False;
FirewallEnableStealthMode = $False;
Ensure = 'Present';
GlobalAdminAccount = $GlobalAdminAccount;
Credential = $Credential;
}
}
}
@ -224,7 +225,7 @@ Configuration Example
{
DisplayName = 'Demo MacOS Device Compliance Policy';
Ensure = 'Absent';
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

11
IntuneDeviceCompliancePolicyWindows10.md

@ -39,10 +39,11 @@
| **DeviceCompliancePolicyScript** | Write | String | DeviceCompliancePolicyScript of the Windows 10 device compliance policy. ||
| **ValidOperatingSystemBuildRanges** | Write | StringArray[] | ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceCompliancePolicyWindows10
@ -289,7 +290,7 @@ Surface Hubs that run Windows 10 Team OS do not support the Microsoft Defender f
deviceCompliancePolicyScript = $null;
ValidOperatingSystemBuildRanges = [];
Ensure = 'Present';
GlobalAdminAccount = $GlobalAdminAccount;
Credential = $Credential;
}
```
@ -348,9 +349,9 @@ Configuration Example
ConfigurationManagerComplianceRequired = $False;
TPMRequired = $False;
deviceCompliancePolicyScript = $null;
ValidOperatingSystemBuildRanges = [];
ValidOperatingSystemBuildRanges = @();
Ensure = 'Present';
GlobalAdminAccount = $GlobalAdminAccount;
Credential = $Credential;
}
}
}
@ -376,7 +377,7 @@ Configuration Example
{
DisplayName = 'Demo Windows 10 Device Compliance Policy';
Ensure = 'Absent';
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

7
IntuneDeviceCompliancePolicyiOs.md

@ -21,10 +21,11 @@
| **DeviceThreatProtectionRequiredSecurityLevel** | Write | String | DeviceThreatProtectionRequiredSecurityLevel of the iOS device compliance policy. ||
| **ManagedEmailProfileRequired** | Write | Boolean | ManagedEmailProfileRequired of the iOS device compliance policy. ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceCompliancePolicyiOs
@ -68,7 +69,7 @@ Configuration Example
DeviceThreatProtectionRequiredSecurityLevel = 'medium'
ManagedEmailProfileRequired = $True
Ensure = 'Present'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
}
@ -95,7 +96,7 @@ Configuration Example
{
DisplayName = 'Demo iOS Device Compliance Policy'
Ensure = 'Absent'
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

419
IntuneDeviceConfigurationPolicyWindows10.md Normal file

@ -0,0 +1,419 @@
# IntuneDeviceConfigurationPolicyWindows10
## Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **DisplayName** | Key | String | Description of the device configuration policy for Windows 10. ||
| **Description** | Write | String | Display name of the device configuration policy for Windows 10. ||
| **EnterpriseCloudPrintDiscoveryEndPoint** | Write | String | Endpoint for discovering cloud printers. ||
| **EnterpriseCloudPrintOAuthAuthority** | Write | String | Authentication endpoint for acquiring OAuth tokens. ||
| **EnterpriseCloudPrintOAuthClientIdentifier** | Write | String | GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority. ||
| **EnterpriseCloudPrintResourceIdentifier** | Write | String | OAuth resource URI for print service as configured in the Azure portal. ||
| **EnterpriseCloudPrintDiscoveryMaxLimit** | Write | UInt64 | Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535 ||
| **EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier** | Write | String | OAuth resource URI for printer discovery service as configured in Azure portal. ||
| **SearchBlockDiacritics** | Write | Boolean | Specifies if search can use diacritics. ||
| **SearchDisableAutoLanguageDetection** | Write | Boolean | Specifies whether to use automatic language detection when indexing content and properties. ||
| **SearchDisableIndexingEncryptedItems** | Write | Boolean | Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer. ||
| **SearchEnableRemoteQueries** | Write | Boolean | Indicates whether or not to block remote queries of this computer's index. ||
| **SearchDisableIndexerBackoff** | Write | Boolean | Indicates whether or not to disable the search indexer backoff feature. ||
| **SearchDisableIndexingRemovableDrive** | Write | Boolean | Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed. ||
| **SearchEnableAutomaticIndexSizeManangement** | Write | Boolean | Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops. ||
| **DiagnosticsDataSubmissionMode** | Write | String | Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full. ||
| **OneDriveDisableFileSync** | Write | Boolean | Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive. ||
| **SmartScreenEnableAppInstallControl** | Write | Boolean | This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. ||
| **PersonalizationDesktopImageUrl** | Write | String | A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image. ||
| **PersonalizationLockScreenImageUrl** | Write | String | A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image. ||
| **BluetoothAllowedServices** | Write | StringArray[] | Specify a list of allowed Bluetooth services and profiles in hex formatted strings. ||
| **BluetoothBlockAdvertising** | Write | Boolean | Whether or not to Block the user from using bluetooth advertising. ||
| **BluetoothBlockDiscoverableMode** | Write | Boolean | Whether or not to Block the user from using bluetooth discoverable mode. ||
| **BluetoothBlockPrePairing** | Write | Boolean | Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device. ||
| **EdgeBlockAutofill** | Write | Boolean | Indicates whether or not to block auto fill. ||
| **EdgeBlocked** | Write | Boolean | Indicates whether or not to Block the user from using the Edge browser. ||
| **EdgeCookiePolicy** | Write | String | Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll. ||
| **EdgeBlockDeveloperTools** | Write | Boolean | Indicates whether or not to block developer tools in the Edge browser. ||
| **EdgeBlockSendingDoNotTrackHeader** | Write | Boolean | Indicates whether or not to Block the user from sending the do not track header. ||
| **EdgeBlockExtensions** | Write | Boolean | Indicates whether or not to block extensions in the Edge browser. ||
| **EdgeBlockInPrivateBrowsing** | Write | Boolean | Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser. ||
| **EdgeBlockJavaScript** | Write | Boolean | Indicates whether or not to Block the user from using JavaScript. ||
| **EdgeBlockPasswordManager** | Write | Boolean | Indicates whether or not to Block password manager. ||
| **EdgeBlockAddressBarDropdown** | Write | Boolean | Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services. ||
| **EdgeBlockCompatibilityList** | Write | Boolean | Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues. ||
| **EdgeClearBrowsingDataOnExit** | Write | Boolean | Clear browsing data on exiting Microsoft Edge. ||
| **EdgeAllowStartPagesModification** | Write | Boolean | Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge. ||
| **EdgeDisableFirstRunPage** | Write | Boolean | Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page. ||
| **EdgeBlockLiveTileDataCollection** | Write | Boolean | Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge. ||
| **EdgeSyncFavoritesWithInternetExplorer** | Write | Boolean | Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers. ||
| **CellularBlockDataWhenRoaming** | Write | Boolean | Whether or not to Block the user from using data over cellular while roaming. ||
| **CellularBlockVpn** | Write | Boolean | Whether or not to Block the user from using VPN over cellular. ||
| **CellularBlockVpnWhenRoaming** | Write | Boolean | Whether or not to Block the user from using VPN when roaming over cellular. ||
| **DefenderRequireRealTimeMonitoring** | Write | Boolean | Indicates whether or not to require real time monitoring. ||
| **DefenderRequireBehaviorMonitoring** | Write | Boolean | Indicates whether or not to require behavior monitoring. ||
| **DefenderRequireNetworkInspectionSystem** | Write | Boolean | Indicates whether or not to require network inspection system. ||
| **DefenderScanDownloads** | Write | Boolean | Indicates whether or not to scan downloads. ||
| **DefenderScanScriptsLoadedInInternetExplorer** | Write | Boolean | Indicates whether or not to scan scripts loaded in Internet Explorer browser. ||
| **DefenderBlockEndUserAccess** | Write | Boolean | Whether or not to block end user access to Defender. ||
| **DefenderSignatureUpdateIntervalInHours** | Write | UInt64 | The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24 ||
| **DefenderMonitorFileActivity** | Write | String | Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly. ||
| **DefenderDaysBeforeDeletingQuarantinedMalware** | Write | UInt64 | Number of days before deleting quarantined malware. Valid values 0 to 90 ||
| **DefenderScanMaxCpu** | Write | UInt64 | Max CPU usage percentage during scan. Valid values 0 to 100 ||
| **DefenderScanArchiveFiles** | Write | Boolean | Indicates whether or not to scan archive files. ||
| **DefenderScanIncomingMail** | Write | Boolean | Indicates whether or not to scan incoming mail messages. ||
| **DefenderScanRemovableDrivesDuringFullScan** | Write | Boolean | Indicates whether or not to scan removable drives during full scan. ||
| **DefenderScanMappedNetworkDrivesDuringFullScan** | Write | Boolean | Indicates whether or not to scan mapped network drives during full scan. ||
| **DefenderScanNetworkFiles** | Write | Boolean | Indicates whether or not to scan files opened from a network folder. ||
| **DefenderRequireCloudProtection** | Write | Boolean | Indicates whether or not to require cloud protection. ||
| **DefenderCloudBlockLevel** | Write | String | Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance. ||
| **DefenderPromptForSampleSubmission** | Write | String | The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting. ||
| **DefenderScheduledQuickScanTime** | Write | String | The time to perform a daily quick scan. ||
| **DefenderScanType** | Write | String | The defender system scan type. Possible values are: userDefined, disabled, quick, full. ||
| **DefenderSystemScanSchedule** | Write | String | Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday. ||
| **DefenderScheduledScanTime** | Write | String | The defender time for the system scan. ||
| **DefenderDetectedMalwareActions** | Write | StringArray[] | Gets or sets Defender’s actions to take on detected Malware per threat level. ||
| **DefenderFileExtensionsToExclude** | Write | StringArray[] | File extensions to exclude from scans and real time protection. ||
| **DefenderFilesAndFoldersToExclude** | Write | StringArray[] | Files and folder to exclude from scans and real time protection. ||
| **DefenderProcessesToExclude** | Write | StringArray[] | Processes to exclude from scans and real time protection. ||
| **LockScreenAllowTimeoutConfiguration** | Write | Boolean | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored. ||
| **LockScreenBlockActionCenterNotifications** | Write | Boolean | Indicates whether or not to block action center notifications over lock screen. ||
| **LockScreenBlockCortana** | Write | Boolean | Indicates whether or not the user can interact with Cortana using speech while the system is locked. ||
| **LockScreenBlockToastNotifications** | Write | Boolean | Indicates whether to allow toast notifications above the device lock screen. ||
| **LockScreenTimeoutInSeconds** | Write | UInt64 | Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800 ||
| **PasswordBlockSimple** | Write | UInt64 | Specify whether PINs or passwords such as '1111' or '1234' are allowed. For Windows 10 desktops, it also controls the use of picture passwords. ||
| **PasswordExpirationDays** | Write | UInt64 | The password expiration in days. Valid values 0 to 730 ||
| **PasswordMinimumLength** | Write | UInt64 | The minimum password length. Valid values 4 to 16 ||
| **PasswordMinutesOfInactivityBeforeScreenTimeout** | Write | UInt64 | The minutes of inactivity before the screen times out. ||
| **PasswordMinimumCharacterSetCount** | Write | UInt64 | The number of character sets required in the password. ||
| **PasswordPreviousPasswordBlockCount** | Write | UInt64 | The number of previous passwords to prevent reuse of. Valid values 0 to 50 ||
| **PasswordRequired** | Write | Boolean | Indicates whether or not to require the user to have a password. ||
| **PasswordRequireWhenResumeFromIdleState** | Write | Boolean | Indicates whether or not to require a password upon resuming from an idle state. ||
| **PasswordRequiredType** | Write | String | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. ||
| **PasswordSignInFailureCountBeforeFactoryReset** | Write | Boolean | The number of sign in failures before factory reset. Valid values 0 to 999 ||
| **PrivacyAdvertisingId** | Write | String | Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed. ||
| **PrivacyAutoAcceptPairingAndConsentPrompts** | Write | Boolean | Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps. ||
| **PrivacyBlockInputPersonalization** | Write | Boolean | Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications. ||
| **StartBlockUnpinningAppsFromTaskbar** | Write | Boolean | Indicates whether or not to block the user from unpinning apps from taskbar. ||
| **StartMenuAppListVisibility** | Write | String | Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp. ||
| **StartMenuHideChangeAccountSettings** | Write | Boolean | Enabling this policy hides the change account setting from appearing in the user tile in the start menu. ||
| **StartMenuHideFrequentlyUsedApps** | Write | Boolean | Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. ||
| **StartMenuHideHibernate** | Write | Boolean | Enabling this policy hides hibernate from appearing in the power button in the start menu. ||
| **StartMenuHideLock** | Write | Boolean | Enabling this policy hides lock from appearing in the user tile in the start menu. ||
| **StartMenuHidePowerButton** | Write | Boolean | Enabling this policy hides the power button from appearing in the start menu. ||
| **StartMenuHideRecentJumpLists** | Write | Boolean | Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. ||
| **StartMenuHideRecentlyAddedApps** | Write | Boolean | Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. ||
| **StartMenuHideRestartOptions** | Write | Boolean | Enabling this policy hides 'Restart/Update and Restart' from appearing in the power button in the start menu. ||
| **StartMenuHideShutDown** | Write | Boolean | Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu. ||
| **StartMenuHideSignOut** | Write | Boolean | Enabling this policy hides sign out from appearing in the user tile in the start menu. ||
| **StartMenuHideSleep** | Write | Boolean | Enabling this policy hides sleep from appearing in the power button in the start menu. ||
| **StartMenuHideSwitchAccount** | Write | Boolean | Enabling this policy hides switch account from appearing in the user tile in the start menu. ||
| **StartMenuHideUserTile** | Write | Boolean | Enabling this policy hides the user tile from appearing in the start menu. ||
| **StartMenuLayoutEdgeAssetsXml** | Write | String | This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array. ||
| **StartMenuLayoutXml** | Write | String | Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format. ||
| **StartMenuMode** | Write | String | Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen. ||
| **StartMenuPinnedFolderDocuments** | Write | String | Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderDownloads** | Write | String | Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderFileExplorer** | Write | String | Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderHomeGroup** | Write | String | Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderMusic** | Write | String | Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderNetwork** | Write | String | Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderPersonalFolder** | Write | String | Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderPictures** | Write | String | Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderSettings** | Write | String | Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **StartMenuPinnedFolderVideos** | Write | String | Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. ||
| **SettingsBlockSettingsApp** | Write | Boolean | Indicates whether or not to block access to Settings app. ||
| **SettingsBlockSystemPage** | Write | Boolean | Indicates whether or not to block access to System in Settings app. ||
| **SettingsBlockDevicesPage** | Write | Boolean | Indicates whether or not to block access to Devices in Settings app. ||
| **SettingsBlockNetworkInternetPage** | Write | Boolean | Indicates whether or not to block access to Network & Internet in Settings app. ||
| **SettingsBlockPersonalizationPage** | Write | Boolean | Indicates whether or not to block access to Personalization in Settings app. ||
| **SettingsBlockAccountsPage** | Write | Boolean | Indicates whether or not to block access to Accounts in Settings app. ||
| **SettingsBlockTimeLanguagePage** | Write | Boolean | Indicates whether or not to block access to Time & Language in Settings app. ||
| **SettingsBlockEaseOfAccessPage** | Write | Boolean | Indicates whether or not to block access to Ease of Access in Settings app. ||
| **SettingsBlockPrivacyPage** | Write | Boolean | Indicates whether or not to block access to Privacy in Settings app. ||
| **SettingsBlockUpdateSecurityPage** | Write | Boolean | Indicates whether or not to block access to Update & Security in Settings app. ||
| **SettingsBlockAppsPage** | Write | Boolean | Indicates whether or not to block access to Apps in Settings app. ||
| **SettingsBlockGamingPage** | Write | Boolean | Indicates whether or not to block access to Gaming in Settings app. ||
| **WindowsSpotlightBlockConsumerSpecificFeatures** | Write | Boolean | Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. ||
| **WindowsSpotlightBlocked** | Write | Boolean | Allows IT admins to turn off all Windows Spotlight features ||
| **WindowsSpotlightBlockOnActionCenter** | Write | Boolean | Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed ||
| **WindowsSpotlightBlockTailoredExperiences** | Write | Boolean | Block personalized content in Windows spotlight based on user’s device usage. ||
| **WindowsSpotlightBlockThirdPartyNotifications** | Write | Boolean | Block third party content delivered via Windows Spotlight ||
| **WindowsSpotlightBlockWelcomeExperience** | Write | Boolean | Block Windows Spotlight Windows welcome experience ||
| **WindowsSpotlightBlockWindowsTips** | Write | Boolean | Allows IT admins to turn off the popup of Windows Tips. ||
| **WindowsSpotlightConfigureOnLockScreen** | Write | String | Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled. ||
| **NetworkProxyApplySettingsDeviceWide** | Write | Boolean | If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account that’s enrolled into MDM. ||
| **NetworkProxyDisableAutoDetect** | Write | Boolean | Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script. ||
| **NetworkProxyAutomaticConfigurationUrl** | Write | String | Address to the proxy auto-config (PAC) script you want to use. ||
| **NetworkProxyServer** | Write | StringArray[] | Specifies manual proxy server settings. ||
| **AccountsBlockAddingNonMicrosoftAccountEmail** | Write | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. ||
| **AntiTheftModeBlocked** | Write | Boolean | Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only). ||
| **BluetoothBlocked** | Write | Boolean | Whether or not to Block the user from using bluetooth. ||
| **CameraBlocked** | Write | Boolean | Whether or not to Block the user from accessing the camera of the device. ||
| **ConnectedDevicesServiceBlocked** | Write | Boolean | Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences. ||
| **CertificatesBlockManualRootCertificateInstallation** | Write | Boolean | Whether or not to Block the user from doing manual root certificate installation. ||
| **CopyPasteBlocked** | Write | Boolean | Whether or not to Block the user from using copy paste. ||
| **CortanaBlocked** | Write | Boolean | Whether or not to Block the user from using Cortana. ||
| **DeviceManagementBlockFactoryResetOnMobile** | Write | Boolean | Indicates whether or not to Block the user from resetting their phone. ||
| **DeviceManagementBlockManualUnenroll** | Write | Boolean | Indicates whether or not to Block the user from doing manual un-enrollment from device management. ||
| **SafeSearchFilter** | Write | String | Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate. ||
| **EdgeBlockPopups** | Write | Boolean | Indicates whether or not to block popups. ||
| **EdgeBlockSearchSuggestions** | Write | Boolean | Indicates whether or not to block the user from using the search suggestions in the address bar. ||
| **EdgeBlockSendingIntranetTrafficToInternetExplorer** | Write | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading; the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead. ||
| **EdgeSendIntranetTrafficToInternetExplorer** | Write | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. ||
| **EdgeRequireSmartScreen** | Write | Boolean | Indicates whether or not to Require the user to use the smart screen filter. ||
| **EdgeEnterpriseModeSiteListLocation** | Write | Boolean | Indicates the enterprise mode site list location. Could be a local file, local network or http location. ||
| **EdgeFirstRunUrl** | Write | String | The first run URL for when Edge browser is opened for the first time. ||
| **EdgeSearchEngine** | Write | String | Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set. ||
| **EdgeHomepageUrls** | Write | StringArray[] | The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser. ||
| **EdgeBlockAccessToAboutFlags** | Write | Boolean | Indicates whether or not to prevent access to about flags on Edge browser. ||
| **SmartScreenBlockPromptOverride** | Write | Boolean | Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites. ||
| **SmartScreenBlockPromptOverrideForFiles** | Write | Boolean | Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files ||
| **WebRtcBlockLocalhostIpAddress** | Write | Boolean | Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC ||
| **InternetSharingBlocked** | Write | Boolean | Indicates whether or not to Block the user from using internet sharing. ||
| **SettingsBlockAddProvisioningPackage** | Write | Boolean | Indicates whether or not to block the user from installing provisioning packages. ||
| **SettingsBlockRemoveProvisioningPackage** | Write | Boolean | Indicates whether or not to block the runtime configuration agent from removing provisioning packages. ||
| **SettingsBlockChangeSystemTime** | Write | Boolean | Indicates whether or not to block the user from changing date and time settings. ||
| **SettingsBlockEditDeviceName** | Write | Boolean | Indicates whether or not to block the user from editing the device name. ||
| **SettingsBlockChangeRegion** | Write | Boolean | Indicates whether or not to block the user from changing the region settings. ||
| **SettingsBlockChangeLanguage** | Write | Boolean | Indicates whether or not to block the user from changing the language settings. ||
| **SettingsBlockChangePowerSleep** | Write | Boolean | Indicates whether or not to block the user from changing power and sleep settings. ||
| **LocationServicesBlocked** | Write | Boolean | Indicates whether or not to Block the user from location services. ||
| **MicrosoftAccountBlocked** | Write | Boolean | Indicates whether or not to Block a Microsoft account. ||
| **MicrosoftAccountBlockSettingsSync** | Write | Boolean | Indicates whether or not to Block Microsoft account settings sync. ||
| **NfcBlocked** | Write | Boolean | Indicates whether or not to Block the user from using near field communication. ||
| **ResetProtectionModeBlocked** | Write | Boolean | Indicates whether or not to Block the user from reset protection mode. ||
| **ScreenCaptureBlocked** | Write | Boolean | Indicates whether or not to Block the user from taking Screenshots. ||
| **StorageBlockRemovableStorage** | Write | Boolean | Indicates whether or not to Block the user from using removable storage. ||
| **StorageRequireMobileDeviceEncryption** | Write | Boolean | Indicating whether or not to require encryption on a mobile device. ||
| **UsbBlocked** | Write | Boolean | Indicates whether or not to Block the user from USB connection. ||
| **VoiceRecordingBlocked** | Write | Boolean | Indicates whether or not to Block the user from voice recording. ||
| **WiFiBlockAutomaticConnectHotspots** | Write | Boolean | Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked. ||
| **WiFiBlocked** | Write | Boolean | Indicates whether or not to Block the user from using Wi-Fi. ||
| **WiFiBlockManualConfiguration** | Write | Boolean | Indicates whether or not to Block the user from using Wi-Fi manual configuration. ||
| **WiFiScanInterval** | Write | UInt64 | Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500 ||
| **WirelessDisplayBlockProjectionToThisDevice** | Write | Boolean | Indicates whether or not to allow other devices from discovering this PC for projection. ||
| **WirelessDisplayBlockUserInputFromReceiver** | Write | Boolean | Indicates whether or not to allow user input from wireless display receiver. ||
| **WirelessDisplayRequirePinForPairing** | Write | Boolean | Indicates whether or not to require a PIN for new devices to initiate pairing. ||
| **WindowsStoreBlocked** | Write | Boolean | Indicates whether or not to Block the user from using the Windows store. ||
| **AppsAllowTrustedAppsSideloading** | Write | String | Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed. ||
| **WindowsStoreBlockAutoUpdate** | Write | Boolean | Indicates whether or not to block automatic update of apps from Windows Store. ||
| **DeveloperUnlockSetting** | Write | String | Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed. ||
| **SharedUserAppDataAllowed** | Write | Boolean | Indicates whether or not to block multiple users of the same app to share data. ||
| **AppsBlockWindowsStoreOriginatedApps** | Write | Boolean | Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded. ||
| **WindowsStoreEnablePrivateStoreOnly** | Write | Boolean | Indicates whether or not to enable Private Store Only. ||
| **StorageRestrictAppDataToSystemVolume** | Write | Boolean | Indicates whether application data is restricted to the system drive. ||
| **StorageRestrictAppInstallToSystemVolume** | Write | Boolean | Indicates whether the installation of applications is restricted to the system drive. ||
| **GameDvrBlocked** | Write | Boolean | Indicates whether or not to block DVR and broadcasting. ||
| **ExperienceBlockDeviceDiscovery** | Write | Boolean | Indicates whether or not to enable device discovery UX. ||
| **ExperienceBlockErrorDialogWhenNoSIM** | Write | Boolean | NIndicates whether or not to allow the error dialog from displaying if no SIM card is detected. ||
| **ExperienceBlockTaskSwitcher** | Write | Boolean | Indicates whether or not to enable task switching on the device. ||
| **LogonBlockFastUserSwitching** | Write | Boolean | Disables the ability to quickly switch between users that are logged on simultaneously without logging off. ||
| **TenantLockdownRequireNetworkDuringOutOfBoxExperience** | Write | Boolean | Whether the device is required to connect to the network. ||
| **Ensure** | Write | String | Present ensures the site collection exists, absent ensures it is removed |Present, Absent|
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceConfigurationPolicyWindows10
This resource configures an Intune device configuration profile for an Windows 10 Device.
## Examples
### Example 1
This example creates a new General Device Configuration Policy for Windows .
```powershell
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$credsGlobalAdmin
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceConfigurationPolicyWindows10 0467863a-17e0-455c-af2f-266ac7b07c77
{
displayName = "CONTOSO | W10 | Device Restriction"
description = "Default device restriction settings"
defenderBlockEndUserAccess = $true
defenderRequireRealTimeMonitoring = $true
defenderRequireBehaviorMonitoring = $true
defenderRequireNetworkInspectionSystem = $true
defenderScanDownloads = $true
defenderScanScriptsLoadedInInternetExplorer = $true
defenderSignatureUpdateIntervalInHours = 8
defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly
defenderDaysBeforeDeletingQuarantinedMalware = 3
defenderScanMaxCpu = 2
defenderScanArchiveFiles = $true
defenderScanIncomingMail = $true
defenderScanRemovableDrivesDuringFullScan = $true
defenderScanMappedNetworkDrivesDuringFullScan = $false
defenderScanNetworkFiles = $false
defenderRequireCloudProtection = $true
defenderCloudBlockLevel = 'high'
defenderPromptForSampleSubmission = 'alwaysPrompt'
defenderScheduledQuickScanTime = '13:00:00.0000000'
defenderScanType = 'quick' #quick,full,userDefined
defenderSystemScanSchedule = 'monday' #days of week
defenderScheduledScanTime = '11:00:00.0000000'
defenderDetectedMalwareActions = @("lowSeverity=clean","moderateSeverity=quarantine","highSeverity=remove","severeSeverity=block")
defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]"
defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]"
defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]"
lockScreenAllowTimeoutConfiguration = $true
lockScreenBlockActionCenterNotifications = $true
lockScreenBlockCortana = $true
lockScreenBlockToastNotifications = $false
lockScreenTimeoutInSeconds = 90
passwordBlockSimple = $true
passwordExpirationDays = 6
passwordMinimumLength = 5
passwordMinutesOfInactivityBeforeScreenTimeout = 15
passwordMinimumCharacterSetCount = 1
passwordPreviousPasswordBlockCount = 2
passwordRequired = $true
passwordRequireWhenResumeFromIdleState = $true
passwordRequiredType = "alphanumeric"
passwordSignInFailureCountBeforeFactoryReset = 12
privacyAdvertisingId = "blocked"
privacyAutoAcceptPairingAndConsentPrompts = $true
privacyBlockInputPersonalization = $true
startBlockUnpinningAppsFromTaskbar = $true
startMenuAppListVisibility = "collapse"
startMenuHideChangeAccountSettings = $true
startMenuHideFrequentlyUsedApps = $true
startMenuHideHibernate = $true
startMenuHideLock = $true
startMenuHidePowerButton = $true
startMenuHideRecentJumpLists = $true
startMenuHideRecentlyAddedApps = $true
startMenuHideRestartOptions = $true
startMenuHideShutDown = $true
startMenuHideSignOut = $true
startMenuHideSleep = $true
startMenuHideSwitchAccount = $true
startMenuHideUserTile = $true
startMenuLayoutXml = "+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg=="
startMenuMode = "fullScreen"
startMenuPinnedFolderDocuments = "hide"
startMenuPinnedFolderDownloads = "hide"
startMenuPinnedFolderFileExplorer = "hide"
startMenuPinnedFolderHomeGroup = "hide"
startMenuPinnedFolderMusic = "hide"
startMenuPinnedFolderNetwork = "hide"
startMenuPinnedFolderPersonalFolder = "hide"
startMenuPinnedFolderPictures = "hide"
startMenuPinnedFolderSettings = "hide"
startMenuPinnedFolderVideos = "hide"
settingsBlockSettingsApp = $true
settingsBlockSystemPage = $true
settingsBlockDevicesPage = $true
settingsBlockNetworkInternetPage = $true
settingsBlockPersonalizationPage = $true
settingsBlockAccountsPage = $true
settingsBlockTimeLanguagePage = $true
settingsBlockEaseOfAccessPage = $true
settingsBlockPrivacyPage = $true
settingsBlockUpdateSecurityPage = $true
settingsBlockAppsPage = $true
settingsBlockGamingPage = $true
windowsSpotlightBlockConsumerSpecificFeatures = $true
windowsSpotlightBlocked = $true
windowsSpotlightBlockOnActionCenter = $true
windowsSpotlightBlockTailoredExperiences = $true
windowsSpotlightBlockThirdPartyNotifications = $true
windowsSpotlightBlockWelcomeExperience = $true
windowsSpotlightBlockWindowsTips = $true
windowsSpotlightConfigureOnLockScreen = "disabled"
networkProxyApplySettingsDeviceWide = $true
networkProxyDisableAutoDetect = $true
networkProxyAutomaticConfigurationUrl = "https://example.com/networkProxyAutomaticConfigurationUrl/"
accountsBlockAddingNonMicrosoftAccountEmail = $true
antiTheftModeBlocked = $true
bluetoothBlocked = $true
bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]"
bluetoothBlockAdvertising = $true
bluetoothBlockDiscoverableMode = $true
bluetoothBlockPrePairing = $true
cameraBlocked = $true
connectedDevicesServiceBlocked = $true
certificatesBlockManualRootCertificateInstallation = $true
copyPasteBlocked = $true
cortanaBlocked = $true
deviceManagementBlockFactoryResetOnMobile = $true
deviceManagementBlockManualUnenroll = $true
safeSearchFilter = "strict"
edgeBlockPopups = $true
edgeBlockSearchSuggestions = $true
edgeBlockSendingIntranetTrafficToInternetExplorer = $true
edgeSendIntranetTrafficToInternetExplorer = $true
edgeRequireSmartScreen = $true
edgeFirstRunUrl = "https://contoso.com/"
edgeBlockAccessToAboutFlags = $true
edgeHomepageUrls = "[`"https://microsoft.com`"]"
smartScreenBlockPromptOverride = $true
smartScreenBlockPromptOverrideForFiles = $true
webRtcBlockLocalhostIpAddress = $true
internetSharingBlocked = $true
settingsBlockAddProvisioningPackage = $true
settingsBlockRemoveProvisioningPackage = $true
settingsBlockChangeSystemTime = $true
settingsBlockEditDeviceName = $true
settingsBlockChangeRegion = $true
settingsBlockChangeLanguage = $true
settingsBlockChangePowerSleep = $true
locationServicesBlocked = $true
microsoftAccountBlocked = $true
microsoftAccountBlockSettingsSync = $true
nfcBlocked = $true
resetProtectionModeBlocked = $true
screenCaptureBlocked = $true
storageBlockRemovableStorage = $true
storageRequireMobileDeviceEncryption = $true
usbBlocked = $true
voiceRecordingBlocked = $true
wiFiBlockAutomaticConnectHotspots = $true
wiFiBlocked = $true
wiFiBlockManualConfiguration = $true
wiFiScanInterval = 1
wirelessDisplayBlockProjectionToThisDevice = $true
wirelessDisplayBlockUserInputFromReceiver = $true
wirelessDisplayRequirePinForPairing = $true
windowsStoreBlocked = $true
appsAllowTrustedAppsSideloading = "blocked"
windowsStoreBlockAutoUpdate = $true
developerUnlockSetting = "blocked"
sharedUserAppDataAllowed = $true
appsBlockWindowsStoreOriginatedApps = $true
windowsStoreEnablePrivateStoreOnly = $true
storageRestrictAppDataToSystemVolume = $true
storageRestrictAppInstallToSystemVolume = $true
gameDvrBlocked = $true
edgeSearchEngine = "bing"
#edgeSearchEngine = "https://go.microsoft.com/fwlink/?linkid=842596" #'Google'
experienceBlockDeviceDiscovery = $true
experienceBlockErrorDialogWhenNoSIM = $true
experienceBlockTaskSwitcher = $true
logonBlockFastUserSwitching = $true
tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true
enterpriseCloudPrintDiscoveryEndPoint = "https://cloudprinterdiscovery.contoso.com"
enterpriseCloudPrintDiscoveryMaxLimit = 4
enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "http://mopriadiscoveryservice/cloudprint"
enterpriseCloudPrintOAuthClientIdentifier = "30fbf7e8-321c-40ce-8b9f-160b6b049257"
enterpriseCloudPrintOAuthAuthority = "https:/tenant.contoso.com/adfs"
enterpriseCloudPrintResourceIdentifier = "http://cloudenterpriseprint/cloudPrint"
networkProxyServer = @("address=proxy.contoso.com:8080","exceptions=*.contoso.com`r`n*.internal.local","useForLocalAddresses=false")
Ensure = 'Present'
Credential = $credsGlobalAdmin;
}
}
}
```

5
IntuneDeviceConfigurationPolicyiOS.md

@ -130,10 +130,11 @@
| **VoiceDialingBlocked** | Write | Boolean | N/A ||
| **WallpaperBlockModification** | Write | Boolean | N/A ||
| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceConfigurationPolicyiOS
@ -269,7 +270,7 @@ Configuration Example
VoiceDialingBlocked = $False;
WallpaperBlockModification = $False;
Ensure = 'Present'
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

5
IntuneDeviceEnrollmentLimitRestriction.md

@ -8,10 +8,11 @@
| **Description** | Write | String | Description of the device enrollment limit restriction. ||
| **Limit** | Write | UInt32 | Specifies the maximum number of devices a user can enroll ||
| **Ensure** | Write | String | Present ensures the restriction exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceEnrollmentLimitRestriction
@ -41,7 +42,7 @@ Configuration Example
Description = "My Restriction";
DisplayName = "My DSC Limit";
Ensure = "Present"
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
Limit = 12;
}
}

5
IntuneDeviceEnrollmentPlatformRestriction.md

@ -27,10 +27,11 @@
| **WindowsMobileOSMinimumVersion** | Write | String | N/A ||
| **WindowsMobileOSMaximumVersion** | Write | String | N/A ||
| **Ensure** | Write | String | Present ensures the restriction exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Intune Admin ||
| **Credential** | Write | PSCredential | Credentials of the Intune Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com ||
| **ApplicationSecret** | Write | String | Secret of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
# IntuneDeviceEnrollmentPlatformRestriction
@ -62,7 +63,7 @@ Configuration Example
Description = "";
DisplayName = "My DSC Restriction";
Ensure = "Present"
GlobalAdminAccount = $GlobalAdminAccount;
Credential = $Credential;
iOSOSMaximumVersion = "11.0";
iOSOSMinimumVersion = "9.0";
iOSPersonalDeviceEnrollmentBlocked = $False;

10
O365AdminAuditLogConfig.md

@ -7,7 +7,7 @@
| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' |Yes|
| **Ensure** | Write | String | 'Present' is the only value accepted. |Present|
| **UnifiedAuditLogIngestionEnabled** | Required | String | Determins if Unified Audit Log Ingestion is enabled |Enabled, Disabled|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -33,10 +33,10 @@ IsSingleInstance
- Required: Yes
- Description: Single instance resource, the value must be 'Yes'
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the SharePoint Global Admin
- Description: Credentials of the account to authenticate with
UnifiedAuditLogIngestionEnabled
@ -50,7 +50,7 @@ UnifiedAuditLogIngestionEnabled
IsSingleInstance = 'Yes'
Ensure = 'Present'
UnifiedAuditLogIngestionEnabled = 'Enabled'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
```
@ -78,7 +78,7 @@ Configuration Example
IsSingleInstance = "Yes"
UnifiedAuditLogIngestionEnabled = "Enabled"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
O365Group.md

@ -10,7 +10,7 @@
| **Description** | Write | String | The group's description. ||
| **Members** | Write | StringArray[] | Members of the group. ||
| **Ensure** | Write | String | Present ensures the group exists, absent ensures it is removed. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -48,7 +48,7 @@ Configuration Example
ManagedBy = "TenantAdmin@contoso.onmicrosoft.com"
Members = @("Bob.Houle", "John.Smith")
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

10
O365OrgCustomizationSetting.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' |Yes|
| **Ensure** | Write | String | Since there is only one setting availble, this must be set to 'Present' |Present|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -38,10 +38,10 @@ Ensure
- Description: `Present` is the only value accepted.
Configurations using `Ensure = 'Absent'` will throw an Error!
GlobalAdminAccount
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
- Description: Credentials of the account to authenticate with
## Example
@ -49,7 +49,7 @@ GlobalAdminAccount
O365OrgCustomizationSettting EnableOgranizationCustomization {
IsSingleInstance = 'Yes'
Ensure = 'Present'
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
```
@ -77,7 +77,7 @@ Configuration Example
{
IsSingleInstance = "Yes"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
O365User.md

@ -27,7 +27,7 @@
| **Title** | Write | String | Specifies the title of the user ||
| **UserType** | Write | String | Specifies the title of the user |Guest, Member, Other, Viral|
| **Ensure** | Write | String | Present ensures the user exists, absent ensures it is removed |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -69,7 +69,7 @@ Configuration Example
LicenseAssignment = @("O365dsc1:ENTERPRISEPREMIUM")
UsageLocation = "US"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
ODSettings.md

@ -18,7 +18,7 @@
| **ExcludedFileExtensions** | Write | StringArray[] | Exclude files from being synced to OneDrive ||
| **GrooveBlockOption** | Write | String | Groove block options |OptOut, HardOptIn, SoftOptIn|
| **Ensure** | Write | String | Present ensures the user exists, absent ensures it is removed |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the SharePoint Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the account to authenticate with. ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com ||
| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for certificatePassword ||
@ -67,7 +67,7 @@ Configuration Example
ODSettings OneDriveSettings
{
IsSingleInstance = "Yes"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
OneDriveStorageQuota = "1024"
ExcludedFileExtensions = @("pst")
DomainGuids = "786548dd-877b-4760-a749-6b1efbc1190a"

4
PPPowerAppsEnvironment.md

@ -8,7 +8,7 @@
| **Location** | Required | String | Location of the PowerApps environment. |canada, unitedstates, europe, asia, australia, india, japan, unitedkingdom, unitedstatesfirstrelease, southamerica, france, usgov|
| **EnvironmentSKU** | Required | String | Environment type. |Production, Standard, Trial, Sandbox|
| **Ensure** | Write | String | Only accepted value is 'Present'. |Present, Absent|
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Azure Active Directory Global Admin ||
| **Credential** | Write | PSCredential | Credentials of the Power Platform Admin ||
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com ||
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. ||
@ -41,7 +41,7 @@ Configuration Example
DisplayName = "My Demo Environment"
Ensure = "Present"
EnvironmentSKU = "Production"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
Location = "canada"
}
}

4
PPTenantSettings.md

@ -20,7 +20,7 @@
| **DisableShareWithEveryone** | Write | Boolean | When set to true this will disable the ability to share apps with the whole tenant. ||
| **EnableGuestsToMake** | Write | Boolean | When set to true this will enable the ability for guests in your tenant to create Power Platform resources. ||
| **ShareWithColleaguesUserLimit** | Write | UInt32 | The amount of people an app can be shared with in Dataverse for Teams (maximum is 10,000). ||
| **GlobalAdminAccount** | Write | PSCredential | Credentials of the Power Platform Admin ||
| **Credential** | Write | PSCredential | Credentials of the Power Platform Admin ||
# PPTenantSettings
@ -62,7 +62,7 @@ Configuration Example
DisableShareWithEveryone = $false
EnableGuestsToMake = $false
ShareWithColleaguesUserLimit = 10000
GlobalAdminAccount = $GlobalAdminAccount
Credential = $Credential
}
}
}

2
PlannerTask.md

@ -25,7 +25,7 @@
| **ConversationThreadId** | Write | String | Id of the group conversation thread associated with the comments section for this task. ||
| **Ensure** | Write | String | Present ensures the Plan exists, absent ensures it is removed |Present, Absent|
| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. ||
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Global Admin ||
## Description

8
SCAuditConfigurationPolicy.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **Workload** | Key | String | Workload associated with the policy. |Exchange, SharePoint, OneDriveForBusiness|
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Global Admin ||
# SCAuditConfigurationPolicy
@ -38,21 +38,21 @@ Configuration Example
{
Workload = "Exchange"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
SCAuditConfigurationPolicy OneDriveAuditPolicy
{
Workload = "OneDriveForBusiness"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
SCAuditConfigurationPolicy SharePointAuditPolicy
{
Workload = "SharePoint"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCCaseHoldPolicy.md

@ -12,7 +12,7 @@
| **PublicFolderLocation** | Write | StringArray[] | The PublicFolderLocation parameter specifies that you want to include all public folders in the case hold policy. You use the value All for this parameter. ||
| **SharePointLocation** | Write | StringArray[] | The SharePointLocation parameter specifies the SharePoint Online and OneDrive for Business sites to include. You identify a site by its URL value. ||
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Global Admin ||
# SCCaseHoldPolicy
@ -49,7 +49,7 @@ Configuration Example
Comment = "This is a demo";
Ensure = "Present";
Enabled = $True;
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
}
}
}

4
SCCaseHoldRule.md

@ -10,7 +10,7 @@
| **ContentMatchQuery** | Write | String | The ContentMatchQuery parameter specifies a content search filter. Use this parameter to create a query-based hold so only the content that matches the specified search query is placed on hold. This parameter uses a text search string or a query that's formatted by using the Keyword Query Language (KQL). ||
| **Disabled** | Write | Boolean | The Disabled parameter specifies whether the case hold rule is enabled or disabled. ||
| **Ensure** | Write | String | Present ensures the rule exists, absent ensures it is removed |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Global Admin Account ||
| **Credential** | Required | PSCredential | Credentials of the Global Admin Account ||
# SCCaseHoldRule
@ -46,7 +46,7 @@ Configuration Example
Disabled = $false
ContentMatchQuery = "filename:2016 budget filetype:xlsx"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCComplianceCase.md

@ -8,7 +8,7 @@
| **Description** | Write | String | The description of the case. ||
| **Ensure** | Write | String | Specify if this case should exist or not. |Present, Absent|
| **Status** | Write | String | Status for the case. Can either be 'Active' or 'Closed' |Active, Closed|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Global Admin Account ||
| **Credential** | Required | PSCredential | Credentials of the Global Admin Account ||
# SCComplianceCase
@ -41,7 +41,7 @@ Configuration Example
Description = "MyPolicy"
Status = "Active"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCComplianceSearch.md

@ -18,7 +18,7 @@
| **SharePointLocation** | Write | StringArray[] | The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites. ||
| **SharePointLocationExclusion** | Write | StringArray[] | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value. ||
| **Ensure** | Write | String | Specify if this search should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Global Admin Account ||
| **Credential** | Required | PSCredential | Credentials of the Global Admin Account ||
# SCComplianceSearch
@ -52,7 +52,7 @@ Configuration Example
Name = "Demo Compliance Search";
Ensure = "Present";
Language = "iv";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
AllowNotFoundExchangeLocationsEnabled = $False;
SharePointLocation = @("All");
}

8
SCComplianceSearchAction.md

@ -14,7 +14,7 @@
| **RetryOnError** | Write | Boolean | The RetryOnError switch specifies whether to retry the action on any items that failed without re-running the entire action all over again. ||
| **ActionScope** | Write | String | The ActionScope parameter specifies the items to include when the action is Export. |IndexedItemsOnly, UnindexedItemsOnly, BothIndexedAndUnindexedItems|
| **Ensure** | Write | String | Specify if this action should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCComplianceSearchAction
@ -44,7 +44,7 @@ Configuration Example
SCComplianceSearchAction DemoPurge
{
Action = "Purge";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
PurgeType = "SoftDelete";
IncludeCredential = $True;
Ensure = "Present";
@ -56,7 +56,7 @@ Configuration Example
IncludeSharePointDocumentVersions = $False;
Action = "Export";
SearchName = "Demo Search";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
FileTypeExclusionsForUnindexedItems = $null;
IncludeCredential = $False;
RetryOnError = $False;
@ -69,7 +69,7 @@ Configuration Example
IncludeSharePointDocumentVersions = $False;
Action = "Retention";
SearchName = "Demo Search";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
FileTypeExclusionsForUnindexedItems = $null;
IncludeCredential = $False;
RetryOnError = $False;

4
SCComplianceTag.md

@ -22,7 +22,7 @@
| **RetentionDuration** | Write | String | The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely. ||
| **RetentionAction** | Write | String | The RetentionAction parameter specifies the action for the label. Valid values are: Delete, Keep or KeepAndDelete. |Delete, Keep, KeepAndDelete|
| **RetentionType** | Write | String | The RetentionType parameter specifies whether the retention duration is calculated from the content creation date, tagged date, or last modification date. Valid values are: CreationAgeInDays, EventAgeInDays,ModificationAgeInDays, or TaggedAgeInDays. |CreationAgeInDays, EventAgeInDays, ModificationAgeInDays, TaggedAgeInDays|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCComplianceTag
@ -65,7 +65,7 @@ Configuration Example
FilePlanPropertySubcategory = "DemoSub"
}
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCDLPCompliancePolicy.md

@ -18,7 +18,7 @@
| **TeamsLocation** | Write | StringArray[] | Teams locations to include ||
| **TeamsLocationException** | Write | StringArray[] | Teams locations to exclude. ||
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCDLPCompliancePolicy
@ -53,7 +53,7 @@ Configuration Example
Priority = 1
SharePointLocation = "https://contoso.sharepoint.com/sites/demo"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCDLPComplianceRule.md

@ -41,7 +41,7 @@
| **ReportSeverityLevel** | Write | String | The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. |Low, Medium, High, None|
| **RuleErrorAction** | Write | String | The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. |Ignore, RetryThenBlock|
| **Ensure** | Write | String | Specify if this rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **AnyOfRecipientAddressContainsWords** | Write | StringArray[] | The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses. ||
| **AnyOfRecipientAddressMatchesPatterns** | Write | StringArray[] | The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.. ||
| **RemoveRMSTemplate** | Write | Boolean | The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Office 365 Message Encryption from messages and their attachments. ||
@ -108,7 +108,7 @@ Configuration Example
ExceptIfHasSenderOverride = $False;
ExceptIfProcessingLimitExceeded = $False;
GenerateIncidentReport = @("SiteAdmin");
GlobalAdminAccount = $Credsglobaladmin;
Credential = $Credsglobaladmin;
HasSenderOverride = $False;
IncidentReportContent = @("DocumentLastModifier","Detections","Severity","DetectionDetails","OriginalContent");
Name = "Low volume EU Sensitive content found";

2
SCDeviceConditionalAccessPolicy.md

@ -8,7 +8,7 @@
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **Comment** | Write | String | The Comment parameter specifies an optional comment. ||
| **Enabled** | Write | Boolean | The Enabled parameter specifies whether the policy is enabled. ||
| **GlobalAdminAccount** | Required | PSCredential | Credentials of Security and Compliance Center Admin ||
| **Credential** | Required | PSCredential | Credentials of Security and Compliance Center Admin ||
# SCDeviceConditionalAccessPolicy

2
SCDeviceConfigurationPolicy.md

@ -8,7 +8,7 @@
| **Ensure** | Write | String | Specify if this policy should exist or not. |Present, Absent|
| **Comment** | Write | String | The Comment parameter specifies an optional comment. ||
| **Enabled** | Write | Boolean | The Enabled parameter specifies whether the policy is enabled. ||
| **GlobalAdminAccount** | Required | PSCredential | Credentials of Security and Compliance Center Admin ||
| **Credential** | Required | PSCredential | Credentials of Security and Compliance Center Admin ||
# SCDeviceConfigurationPolicy

4
SCFilePlanPropertyAuthority.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **Name** | Key | String | The Name parameter specifies the unique name of the Authority. ||
| **Ensure** | Write | String | Specify if this authority should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCFilePlanPropertyAuthority
@ -38,7 +38,7 @@ Configuration Example
{
Name = "My Authority"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCFilePlanPropertyCategory.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **Name** | Key | String | The Name parameter specifies the unique name of the category. ||
| **Ensure** | Write | String | Specify if this category should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCFilePlanPropertyCategory
@ -38,7 +38,7 @@ Configuration Example
{
Name = "My Category"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCFilePlanPropertyCitation.md

@ -8,7 +8,7 @@
| **CitationUrl** | Write | String | URL of the citation. ||
| **CitationJurisdiction** | Write | String | Jurisdiction of the citation. ||
| **Ensure** | Write | String | Specify if this citation should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCFilePlanPropertyCitation
@ -42,7 +42,7 @@ Configuration Example
CitationURL = "https://contoso.com"
CitationJurisdiction = "Federal"
Ensure = "Present";
GlobalAdminAccount = $credsGlobalAdmin;
Credential = $credsGlobalAdmin;
}
}
}

4
SCFilePlanPropertyDepartment.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **Name** | Key | String | The Name parameter specifies the unique name of the department. ||
| **Ensure** | Write | String | Specify if this department should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCFilePlanPropertyDepartment
@ -38,7 +38,7 @@ Configuration Example
{
Name = "Demo Department"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCFilePlanPropertyReferenceId.md

@ -6,7 +6,7 @@
| --- | --- | --- | --- | --- |
| **Name** | Key | String | The Name parameter specifies the unique name of the reference id. ||
| **Ensure** | Write | String | Specify if this reference id should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCFilePlanPropertyReferenceId
@ -38,7 +38,7 @@ Configuration Example
{
Name = "My Reference ID"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCFilePlanPropertySubCategory.md

@ -7,7 +7,7 @@
| **Name** | Key | String | The Name parameter specifies the unique name of the sub-category. ||
| **Category** | Required | String | The Category parameter specifies the name of the parent category associated with the sub-category. ||
| **Ensure** | Write | String | Specify if this category should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCFilePlanPropertySubCategory
@ -39,7 +39,7 @@ Configuration Example
Name = "My Sub-Category"
Category = "My Category"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCLabelPolicy.md

@ -25,7 +25,7 @@
| **RemoveModernGroupLocation** | Write | StringArray[] | The RemoveModernGroupLocation parameter specifies the Microsoft 365 Groups to remove from the policy. ||
| **RemoveModernGroupLocationException** | Write | StringArray[] | The RemoveModernGroupLocationException parameter specifies the Microsoft 365 Groups to remove from excluded values when you're using the value All for the ModernGroupLocation parameter. ||
| **RemoveLabels** | Write | StringArray[] | The RemoveLabels parameter specifies the sensitivity labels that are removed from the policy. You can use any value that uniquely identifies the label. ||
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCLabelPolicy
@ -70,7 +70,7 @@ Configuration Example
Value = "Enabled"
}
)
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
Ensure = "Present"
}
}

4
SCRetentionCompliancePolicy.md

@ -25,7 +25,7 @@
| **TeamsChannelLocationException** | Write | StringArray[] | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChannelLocation parameter. You identify the site by its URL value. ||
| **TeamsChatLocation** | Write | StringArray[] | The TeamsChatLocation parameter specifies the Teams Chat to include in the policy. ||
| **TeamsChatLocationException** | Write | StringArray[] | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChatLocation parameter. You identify the site by its URL value. ||
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCRetentionCompliancePolicy
@ -58,7 +58,7 @@ Configuration Example
Comment = "Test Policy"
SharePointLocation = "https://contoso.sharepoint.com/sites/demo"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

4
SCRetentionComplianceRule.md

@ -14,7 +14,7 @@
| **RetentionComplianceAction** | Write | String | The RetentionComplianceAction parameter specifies the retention action for the rule. Valid values are: Delete, Keep and KeepAndDelete. |Delete, Keep, KeepAndDelete|
| **RetentionDuration** | Write | String | The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely. ||
| **RetentionDurationDisplayHint** | Write | String | The RetentionDurationDisplayHint parameter specifies the units that are used to display the retention duration in the Security and Compliance Center. Valid values are: Days, Months or Years. |Days, Months, Years|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCRetentionComplianceRule
@ -48,7 +48,7 @@ Configuration Example
Comment = "This is a Demo Rule"
RetentionComplianceAction = "Keep"
RetentionDuration = "Unlimited"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
Ensure = "Present"
}
}

4
SCRetentionEventType.md

@ -7,7 +7,7 @@
| **Name** | Key | String | The Name parameter specifies the unique name of the retention event type. ||
| **Ensure** | Write | String | Specify if this rule should exist or not. |Present, Absent|
| **Comment** | Write | String | The Comment parameter specifies an optional comment. ||
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCRetentionEventType
@ -39,7 +39,7 @@ Configuration Example
Name = "DemoEventType"
Comment = "Demo event comment"
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

72
SCSensitivityLabel.md

@ -54,7 +54,7 @@
| **SiteAndGroupProtectionBlockAccess** | Write | Boolean | The SiteAndGroupProtectionBlockAccess parameter blocks access. ||
| **SiteAndGroupProtectionEnabled** | Write | Boolean | The SiteAndGroupProtectionEnabled parameter enables or disables the Site and Group Protection action for the labels. ||
| **SiteAndGroupProtectionPrivacy** | Write | String | The SiteAndGroupProtectionPrivacy parameter specifies the privacy level for the label. |Public, Private|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCSensitivityLabel
@ -83,38 +83,38 @@ Configuration Example
{
SCSensitivityLabel DemoRule
{
Name = "DemoLabel"
Comment = "Demo Label comment"
ToolTip = "Demo tool tip"
DisplayName = "Demo Label"
ApplyContentMarkingFooterAlignment = "Center"
ApplyContentMarkingFooterEnabled= $true
ApplyContentMarkingFooterFontColor= "#FF0000"
ApplyContentMarkingFooterFontName= "calibri"
ApplyContentMarkingFooterFontSize=10
ApplyContentMarkingFooterMargin= 5
ApplyContentMarkingFooterText= "Demo footer text"
ApplyContentMarkingHeaderAlignment= "Center"
ApplyContentMarkingHeaderEnabled= $true
ApplyContentMarkingHeaderFontColor= "#FF0000"
ApplyContentMarkingHeaderFontName= "calibri"
ApplyContentMarkingHeaderFontSize= 10
ApplyContentMarkingHeaderMargin= 5
ApplyContentMarkingHeaderText= "demo header text"
ApplyWaterMarkingEnabled= $true
ApplyWaterMarkingFontColor= "#FF0000"
ApplyWaterMarkingFontName= "calibri"
ApplyWaterMarkingFontSize= 10
ApplyWaterMarkingLayout="Diagonal"
ApplyWaterMarkingText= "demo watermark"
SiteAndGroupProtectionAllowAccessToGuestUsers= $true
SiteAndGroupProtectionAllowEmailFromGuestUsers= $true
SiteAndGroupProtectionAllowFullAccess= $true
SiteAndGroupProtectionAllowLimitedAccess= $true
SiteAndGroupProtectionBlockAccess= $true
SiteAndGroupProtectionEnabled= $true
SiteAndGroupProtectionPrivacy= "Private"
LocaleSettings = @(
Name = "DemoLabel"
Comment = "Demo Label comment"
ToolTip = "Demo tool tip"
DisplayName = "Demo Label"
ApplyContentMarkingFooterAlignment = "Center"
ApplyContentMarkingFooterEnabled = $true
ApplyContentMarkingFooterFontColor = "#FF0000"
ApplyContentMarkingFooterFontName = "calibri"
ApplyContentMarkingFooterFontSize = 10
ApplyContentMarkingFooterMargin = 5
ApplyContentMarkingFooterText = "Demo footer text"
ApplyContentMarkingHeaderAlignment = "Center"
ApplyContentMarkingHeaderEnabled = $true
ApplyContentMarkingHeaderFontColor = "#FF0000"
ApplyContentMarkingHeaderFontName = "calibri"
ApplyContentMarkingHeaderFontSize = 10
ApplyContentMarkingHeaderMargin = 5
ApplyContentMarkingHeaderText = "demo header text"
ApplyWaterMarkingEnabled = $true
ApplyWaterMarkingFontColor = "#FF0000"
ApplyWaterMarkingFontName = "calibri"
ApplyWaterMarkingFontSize = 10
ApplyWaterMarkingLayout = "Diagonal"
ApplyWaterMarkingText = "demo watermark"
SiteAndGroupProtectionAllowAccessToGuestUsers = $true
SiteAndGroupProtectionAllowEmailFromGuestUsers = $true
SiteAndGroupProtectionAllowFullAccess = $true
SiteAndGroupProtectionAllowLimitedAccess = $true
SiteAndGroupProtectionBlockAccess = $true
SiteAndGroupProtectionEnabled = $true
SiteAndGroupProtectionPrivacy = "Private"
LocaleSettings = @(
MSFT_SCLabelLocaleSettings
{
LocaleKey = "DisplayName"
@ -160,9 +160,9 @@ Configuration Example
Value = "Enabled"
}
)
ParentId = "Personal"
GlobalAdminAccount = $credsGlobalAdmin
Ensure = "Present"
ParentId = "Personal"
Credential = $credsGlobalAdmin
Ensure = "Present"
}
}
}

4
SCSupervisoryReviewPolicy.md

@ -8,7 +8,7 @@
| **Comment** | Write | String | The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks. ||
| **Reviewers** | Required | StringArray[] | The Reviewers parameter specifies the SMTP addresses of the reviewers for the supervisory review policy. You can specify multiple email addresses separated by commas. ||
| **Ensure** | Write | String | Specify if this rule should exist or not. |Present, Absent|
| **GlobalAdminAccount** | Required | PSCredential | Credentials of the Exchange Global Admin ||
| **Credential** | Required | PSCredential | Credentials of the Exchange Global Admin ||
# SCSupervisoryReviewPolicy
@ -41,7 +41,7 @@ Configuration Example
Comment = "Test Policy"
Reviewers = @("admin@contoso.com")
Ensure = "Present"
GlobalAdminAccount = $credsGlobalAdmin
Credential = $credsGlobalAdmin
}
}
}

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше